Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail

Ethanil · 21.05.2013, 23:29

Hi, wir haben heute eine Email vom Telekom-Abuse Dienst erhalten, in dem deren Sicherheitsexperten "zuverlässige Hinweise" haben, dass auf einem unserer Rechner ein Zeus/ZBot sein Unwesen treiben soll.

Natürlich habe ich das Problem in dem Forum schon gefunden, aber man soll ja sein eigenes Thema aufmachen, da es keine generellen Lösungen gibt =)

Habe die drei Punkte aus dem "Für alle Hilfesuchenden" getätigt, weiter unten stehen die Logs. Ein Problem kann ich leider nicht beschreiben, der Rechner läuft flüssig, es kommen keine dubiosen Meldungen (außer der komische "Web-Player", der ohne Icon, also ein leeres Icon, im System-Tray rumlungert und man weder mit links noch mit rechtsklick ansprechen kann, das schließen per Taskmanager funktioniert allerdings einwandfrei

keine Ahnung warum ich mir den mal runtergeladen habe

)

Ich hoffe ich werde die Hinweise sorgfältig lesen und beantworten ;P
Cracks oder ähnliches sollten auf dem Rechner nicht vorhanden sein, wobei ich zugeben muss, dass ich diese mal verwendet habe, das war aber zu einer anderen Zeit

(neuer Rechner ^^)

zu guter Letzt, die schon getanen Schritte sollten aus den Logs hervorgehen, hab 3-5 Scanner runtergeladen und mit Schnellauf drüberlaufen lassen, haben alle nichts gefunden =/

Grüße und Vielen Dank für die Antworten
Ethanil

OTL:

Code:

ATTFilter

OTL logfile created on: 21.05.2013 23:33:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,85% Memory free
9,99 Gb Paging File | 8,79 Gb Available in Paging File | 87,99% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,15 Gb Free Space | 35,05% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:27:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.05.12 00:34:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.02.02 10:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013.01.18 16:25:32 | 000,026,448 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe
PRC - [2012.11.22 20:44:00 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.05.12 00:34:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.23 14:48:24 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.18 16:25:34 | 000,030,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe -- (Uniblue.MaxiDiskSvc)
SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.21 22:37:15 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.21 08:46:02 | 000,104,184 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.05 07:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)
DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 AB 23 BA 43 48 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\***\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: TV = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Kalender = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Stealthy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0\
CHR - Extension: SmartVideo For YouTube\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9926_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.1_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Exetender_148] "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup File not found
O4 - HKCU..\Run: [Online Weather] C:\Users\***\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EDBDD86-7D55-4D42-A48F-D0758BFB0A3E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.21 23:27:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.21 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.21 22:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.21 22:43:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.21 22:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.21 22:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.21 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.17 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.05.17 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder
[2013.05.12 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium
[2013.05.12 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PunkBuster
[2013.05.12 00:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.11 00:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\raidcall
[2013.05.11 00:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.05.10 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2013.05.10 01:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.05.10 01:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.05.10 01:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.04.29 06:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.27 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TERA
[2013.04.24 20:06:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.04.24 20:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.04.24 20:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.04.24 20:06:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi
[2013.04.23 16:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2013.04.23 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 23:27:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 23:27:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.21 23:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 22:59:50 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 22:59:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.21 22:59:17 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013.05.21 22:58:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.21 22:58:22 | 3433,918,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 22:43:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:41:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 22:37:15 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.21 22:37:06 | 000,304,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.17 21:52:43 | 000,001,027 | ---- | M] () -- C:\Users***\Desktop\SciLor's grooveshark(tm).com Downloader.lnk
[2013.05.17 21:52:43 | 000,001,020 | ---- | M] () -- C:\Users***\Desktop\Sandboxed Web Browser.lnk
[2013.05.17 17:33:30 | 009,784,854 | ---- | M] () -- C:\Users***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | M] () -- C:\Users***\Desktop\mdl2.jpg
[2013.05.17 15:34:38 | 000,070,422 | ---- | M] () -- C:\Users***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | M] () -- C:\Users***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:24 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:01:45 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 20:07:26 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.11 20:07:26 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.11 20:07:26 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.11 20:07:26 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.11 20:07:26 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 00:45:38 | 000,001,011 | ---- | M] () -- C:\Users***\Desktop\RaidCall.lnk
[2013.04.28 01:14:18 | 000,001,235 | ---- | M] () -- C:\Users***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.21 23:27:15 | 000,000,000 | ---- | C] () -- C:\Users***\defogger_reenable
[2013.05.21 22:43:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:36:55 | 000,304,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.21 22:24:22 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.17 21:11:07 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.17 17:33:20 | 009,784,854 | ---- | C] () -- C:\Users***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | C] () -- C:\Users***\Desktop\mdl2.jpg
[2013.05.17 15:34:37 | 000,070,422 | ---- | C] () -- C:\Users***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | C] () -- C:\Users***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:44 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:07:20 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:07:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:07:16 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 00:45:38 | 000,001,011 | ---- | C] () -- C:\Users***\Desktop\RaidCall.lnk
[2013.05.06 20:52:15 | 000,132,623 | ---- | C] () -- C:\Probeprüfungen.PDF
[2013.04.28 01:14:18 | 000,001,235 | ---- | C] () -- C:\Users***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013.04.13 12:11:01 | 000,004,514 | ---- | C] () -- C:\Users***\AppData\Local\recently-used.xbel
[2013.03.29 00:59:32 | 000,001,532 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.24 23:16:41 | 000,609,772 | ---- | C] () -- C:\Users***\Fil.pdf
[2013.03.24 23:16:41 | 000,581,797 | ---- | C] () -- C:\Users***\Lemak.pdf
[2013.03.03 16:12:58 | 000,005,444 | ---- | C] () -- C:\Users***\.prolog_console_history
[2013.02.03 07:03:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.31 20:06:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.31 20:06:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.29 16:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.27 18:53:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.01.27 18:53:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.01.27 18:53:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2013.02.02 23:33:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.19 19:28:20 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\.minecraft
[2013.02.27 22:19:02 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Carbon
[2013.02.28 19:53:36 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions
[2013.03.09 23:20:16 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Dwarfs
[2013.03.03 02:27:52 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Fatshark
[2013.03.27 03:28:45 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\fltk.org
[2013.05.21 23:31:26 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\foobar2000
[2013.03.14 22:17:06 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Foxit Software
[2013.03.24 02:42:37 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Freeplane
[2013.01.29 22:18:35 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\ftblauncher
[2013.01.29 22:30:34 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\LolClient
[2013.04.09 18:24:35 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Notepad++
[2013.01.31 20:01:48 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\OpenOffice.org
[2013.05.11 00:46:07 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\raidcall
[2013.01.29 17:16:00 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\SWI-Prolog
[2013.04.27 12:32:35 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\TERA
[2013.02.05 00:05:40 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Trillian
[2013.05.20 00:20:03 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\TS3Client
[2013.03.09 17:02:05 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Ubisoft
[2013.03.12 21:26:43 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 21.05.2013 23:33:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,85% Memory free
9,99 Gb Paging File | 8,79 Gb Available in Paging File | 87,99% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,15 Gb Free Space | 35,05% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030DE039-291F-4911-903C-EBA3210B50C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{077A6DD7-7286-4EB2-8A67-92FB70A4DF0A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15ACFE88-B5DC-4927-8F4D-34FB9A0E6969}" = lport=137 | protocol=17 | dir=in | app=system | 
"{18F23D46-6351-4AB0-B9B4-044CBB4B5D65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23E675CE-049C-432F-8A17-D44B0138612D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5922F5EA-38CE-467B-A6BB-52C0A912627C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D08C594-1BD8-4C8B-A3D9-64EF04F286B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DBAA488-19FA-4507-B5EA-11CB62C2F358}" = rport=445 | protocol=6 | dir=out | app=system | 
"{622D81DB-1CAA-4707-A8AE-780D075EAC91}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{639EFE58-4023-479E-9A09-4590A909A75F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{650B48E0-693E-4C61-9ABD-89C884DDB950}" = rport=137 | protocol=17 | dir=out | app=system | 
"{695BCD6C-358E-45E1-AB86-3D4F78BCABB8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{725D272A-DFF7-4479-A715-33007951B034}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5B06BBA-9215-45D0-A63D-BBCAB8747718}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8929CBF-100F-44A3-8C82-3DDD558743FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6CB2C8D-D3C8-42D6-8C8E-4D62AEB88962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8B40E0C-4F76-431D-8419-CFD5B9266C47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CBAEB5B8-CC51-4127-BD9C-751F48A89BB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD1E2064-E638-4A0C-8775-5208EFB445E9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2398BE9-C364-4ACC-907A-E2D04618F301}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5A66B18-FE57-4789-9F9B-E2D17892E502}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6F3C3-5D5F-4592-A4D8-F657B79090AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{00CB0EAF-ED75-4825-B22B-9CCC342C1EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{0119D483-E0F9-4FE7-AFCF-2DA3B2656101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{015BDE77-9C8D-4076-BFF3-834D8A65BBE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{021658C6-BFC4-429E-86AA-E1F10A64BBC8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{03422241-0091-442C-B923-7A7501997714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{0381A856-DBB5-499D-947C-5B03CCFDDD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{03857195-B502-45A0-A91F-952F6525A434}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{04ECC309-61F7-425D-BCFA-846FF03C38D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{05D7589E-F924-40C1-ADE0-69BFA209265C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{09A11ED2-E7A8-423E-AC20-00940B89103E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{0AB05247-E8FE-4CA0-88F9-830B4B31FB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{0AC7288F-DF12-4E28-9EE5-1542C1ADC1A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{0B78485A-3B5E-4F80-8541-9A99BBC57501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{0BA2EB68-3E8A-44FE-A866-DC47DE905648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{0BC5294F-77FA-4EE6-836B-DF09AF6F45D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{0C12BB13-B99E-4C32-AC66-75EB3E4397DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C1504D9-130B-416A-83CC-2AE1D463145C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE1E0DA-E77D-44D6-BAAC-5B1DDDFAEBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{10E811B3-DEC0-4553-9348-65BBE1640748}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{1129F389-B41E-40E7-B25B-B0837DF010A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{123F0D5E-ABF8-4407-AB2E-526719F2F63C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{12EA61BC-B396-46EF-B7E0-4E31A5ACE933}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{149F21F8-B68F-4ED7-87BE-757A13E3F4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{17C964DB-3637-4421-B040-FC5E09A76C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{195F1D02-37E6-4369-952B-99FC8C37E5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{1CE19A9B-AF80-45E7-B738-443763970783}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1F21D5A8-6EBD-4AE0-9BEF-19C0C91A507E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{204EDB5A-C5CF-4E16-9473-4D9BE15E45C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{217D3E1A-BCCF-49F4-BB08-0046377609F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{21FAF734-7661-4DC6-9799-627D55878C84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{22E36769-636E-4CCD-869A-50CFC56F1E02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{238223A4-E3D3-42A2-B6A0-214B2B0CB19D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{241A2AE4-9903-4E1E-AB7C-F48454F10FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{2512A40B-5A8A-4341-9F7F-8363E90FAAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{291464B4-79E4-454A-BB91-9D777C74D402}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{2921AAE0-4CFA-407E-BB45-93C0F156D371}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{29CB9C73-4284-4298-BC98-BC08AA078839}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{2C1CF26A-44DC-4C7C-B0E1-2E095BE4E5CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C8FD086-3112-427D-9749-DB079FF7B64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{2DB85094-29F5-4FB2-95B8-B5318783903E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{2DE42095-F3A4-47E5-8BDE-07D5E1BB1CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{2E6274FB-5D5C-4514-8B62-7CD52369AFF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{2F47B232-C0FC-4F46-AAEC-96AE6E700A02}" = protocol=6 | dir=out | app=system | 
"{2F6F7432-311A-4C77-A26A-73D09C3CB903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{3047EB3B-58A3-430F-9D51-852705BBE1BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{322097CA-FD8A-4B8A-BF3A-4ACFF0A526DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{3291D7FD-3008-4021-8CC2-A90F64FC880D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{354AD701-6B0B-4BD8-A219-C2D89D15C185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{381774E5-9234-4853-8444-3571B4FEF4DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{3CFBE06D-FDD0-4104-9C36-6E17DFBD9F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{3D0D6175-0D08-4EC3-927C-6F7DE0C40049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{3E204284-1C3B-4020-BC5A-71376EF85DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{3EC767F2-53DA-42F2-8DDD-28C806290837}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3EDFC091-8713-4A6C-B21F-015B72CB8360}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3FE0CFBD-A36B-45B2-BF44-573668FDCF84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4163DEED-647A-46C2-AF00-24B9CE8E34A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{416CA105-B6E3-4366-AFA7-1DE485EA6B10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{44EC039D-C432-485C-8E89-BA4ECAAF4CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{46D2402F-E003-45C7-9CCA-35BF428D8229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{483F6B9C-C064-433D-A0FF-911569C8722E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{4979904D-5559-41CF-9C3C-67FAD420BE43}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4A53497B-1B25-4688-A81E-AF36A14FB428}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{4BC0733C-C718-4189-A3E4-8C7B6D7E8C77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{4DE6A156-16B7-4486-A848-A62EB874D06B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{4ED55D69-EAD1-4615-91D0-2DDD0347E0DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{4F027637-1B54-412F-B487-C08774E1090E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{4F347490-1BB1-48C8-8C42-81BCC73370F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{501EA033-C46B-4FB4-B1E6-D0338AAF6FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{50762242-49AF-4149-BFD3-290C851CDB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{50FD1AE6-5516-40C1-BAB2-B4641F200844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{5110E520-FB6A-48EC-B339-97FC624BF174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{514737AF-7CBF-4A6F-B32B-53A6D31E2294}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{51489347-620D-413C-B2AC-FB5319BD5B88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{521375CA-A53E-4726-8722-1E7D1219098E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{53938F51-BAD5-4B7B-9955-E185392070EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{548A492A-439A-4EC6-A2B9-2828959AC28B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{54E1A330-0296-4D1D-B177-1D675803CEAD}" = protocol=17 | dir=in | app=c:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{56C65758-FD81-423F-9449-3997CCDF1ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{59D59AC0-7A85-4C11-B522-AF03A97C6DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5A240E37-5A9B-4E5B-BB2D-45925BA9C66B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{5A7A9564-F860-43CA-8FA0-09E91D76059E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5DA49107-F401-470E-9F72-74FBD96269B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{5E923814-8A02-49AD-9EF2-874A35BE4844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{5EE4C46C-A80D-4117-A93A-18302F7DA7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{614B8265-677F-448D-9E5E-962B4DEADE06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{6313D2AC-49AD-4DA9-88E4-F47707FB0F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{63526DF7-ECD0-48CB-8EDD-86AC8A1EB331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{63D28A66-4157-4F75-8FB1-15A698D2B19B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6BE9DC98-1745-4549-9D94-80451117C17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{6C215412-BBCC-490E-AE47-EBED3EA50394}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C2D4517-E78A-4EF1-A6A9-463C8CC0D152}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{6C94CD1A-3477-49A6-8F5A-D9740D901888}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{6D25FB67-DC63-4BF0-926C-411A399EC3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{6ECEEA95-8C4C-407C-8068-0E01F8596956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{7285C984-4AB6-4C8D-83DE-AA57BAAE2540}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{759CED39-6B8B-48B9-9B57-0D8FAE9BD43B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{76A5CE02-7680-44D7-9667-C91693B91EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{78645FCB-CF39-439C-BE7B-48D1D298AFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{7AED8428-37D7-4B55-9CE2-96DB4E5CA0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{7B0EF11E-446E-48DB-BAC2-F55EC0DABC64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C2B26C3-B73D-41C8-9725-093375E1C00F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{7D3B83DB-6DE3-40A2-B44E-9FCBA9926697}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{7FE36847-95DB-4A35-95AB-6B5BC5D07974}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{807C8A48-C0DD-4D45-AFA0-D5D76FAC9169}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8233DCBC-B971-4484-BCF3-1EC90A6D0C35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{824EA552-51E6-4C12-B01A-7B1E01D8D8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{8251F26E-11BA-4E37-B01C-CDB1569F9BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{830F0FEA-1BCF-406E-BB3E-C5D5C68EA2F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{84D5A8D8-6C36-4FF7-98F4-639F0636ABA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{85C20383-1BEF-4175-87AA-539E65FE27BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{873AEA4F-D6D4-45F1-A85C-084599236B65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{8742A7E1-6B76-4FA6-8731-578FF67F635A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{87C75011-0748-40C4-AAC5-CBB3336E6FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{883C5D06-3018-49AE-99F0-E8D084A3A06E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{891B9891-5B47-4C06-A390-267B606B0B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{895F13D1-0911-4836-9AF4-5B06A64F99A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{89B954E3-AD13-42F1-9CC0-39C6CDD3006F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{8ACC1E38-E8B7-4B94-BBB6-6A71E92D3B81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{8ADA0186-E0B4-4198-887F-A7A2FF9376FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8B2E988A-26F1-43A0-9102-2A955C8EE51E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8EC105F0-4D3F-4E24-9892-C096D7870DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8FD7EDA3-A797-4255-92A2-D23D0A1E7B9F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9021A217-5C58-43E2-92AF-7282ADE96D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{91A13D59-9EE8-4848-B131-E907E4C513E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{93D67CB1-E82C-49F4-922A-CB93434AF55F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93E5ED86-5FC4-4F4D-95EA-308FC9122DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{945AE1C3-8A01-45A4-B60F-AD7F7D177FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{94894C3A-F1BB-4BF5-9FC7-96031A69EE41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{97D8B6BA-F5DD-4888-917E-3E1980021719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{98A894DA-8A07-456B-930F-7552AD98CDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{9AD40217-701B-4D30-B3FE-C8BD8F05D5B3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{9BD128E0-65C1-4FEA-91F1-55069D424F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{9C765FD4-2E85-48F2-BB12-2EADFF3A66F6}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C85EBDA-9A5F-4269-985B-2E6482404D1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{9DBC2A36-8051-402B-AB1C-DDD30CCCC528}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{9DCE65E3-AC68-4D4B-A15C-34BFDD3FBA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{9DF46A4D-06B8-49D0-A1D7-8F637D206DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{A02DBBFE-EA57-4DBC-BA4A-C5DCCCE1F731}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A099B61D-A1CC-4987-AB65-6A4A46EF6034}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A0AAEBC8-3F6B-48D2-9508-68B8E4D5589D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{A40EF0D7-9F93-418A-8010-ED69FF3B8242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{A43781E5-6A2A-406E-A288-7B96D58B8CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{A5FECC44-1498-4A13-8C60-3F864ED3879E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{A6629400-2CF2-42D1-ABAF-8E91EF1396B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{A825661B-5684-4273-9F5E-7E95FE2EDD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{A89398BE-8619-4A98-BAC6-F1CFA7498A54}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AB5F6420-25DA-4562-8CCF-6D6A26633B6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{AC55B685-03D8-4B5D-96B3-12A14D2DA80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{ACA33D29-7F2C-48E3-95CE-4F841A1F3A74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{AD01EB2F-BA52-4066-9C97-A40EAB0840C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{AD788440-AC87-478F-925D-635D8911979F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{AD8854F8-AB84-4FB2-9512-1BE733A5B190}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{AE030391-3B01-4E2F-AB94-1FAE94D1DEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{B1ACBCF5-E71B-45DF-91D6-4CBE25F5788D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{B1CF0F4C-5D89-4E7E-A25B-F755163EE597}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B32C0B51-AF9C-4171-A70E-D159689EFA45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3492401-C777-48A5-875F-B6AACB2E4263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{B50FBD68-13AF-4738-A153-BCC282ED9382}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{B5618049-5203-4817-A9F0-5DF1CE98CBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{B6696433-02FE-4525-8DBD-093AC1E8B269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{B76F9DAE-DC23-42B2-84D6-4C535473F97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{BA3CB8F6-D8D3-4DA7-89B9-29E7646B2BBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{BA6F34A4-D11E-46AA-8999-D08963B5F534}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{BB15458B-270C-4A9B-A034-63DF61C185EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{BB5AE134-C6AC-4301-A1FB-D8D051E5CFC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{BBEFC994-2841-4255-A617-BF6EDF553756}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{BCC23A6D-8FF6-46A0-A913-844E8D27729E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{BD7A7ABE-8053-4FB4-9034-8065A56C3F98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{BDBB54CF-9BA1-431F-A890-57291EDE96B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{BF3E1588-3987-4D4A-81D2-105C4D8BE928}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{BF4BAA04-2270-429C-8D88-9E96C55AEE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C01126E0-D014-470F-AB57-E49491A1048E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{C0E369D6-0B60-4181-8CCF-731DD64DF58D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{C116234F-AF8C-4A3E-BE20-241D507E121D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{C1352AF5-A79A-4AD3-A738-8B0F38D990C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{C19B2F89-1B9F-40D0-B111-828F7FAA4999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{C29DBB19-A68E-41B4-BE04-CB0CAF310339}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{C32A81A5-C0F0-4A9D-ABA0-4DE1979AFD68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C3BAE191-1B73-4603-91D0-80FDA11ED53B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C40FB18B-EF35-422B-9E57-1BF0AD42CC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{C43E68CF-B230-4F15-9BAD-3E7BB435A4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C47940A6-0FA7-4BCF-8C42-FC5D34B22A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{C4C056EA-41F6-4D12-AB26-70B9801B5258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{C5A1D004-8FDF-4735-9949-398C4AB514D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{C5F6868A-CB22-49B8-A218-690D9C1F2816}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C649E1AD-F030-438F-ACD3-CF563F85B73E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{C7296419-B8C3-414B-AF24-F194161743BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{C8485611-C72E-4CC2-8B75-51D5F43FD539}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{C85ACC3D-08FA-4A71-9604-1A5CC4314C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{C88DA139-ADC4-4D82-B634-8737EF24ADD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FD4908-E14C-4296-A52F-6D02E3E2D37E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{CA362FA1-C85D-4927-B827-BB1654F5EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{CAE6A77E-A0B5-4DF8-B5CC-77A330E7F978}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{CB848A52-5EFC-4278-B063-9C3F8BC32FF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{CD974D10-11BE-4326-81A0-AB8FCDE58D6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{CE91B9CA-C795-44B6-BDA8-D6258BEC32BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{D12EB5BD-AE92-438E-A2A4-5E8C4269AFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D1EE4449-7F0B-4028-A2DE-E4DC4ED91B06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{D32ED3AA-0824-4F85-8168-C61367877D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{D365CF95-568B-4563-A838-6033D6AAC4B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D5BB726F-2175-42B6-9921-754E749A7BED}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D63DEAEB-4CF3-4F9B-A70B-BE571894DB2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D698CFB8-3624-45D6-BF4D-CBC9E917C350}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{D749BEA0-AFCE-411F-8F26-2CB1799075E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D7BE538F-844E-412D-8AE2-2D459E2D1670}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D8254036-25B8-4F92-95AA-586759F6C488}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{D93ED920-1469-421C-98DB-3865E978D5C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D9E984F5-AB7E-4EBB-8B9E-E8AF89964906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{DA6ECFA6-AFA1-44AB-BD2F-0A81C96A1CB6}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{DC314223-0A28-4E62-A66C-DD7F377EA479}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{DCEBDC65-F076-4DDD-A70F-C25A2F0337AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{DE5A8B8D-1367-40CA-BE12-64E6D6CEBCCA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{DEC442C1-0753-4FDA-A7FC-6877F0F6C654}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{E09304D3-0FAB-496C-BB17-4ADDB107CBEA}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{E0DA97FA-2B72-4033-B350-1F0CD8EC039E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{E509CE4E-FEB8-4812-AC0C-C9BFEC8735F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E59BCEC3-5BB1-47A1-A631-1FF7295479DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{E64721DD-4B07-49D9-9CB4-D30897BF0622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8FC40A4-886F-4741-BEB0-527A653D4CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{E915E54C-72D9-4E77-8F03-EC03D2A0D502}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{E94431A2-BF36-47DB-AF99-D5DE983BC1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{EC7F2695-8870-4BAE-81CA-0BB3AAB182DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{ECA139EF-67B5-42E0-B749-06E1E971EAF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{ED68315B-5E8B-4A74-8256-DFF6092D2B82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{F1F657E2-5A86-410E-95C5-4BCB86D20A89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{F32A405E-CD37-43FA-B8F2-FFABDC647BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{F4287F1C-A50C-4D49-90BD-EE2F95856070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F5DE0A25-0435-4E91-8748-E8D8166242B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{F5FB94E3-E3F3-4242-9DCF-48DCA21EDEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{F5FCABD1-0FAC-4484-BCEC-584E548CD0B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{F636C8FD-6445-40A2-8D40-89CA4ACDF7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{F7460FE7-0E8A-41D1-8D19-E2F912101D84}" = protocol=6 | dir=in | app=c:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{F7EA8D92-7880-48E7-8781-D081F9DCC9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{FA46D5FA-1000-4E66-B212-905F9D51D186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{FADEFD79-F63F-4DC5-8C08-99118CF28A69}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{FBFA6CB2-47D6-42BE-850F-9EE5BD9BFB02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{FC425A59-D983-419C-BF46-ABF4996F1444}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD2B6429-D763-4F81-825A-EF3F21ECB805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD8B206A-29AE-427A-B47E-4629811869E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{FF0C77F4-783E-4BCB-9DB5-A502FC9E488D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{FF154D5E-A1B9-4774-B01B-53F793160F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"TCP Query User{026364E4-7006-4E66-9631-686B3D4C8A20}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1CB9480E-C55B-425E-9BC2-1966705C47FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2C55C218-DD30-4D9B-9A21-13A88536E6FE}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{394986A9-0BE6-4B39-BB25-A43824DE6082}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{46F9DA95-9B0C-46E8-A2E3-A76EBB9F4D91}C:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{5961AACF-FF95-45EE-B080-2924AFD05EA0}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{6A65D3E4-637C-4AE8-BFCB-7F05B1649BEE}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"TCP Query User{6BDA9C38-7721-45D7-B038-4B0834DB6DFF}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"TCP Query User{6E552EAB-0183-4234-AA17-62B858991CCF}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{8140D65A-269C-42ED-8338-8670D8695FD0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{A3224889-6C1C-4FCE-B441-B1195F9A22C9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{F85448DF-3945-417F-82B5-2892D42E137D}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{0EEA1BB7-0F16-4420-A4CC-7F253483A71F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{57DC5C36-4E4B-4358-8EC9-1FBCDD86B489}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{71150DDA-C985-426E-BF75-11E6BE7E4B61}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{73E2A1B9-66A9-40D1-85F9-FE8CC7429985}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{747FF1B6-280A-447E-B41E-75A783CCFB81}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{992CABD0-3394-4A16-8F55-7CCC795A43EF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9D5C915C-34ED-4C87-A4DE-64B8D4EB4B1C}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{A7D5ADC4-53AA-49C1-AD40-AF28F18EAACC}C:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\ruben\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{B4284386-1581-40BF-B464-37C8F46A712E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{D53C273C-FE8E-4383-9420-E5087879DDE2}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"UDP Query User{ECB8C36A-B2BA-4648-9ECD-44F9CFFE6B84}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"UDP Query User{FB727FC6-B65F-4E52-BBF3-38C2423303FF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"GIMP-2_is1" = GIMP 2.8.4
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SWI-Prolog" = SWI-Prolog (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C1130F5-F955-4319-BFF6-AFE4A42BC3A8}_is1" = MaxiDisk
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"foobar2000" = foobar2000 v1.2.2
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Steam App 105600" = Terraria
"Steam App 111600" = Serious Sam Double D
"Steam App 12900" = Audiosurf
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 17080" = Tribes: Ascend
"Steam App 17410" = Mirror's Edge
"Steam App 19980" = Prince of Persia
"Steam App 201210" = PoxNora
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202170" = Sleeping Dogs™
"Steam App 203140" = Hitman: Absolution
"Steam App 204260" = Trine 2 Demo
"Steam App 204340" = Serious Sam 2
"Steam App 204360" = Castle Crashers
"Steam App 206500" = AirMech
"Steam App 207230" = Archeblade
"Steam App 209870" = Blacklight: Retribution
"Steam App 211180" = Unmechanical
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214560" = Mark of the Ninja
"Steam App 218110" = Din's Curse Demo
"Steam App 219340" = The Banner Saga: Factions
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 221790" = Renaissance Heroes
"Steam App 224500" = Gnomoria
"Steam App 224640" = Krater Demo
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 35720" = Trine 2
"Steam App 400" = Portal
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 65800" = Dungeon Defenders
"Steam App 8980" = Borderlands
"Steam App 99870" = Bulletstorm Demo
"SWI-Prolog" = SWI-Prolog (remove only)
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2013 18:33:18 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.6.0.389,
 Zeitstempel: 0x517af769  Name des fehlerhaften Moduls: League of Legends.exe, Version:
 3.6.0.389, Zeitstempel: 0x517af769  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00014602
ID
 des fehlerhaften Prozesses: 0x4c  Startzeit der fehlerhaften Anwendung: 0x01ce4dc8fb330f34
Pfad
 der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe  Berichtskennung: 9c1f2f04-b9c1-11e2-be79-1c6f6581e666  Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 10.05.2013 18:33:21 | Computer Name =*** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.6.0.389,
 Zeitstempel: 0x517af769  Name des fehlerhaften Moduls: rads.dll, Version: 0.0.0.0,
 Zeitstempel: 0x510195ce  Ausnahmecode: 0xc00001a5  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x4c  Startzeit der fehlerhaften Anwendung: 0x01ce4dc8fb330f34  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\rads.dll
Berichtskennung:
 9e27e139-b9c1-11e2-be79-1c6f6581e666  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 10.05.2013 18:33:27 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.6.0.389,
 Zeitstempel: 0x517af769  Name des fehlerhaften Moduls: League of Legends.exe, Version:
 3.6.0.389, Zeitstempel: 0x517af769  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00014602
ID
 des fehlerhaften Prozesses: 0x4c  Startzeit der fehlerhaften Anwendung: 0x01ce4dc8fb330f34
Pfad
 der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe  Berichtskennung: a1a516de-b9c1-11e2-be79-1c6f6581e666  Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 12.05.2013 13:03:07 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9d8    Startzeit: 01ce4f32859237bb    Endzeit: 18    Anwendungspfad: 
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe    Berichts-ID: c7b93514-bb25-11e2-be79-1c6f6581e666    Vollständiger Name
 des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
   
 
Error - 13.05.2013 07:00:36 | Computer Name = ***| Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d)
 festgestellt.
 
Error - 13.05.2013 08:25:27 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.2.9498.500,
 Zeitstempel: 0x4bf4c207  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108b02  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00010137  ID des fehlerhaften
 Prozesses: 0xb30  Startzeit der fehlerhaften Anwendung: 0x01ce4fd0ee38a9b7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll  Berichtskennung: 30f5ac35-bbc8-11e2-be79-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 13.05.2013 18:53:19 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1c70    Startzeit: 01ce502ca4a7697e    Endzeit: 67    Anwendungspfad:
 C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe    Berichts-ID: e3cf8ced-bc1f-11e2-be79-1c6f6581e666    Vollständiger Name
 des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
   
 
Error - 17.05.2013 08:30:19 | Computer Name = ***| Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d)
 festgestellt.
 
Error - 17.05.2013 15:21:36 | Computer Name = ***| Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 17.05.2013 16:34:22 | Computer Name = ***| Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
[ System Events ]
Error - 19.05.2013 17:09:33 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 19.05.2013 17:34:41 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 19.05.2013 17:34:41 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 19.05.2013 18:19:36 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 19.05.2013 18:19:36 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 20.05.2013 00:31:26 | Computer Name = ***| Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:36:32 | Computer Name = ***| Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:37:53 | Computer Name = ***| Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit dem folgenden
 dienstspezifischen Fehler beendet:   %%0
 
Error - 21.05.2013 16:58:17 | Computer Name = ***| Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 17:30:38 | Computer Name = ***| Source = Service Control Manager | ID = 7034
Description = Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >

GMER:

Code:

ATTFilter

zu lang :P ist der log nötig, wenn ja hänge ich ihn an

EDIT: Den Webplayer hab ich wegbekommen^^ hatte mich nie mit beschäftigt, hab mir einfach mal mit autoruns die Startenden programme angeschaut und das Verzeichnis gefunden

cosinus · 22.05.2013, 09:50

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Ethanil · 22.05.2013, 15:31

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:27 on 21/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.21.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
***:: ***[administrator]

21.05.2013 23:15:14
mbar-log-2013-05-21 (23-15-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26812
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.21.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
***:: ***[Administrator]

21.05.2013 23:01:29
mbam-log-2013-05-21 (23-01-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211442
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.21.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
***:: ***[Administrator]

21.05.2013 22:44:23
mbam-log-2013-05-21 (22-44-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211522
Laufzeit: 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ich hab noch diesen ominösen HitmanPro drüberlaufen lassen, von dem finde ich aber keinen Log D:

Ich hoffe das ist das, was du haben wolltest :3

cosinus · 22.05.2013, 15:34

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Ethanil · 22.05.2013, 16:01

GMer hatte ich schon drüberlaufen lassen hätte es halt als Archiv anhängen müssen =)

Ist getan

aswMBR stürzt immer ab (Quickscan auswählen, oder?)

Ethanil · 22.05.2013, 18:45

uhm ich sollte ganz lesen, was du schreibst =)

auch auf "none" stürzt das programm ab, evt weil ich windows8 verwende?

cosinus · 22.05.2013, 20:23

Ja das kann sein, ich meine aswMBR lief noch nicht (immer zuverlässig?) auf Win8

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Ethanil · 23.05.2013, 01:43

Code:

ATTFilter

02:40:02.0442 6652  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:40:02.0758 6652  ============================================================
02:40:02.0758 6652  Current date / time: 2013/05/23 02:40:02.0758
02:40:02.0758 6652  SystemInfo:
02:40:02.0758 6652  
02:40:02.0758 6652  OS Version: 6.2.9200 ServicePack: 0.0
02:40:02.0758 6652  Product type: Workstation
02:40:02.0758 6652  ComputerName: ***
02:40:02.0758 6652  UserName: ***
02:40:02.0758 6652  Windows directory: C:\Windows
02:40:02.0758 6652  System windows directory: C:\Windows
02:40:02.0758 6652  Running under WOW64
02:40:02.0758 6652  Processor architecture: Intel x64
02:40:02.0758 6652  Number of processors: 4
02:40:02.0758 6652  Page size: 0x1000
02:40:02.0758 6652  Boot type: Normal boot
02:40:02.0758 6652  ============================================================
02:40:03.0400 6652  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
02:40:03.0403 6652  Drive \Device\Harddisk1\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:40:20.0410 6652  ============================================================
02:40:20.0410 6652  \Device\Harddisk0\DR0:
02:40:20.0410 6652  MBR partitions:
02:40:20.0410 6652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D090791
02:40:20.0427 6652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D09080F, BlocksNum 0x376712F1
02:40:20.0428 6652  \Device\Harddisk1\DR2:
02:40:20.0428 6652  MBR partitions:
02:40:20.0428 6652  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
02:40:20.0428 6652  ============================================================
02:40:20.0447 6652  C: <-> \Device\Harddisk0\DR0\Partition1
02:40:20.0472 6652  D: <-> \Device\Harddisk0\DR0\Partition2
02:40:20.0493 6652  H: <-> \Device\Harddisk1\DR2\Partition1
02:40:20.0493 6652  ============================================================
02:40:20.0493 6652  Initialize success
02:40:20.0493 6652  ============================================================
02:40:48.0007 6756  ============================================================
02:40:48.0007 6756  Scan started
02:40:48.0007 6756  Mode: Manual; SigCheck; TDLFS; 
02:40:48.0007 6756  ============================================================
02:40:48.0693 6756  ================ Scan system memory ========================
02:40:48.0693 6756  System memory - ok
02:40:48.0693 6756  ================ Scan services =============================
02:40:48.0818 6756  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
02:40:48.0990 6756  1394ohci - ok
02:40:49.0005 6756  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
02:40:49.0021 6756  3ware - ok
02:40:49.0036 6756  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
02:40:49.0068 6756  ACPI - ok
02:40:49.0068 6756  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
02:40:49.0083 6756  acpiex - ok
02:40:49.0099 6756  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
02:40:49.0130 6756  acpipagr - ok
02:40:49.0130 6756  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
02:40:49.0177 6756  AcpiPmi - ok
02:40:49.0177 6756  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
02:40:49.0192 6756  acpitime - ok
02:40:49.0224 6756  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
02:40:49.0239 6756  adp94xx - ok
02:40:49.0255 6756  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
02:40:49.0270 6756  adpahci - ok
02:40:49.0286 6756  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
02:40:49.0302 6756  adpu320 - ok
02:40:49.0333 6756  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:40:49.0426 6756  AeLookupSvc - ok
02:40:49.0458 6756  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
02:40:49.0520 6756  AFD - ok
02:40:49.0536 6756  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:40:49.0536 6756  agp440 - ok
02:40:49.0567 6756  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
02:40:49.0645 6756  ALG - ok
02:40:49.0723 6756  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
02:40:49.0754 6756  AllUserInstallAgent - ok
02:40:49.0801 6756  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:40:49.0848 6756  AMD External Events Utility - ok
02:40:49.0910 6756  AMD FUEL Service - ok
02:40:49.0941 6756  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
02:40:49.0988 6756  AmdK8 - ok
02:40:50.0160 6756  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:40:50.0331 6756  amdkmdag - ok
02:40:50.0347 6756  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
02:40:50.0378 6756  amdkmdap - ok
02:40:50.0409 6756  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
02:40:50.0425 6756  AmdPPM - ok
02:40:50.0440 6756  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
02:40:50.0440 6756  amdsata - ok
02:40:50.0472 6756  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
02:40:50.0487 6756  amdsbs - ok
02:40:50.0503 6756  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
02:40:50.0503 6756  amdxata - ok
02:40:50.0518 6756  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
02:40:50.0534 6756  AODDriver4.2 - ok
02:40:50.0534 6756  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
02:40:50.0581 6756  AppID - ok
02:40:50.0596 6756  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
02:40:50.0628 6756  AppIDSvc - ok
02:40:50.0659 6756  [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo         C:\Windows\System32\appinfo.dll
02:40:50.0706 6756  Appinfo - ok
02:40:50.0752 6756  [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\Windows\System32\appmgmts.dll
02:40:50.0799 6756  AppMgmt - ok
02:40:50.0830 6756  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
02:40:50.0830 6756  arc - ok
02:40:50.0846 6756  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
02:40:50.0862 6756  arcsas - ok
02:40:50.0893 6756  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
02:40:50.0908 6756  aswFsBlk - ok
02:40:50.0908 6756  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
02:40:50.0924 6756  aswMonFlt - ok
02:40:50.0940 6756  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
02:40:50.0940 6756  aswRdr - ok
02:40:50.0971 6756  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
02:40:50.0986 6756  aswRvrt - ok
02:40:51.0018 6756  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
02:40:51.0033 6756  aswSnx - ok
02:40:51.0049 6756  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
02:40:51.0064 6756  aswSP - ok
02:40:51.0096 6756  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
02:40:51.0096 6756  aswTdi - ok
02:40:51.0127 6756  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
02:40:51.0127 6756  aswVmm - ok
02:40:51.0158 6756  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:40:51.0174 6756  AsyncMac - ok
02:40:51.0189 6756  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
02:40:51.0205 6756  atapi - ok
02:40:51.0220 6756  [ 909A73F49AABE187EBB549A323DFDB17 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
02:40:51.0236 6756  AtiHDAudioService - ok
02:40:51.0267 6756  [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
02:40:51.0314 6756  AudioEndpointBuilder - ok
02:40:51.0361 6756  [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
02:40:51.0392 6756  Audiosrv - ok
02:40:51.0423 6756  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:40:51.0439 6756  avast! Antivirus - ok
02:40:51.0454 6756  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
02:40:51.0501 6756  AxInstSV - ok
02:40:51.0548 6756  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
02:40:51.0564 6756  b06bdrv - ok
02:40:51.0564 6756  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
02:40:51.0610 6756  BasicDisplay - ok
02:40:51.0610 6756  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
02:40:51.0642 6756  BasicRender - ok
02:40:51.0688 6756  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
02:40:51.0735 6756  BDESVC - ok
02:40:51.0751 6756  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:40:51.0798 6756  Beep - ok
02:40:51.0938 6756  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
02:40:51.0985 6756  BFE - ok
02:40:52.0016 6756  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
02:40:52.0266 6756  BITS - ok
02:40:52.0266 6756  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:40:52.0312 6756  bowser - ok
02:40:52.0344 6756  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
02:40:52.0375 6756  BrokerInfrastructure - ok
02:40:52.0422 6756  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
02:40:52.0453 6756  Browser - ok
02:40:52.0484 6756  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
02:40:52.0531 6756  BthAvrcpTg - ok
02:40:52.0546 6756  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
02:40:52.0609 6756  BthHFEnum - ok
02:40:52.0640 6756  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
02:40:52.0687 6756  bthhfhid - ok
02:40:52.0718 6756  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
02:40:52.0734 6756  BTHMODEM - ok
02:40:52.0749 6756  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
02:40:52.0780 6756  bthserv - ok
02:40:52.0796 6756  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:40:52.0827 6756  cdfs - ok
02:40:52.0843 6756  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
02:40:52.0874 6756  cdrom - ok
02:40:52.0905 6756  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
02:40:52.0936 6756  CertPropSvc - ok
02:40:52.0936 6756  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
02:40:52.0968 6756  circlass - ok
02:40:52.0983 6756  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
02:40:53.0014 6756  CLFS - ok
02:40:53.0030 6756  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
02:40:53.0077 6756  CmBatt - ok
02:40:53.0124 6756  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
02:40:53.0139 6756  CNG - ok
02:40:53.0155 6756  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
02:40:53.0186 6756  CompositeBus - ok
02:40:53.0186 6756  COMSysApp - ok
02:40:53.0202 6756  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
02:40:53.0264 6756  condrv - ok
02:40:53.0295 6756  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:40:53.0311 6756  CryptSvc - ok
02:40:53.0358 6756  [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\Windows\system32\drivers\csc.sys
02:40:53.0436 6756  CSC - ok
02:40:53.0482 6756  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\Windows\System32\cscsvc.dll
02:40:53.0498 6756  CscService - ok
02:40:53.0529 6756  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
02:40:53.0545 6756  dam - ok
02:40:53.0592 6756  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:40:53.0670 6756  DcomLaunch - ok
02:40:53.0701 6756  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
02:40:53.0748 6756  defragsvc - ok
02:40:53.0763 6756  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
02:40:53.0810 6756  DeviceAssociationService - ok
02:40:53.0872 6756  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
02:40:53.0888 6756  DeviceInstall - ok
02:40:53.0904 6756  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
02:40:53.0935 6756  Dfsc - ok
02:40:53.0966 6756  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
02:40:53.0997 6756  Dhcp - ok
02:40:54.0013 6756  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
02:40:54.0028 6756  discache - ok
02:40:54.0028 6756  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
02:40:54.0044 6756  disk - ok
02:40:54.0044 6756  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
02:40:54.0091 6756  dmvsc - ok
02:40:54.0122 6756  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:40:54.0169 6756  Dnscache - ok
02:40:54.0184 6756  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
02:40:54.0231 6756  dot3svc - ok
02:40:54.0247 6756  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
02:40:54.0262 6756  DPS - ok
02:40:54.0294 6756  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:40:54.0309 6756  drmkaud - ok
02:40:54.0340 6756  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
02:40:54.0356 6756  DsmSvc - ok
02:40:54.0403 6756  [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:40:54.0434 6756  DXGKrnl - ok
02:40:54.0465 6756  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
02:40:54.0481 6756  Eaphost - ok
02:40:54.0559 6756  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
02:40:54.0652 6756  ebdrv - ok
02:40:54.0652 6756  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
02:40:54.0715 6756  EFS - ok
02:40:54.0730 6756  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
02:40:54.0746 6756  EhStorClass - ok
02:40:54.0762 6756  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
02:40:54.0777 6756  EhStorTcgDrv - ok
02:40:54.0793 6756  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
02:40:54.0824 6756  ErrDev - ok
02:40:54.0855 6756  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
02:40:54.0902 6756  EventSystem - ok
02:40:54.0933 6756  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
02:40:54.0949 6756  exfat - ok
02:40:54.0964 6756  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:40:54.0964 6756  fastfat - ok
02:40:54.0996 6756  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
02:40:55.0042 6756  Fax - ok
02:40:55.0042 6756  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
02:40:55.0074 6756  fdc - ok
02:40:55.0089 6756  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
02:40:55.0120 6756  fdPHost - ok
02:40:55.0136 6756  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
02:40:55.0152 6756  FDResPub - ok
02:40:55.0183 6756  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
02:40:55.0261 6756  fhsvc - ok
02:40:55.0261 6756  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:40:55.0276 6756  FileInfo - ok
02:40:55.0276 6756  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:40:55.0308 6756  Filetrace - ok
02:40:55.0323 6756  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
02:40:55.0339 6756  flpydisk - ok
02:40:55.0354 6756  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:40:55.0370 6756  FltMgr - ok
02:40:55.0417 6756  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
02:40:55.0495 6756  FontCache - ok
02:40:55.0604 6756  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:40:55.0604 6756  FontCache3.0.0.0 - ok
02:40:55.0635 6756  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
02:40:55.0635 6756  FsDepends - ok
02:40:55.0651 6756  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:40:55.0651 6756  Fs_Rec - ok
02:40:55.0698 6756  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
02:40:55.0713 6756  fvevol - ok
02:40:55.0760 6756  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
02:40:55.0776 6756  FxPPM - ok
02:40:55.0791 6756  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
02:40:55.0807 6756  gagp30kx - ok
02:40:55.0822 6756  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
02:40:55.0854 6756  gencounter - ok
02:40:55.0854 6756  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
02:40:55.0869 6756  GPIOClx0101 - ok
02:40:55.0900 6756  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
02:40:55.0947 6756  gpsvc - ok
02:40:56.0010 6756  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:40:56.0025 6756  gupdate - ok
02:40:56.0025 6756  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:40:56.0041 6756  gupdatem - ok
02:40:56.0072 6756  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
02:40:56.0088 6756  hamachi - ok
02:40:56.0181 6756  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
02:40:56.0228 6756  Hamachi2Svc - ok
02:40:56.0259 6756  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:40:56.0290 6756  HdAudAddService - ok
02:40:56.0322 6756  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
02:40:56.0384 6756  HDAudBus - ok
02:40:56.0384 6756  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
02:40:56.0400 6756  HidBatt - ok
02:40:56.0446 6756  [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
02:40:56.0478 6756  HidBth - ok
02:40:56.0493 6756  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
02:40:56.0540 6756  hidi2c - ok
02:40:56.0556 6756  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
02:40:56.0587 6756  HidIr - ok
02:40:56.0602 6756  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
02:40:56.0618 6756  hidserv - ok
02:40:56.0634 6756  [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
02:40:56.0680 6756  HidUsb - ok
02:40:56.0758 6756  [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
02:40:56.0774 6756  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
02:40:56.0774 6756  HiPatchService - detected UnsignedFile.Multi.Generic (1)
02:40:56.0836 6756  [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
02:40:56.0852 6756  hitmanpro37 - ok
02:40:56.0868 6756  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:40:56.0899 6756  hkmsvc - ok
02:40:56.0946 6756  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:40:57.0008 6756  HomeGroupListener - ok
02:40:57.0039 6756  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:40:57.0086 6756  HomeGroupProvider - ok
02:40:57.0102 6756  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
02:40:57.0117 6756  HpSAMD - ok
02:40:57.0164 6756  [ F4A91D985EB9D1D2717D538F3424603C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:40:57.0211 6756  HTTP - ok
02:40:57.0226 6756  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
02:40:57.0242 6756  hwpolicy - ok
02:40:57.0242 6756  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
02:40:57.0258 6756  hyperkbd - ok
02:40:57.0258 6756  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
02:40:57.0273 6756  HyperVideo - ok
02:40:57.0289 6756  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
02:40:57.0336 6756  i8042prt - ok
02:40:57.0351 6756  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
02:40:57.0367 6756  iaStorV - ok
02:40:57.0382 6756  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
02:40:57.0382 6756  iirsp - ok
02:40:57.0460 6756  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
02:40:57.0632 6756  IKEEXT - ok
02:40:57.0726 6756  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:40:57.0788 6756  IntcAzAudAddService - ok
02:40:57.0804 6756  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
02:40:57.0819 6756  intelide - ok
02:40:57.0850 6756  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
02:40:57.0882 6756  intelppm - ok
02:40:57.0897 6756  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:40:57.0928 6756  IpFilterDriver - ok
02:40:57.0975 6756  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:40:58.0038 6756  iphlpsvc - ok
02:40:58.0053 6756  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
02:40:58.0084 6756  IPMIDRV - ok
02:40:58.0100 6756  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
02:40:58.0116 6756  IPNAT - ok
02:40:58.0131 6756  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:40:58.0162 6756  IRENUM - ok
02:40:58.0178 6756  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:40:58.0178 6756  isapnp - ok
02:40:58.0225 6756  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
02:40:58.0256 6756  iScsiPrt - ok
02:40:58.0256 6756  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
02:40:58.0272 6756  kbdclass - ok
02:40:58.0272 6756  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
02:40:58.0303 6756  kbdhid - ok
02:40:58.0303 6756  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
02:40:58.0318 6756  kdnic - ok
02:40:58.0334 6756  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
02:40:58.0350 6756  KeyIso - ok
02:40:58.0381 6756  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:40:58.0396 6756  KSecDD - ok
02:40:58.0443 6756  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
02:40:58.0443 6756  KSecPkg - ok
02:40:58.0459 6756  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
02:40:58.0474 6756  ksthunk - ok
02:40:58.0506 6756  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:40:58.0521 6756  KtmRm - ok
02:40:58.0568 6756  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
02:40:58.0599 6756  LanmanServer - ok
02:40:58.0630 6756  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:40:58.0646 6756  LanmanWorkstation - ok
02:40:58.0677 6756  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:40:58.0693 6756  lltdio - ok
02:40:58.0724 6756  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:40:58.0740 6756  lltdsvc - ok
02:40:58.0755 6756  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:40:58.0802 6756  lmhosts - ok
02:40:58.0818 6756  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
02:40:58.0833 6756  LSI_SAS - ok
02:40:58.0833 6756  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
02:40:58.0849 6756  LSI_SAS2 - ok
02:40:58.0849 6756  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
02:40:58.0864 6756  LSI_SCSI - ok
02:40:58.0880 6756  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
02:40:58.0880 6756  LSI_SSS - ok
02:40:58.0911 6756  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
02:40:58.0942 6756  LSM - ok
02:40:58.0958 6756  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
02:40:58.0974 6756  luafv - ok
02:40:58.0989 6756  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
02:40:59.0005 6756  megasas - ok
02:40:59.0020 6756  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
02:40:59.0052 6756  MegaSR - ok
02:40:59.0083 6756  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
02:40:59.0130 6756  MMCSS - ok
02:40:59.0130 6756  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
02:40:59.0161 6756  Modem - ok
02:40:59.0192 6756  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\Windows\System32\drivers\monitor.sys
02:40:59.0254 6756  monitor - ok
02:40:59.0254 6756  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
02:40:59.0270 6756  mouclass - ok
02:40:59.0286 6756  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\Windows\System32\drivers\mouhid.sys
02:40:59.0301 6756  mouhid - ok
02:40:59.0317 6756  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
02:40:59.0332 6756  mountmgr - ok
02:40:59.0364 6756  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:40:59.0410 6756  mpsdrv - ok
02:40:59.0457 6756  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:40:59.0488 6756  MpsSvc - ok
02:40:59.0520 6756  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:40:59.0535 6756  MRxDAV - ok
02:40:59.0582 6756  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:40:59.0629 6756  mrxsmb - ok
02:40:59.0644 6756  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:40:59.0660 6756  mrxsmb10 - ok
02:40:59.0676 6756  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:40:59.0691 6756  mrxsmb20 - ok
02:40:59.0722 6756  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
02:40:59.0754 6756  MsBridge - ok
02:40:59.0785 6756  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
02:40:59.0816 6756  MSDTC - ok
02:40:59.0816 6756  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:40:59.0847 6756  Msfs - ok
02:40:59.0878 6756  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
02:40:59.0894 6756  msgpiowin32 - ok
02:40:59.0910 6756  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
02:40:59.0941 6756  mshidkmdf - ok
02:40:59.0972 6756  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
02:40:59.0988 6756  mshidumdf - ok
02:41:00.0003 6756  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:41:00.0019 6756  msisadrv - ok
02:41:00.0081 6756  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:41:00.0159 6756  MSiSCSI - ok
02:41:00.0159 6756  msiserver - ok
02:41:00.0159 6756  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:41:00.0175 6756  MSKSSRV - ok
02:41:00.0190 6756  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
02:41:00.0206 6756  MsLldp - ok
02:41:00.0222 6756  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:41:00.0237 6756  MSPCLOCK - ok
02:41:00.0237 6756  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:41:00.0268 6756  MSPQM - ok
02:41:00.0300 6756  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:41:00.0315 6756  MsRPC - ok
02:41:00.0315 6756  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
02:41:00.0331 6756  mssmbios - ok
02:41:00.0346 6756  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:41:00.0378 6756  MSTEE - ok
02:41:00.0393 6756  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
02:41:00.0424 6756  MTConfig - ok
02:41:00.0440 6756  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
02:41:00.0440 6756  Mup - ok
02:41:00.0471 6756  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
02:41:00.0487 6756  mvumis - ok
02:41:00.0518 6756  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
02:41:00.0534 6756  napagent - ok
02:41:00.0565 6756  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:41:00.0580 6756  NativeWifiP - ok
02:41:00.0627 6756  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
02:41:00.0643 6756  NcaSvc - ok
02:41:00.0658 6756  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
02:41:00.0674 6756  NcdAutoSetup - ok
02:41:00.0736 6756  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:41:00.0768 6756  NDIS - ok
02:41:00.0783 6756  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
02:41:00.0799 6756  NdisCap - ok
02:41:00.0814 6756  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
02:41:00.0846 6756  NdisImPlatform - ok
02:41:00.0877 6756  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:41:00.0924 6756  NdisTapi - ok
02:41:00.0939 6756  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:41:00.0955 6756  Ndisuio - ok
02:41:00.0970 6756  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:41:00.0986 6756  NdisWan - ok
02:41:00.0986 6756  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
02:41:01.0002 6756  NDISWANLEGACY - ok
02:41:01.0048 6756  [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:41:01.0095 6756  NDProxy - ok
02:41:01.0111 6756  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
02:41:01.0126 6756  Ndu - ok
02:41:01.0142 6756  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:41:01.0158 6756  NetBIOS - ok
02:41:01.0173 6756  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
02:41:01.0251 6756  NetBT - ok
02:41:01.0267 6756  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
02:41:01.0282 6756  Netlogon - ok
02:41:01.0360 6756  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
02:41:01.0392 6756  Netman - ok
02:41:01.0438 6756  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\Windows\System32\netprofmsvc.dll
02:41:01.0485 6756  netprofm - ok
02:41:01.0579 6756  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:41:01.0626 6756  NetTcpPortSharing - ok
02:41:01.0641 6756  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
02:41:01.0641 6756  nfrd960 - ok
02:41:01.0688 6756  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:41:01.0719 6756  NlaSvc - ok
02:41:01.0735 6756  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:41:01.0735 6756  Npfs - ok
02:41:01.0750 6756  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
02:41:01.0766 6756  npsvctrig - ok
02:41:01.0797 6756  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
02:41:01.0828 6756  nsi - ok
02:41:01.0828 6756  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:41:01.0860 6756  nsiproxy - ok
02:41:01.0906 6756  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:41:02.0016 6756  Ntfs - ok
02:41:02.0031 6756  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
02:41:02.0047 6756  Null - ok
02:41:02.0078 6756  [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub        C:\Windows\System32\drivers\nusb3hub.sys
02:41:02.0109 6756  nusb3hub - ok
02:41:02.0125 6756  [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc        C:\Windows\System32\drivers\nusb3xhc.sys
02:41:02.0156 6756  nusb3xhc - ok
02:41:02.0172 6756  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:41:02.0187 6756  nvraid - ok
02:41:02.0187 6756  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:41:02.0203 6756  nvstor - ok
02:41:02.0218 6756  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:41:02.0234 6756  nv_agp - ok
02:41:02.0250 6756  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
02:41:02.0296 6756  p2pimsvc - ok
02:41:02.0328 6756  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:41:02.0359 6756  p2psvc - ok
02:41:02.0374 6756  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
02:41:02.0390 6756  Parport - ok
02:41:02.0437 6756  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:41:02.0452 6756  partmgr - ok
02:41:02.0484 6756  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:41:02.0530 6756  PcaSvc - ok
02:41:02.0546 6756  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
02:41:02.0562 6756  pci - ok
02:41:02.0577 6756  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
02:41:02.0593 6756  pciide - ok
02:41:02.0608 6756  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
02:41:02.0624 6756  pcmcia - ok
02:41:02.0624 6756  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
02:41:02.0640 6756  pcw - ok
02:41:02.0671 6756  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\Windows\system32\drivers\pdc.sys
02:41:02.0671 6756  pdc - ok
02:41:02.0718 6756  [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:41:02.0764 6756  PEAUTH - ok
02:41:02.0827 6756  [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
02:41:02.0889 6756  PeerDistSvc - ok
02:41:02.0967 6756  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
02:41:03.0014 6756  PerfHost - ok
02:41:03.0076 6756  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
02:41:03.0139 6756  pla - ok
02:41:03.0326 6756  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:41:03.0342 6756  PlugPlay - ok
02:41:03.0342 6756  PnkBstrA - ok
02:41:03.0357 6756  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
02:41:03.0373 6756  PNRPAutoReg - ok
02:41:03.0373 6756  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
02:41:03.0388 6756  PNRPsvc - ok
02:41:03.0420 6756  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:41:03.0451 6756  PolicyAgent - ok
02:41:03.0498 6756  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
02:41:03.0529 6756  Power - ok
02:41:03.0544 6756  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:41:03.0560 6756  PptpMiniport - ok
02:41:03.0638 6756  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
02:41:03.0716 6756  PrintNotify - ok
02:41:03.0763 6756  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
02:41:03.0778 6756  Processor - ok
02:41:03.0794 6756  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
02:41:03.0810 6756  ProfSvc - ok
02:41:03.0825 6756  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
02:41:03.0856 6756  Psched - ok
02:41:03.0872 6756  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
02:41:03.0903 6756  QWAVE - ok
02:41:03.0919 6756  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:41:03.0934 6756  QWAVEdrv - ok
02:41:03.0950 6756  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:41:03.0981 6756  RasAcd - ok
02:41:04.0012 6756  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
02:41:04.0028 6756  RasAgileVpn - ok
02:41:04.0059 6756  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
02:41:04.0090 6756  RasAuto - ok
02:41:04.0090 6756  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:41:04.0122 6756  Rasl2tp - ok
02:41:04.0137 6756  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
02:41:04.0169 6756  RasMan - ok
02:41:04.0184 6756  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:41:04.0200 6756  RasPppoe - ok
02:41:04.0200 6756  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:41:04.0215 6756  RasSstp - ok
02:41:04.0247 6756  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:41:04.0262 6756  rdbss - ok
02:41:04.0262 6756  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
02:41:04.0309 6756  rdpbus - ok
02:41:04.0340 6756  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
02:41:04.0387 6756  RDPDR - ok
02:41:04.0418 6756  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
02:41:04.0434 6756  RdpVideoMiniport - ok
02:41:04.0449 6756  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:41:04.0465 6756  RDPWD - ok
02:41:04.0480 6756  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
02:41:04.0496 6756  rdyboost - ok
02:41:04.0527 6756  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:41:04.0543 6756  RemoteAccess - ok
02:41:04.0558 6756  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:41:04.0590 6756  RemoteRegistry - ok
02:41:04.0621 6756  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
02:41:04.0636 6756  RpcEptMapper - ok
02:41:04.0668 6756  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
02:41:04.0683 6756  RpcLocator - ok
02:41:04.0699 6756  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
02:41:04.0730 6756  RpcSs - ok
02:41:04.0746 6756  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:41:04.0761 6756  rspndr - ok
02:41:04.0793 6756  [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
02:41:04.0808 6756  RTHDMIAzAudService - ok
02:41:04.0824 6756  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
02:41:04.0855 6756  RTL8168 - ok
02:41:04.0886 6756  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
02:41:04.0886 6756  s3cap - ok
02:41:04.0933 6756  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
02:41:04.0933 6756  SamSs - ok
02:41:05.0042 6756  [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
02:41:05.0042 6756  SbieDrv - ok
02:41:05.0058 6756  [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
02:41:05.0073 6756  SbieSvc - ok
02:41:05.0089 6756  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:41:05.0104 6756  sbp2port - ok
02:41:05.0104 6756  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:41:05.0136 6756  SCardSvr - ok
02:41:05.0151 6756  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
02:41:05.0182 6756  scfilter - ok
02:41:05.0229 6756  [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule        C:\Windows\system32\schedsvc.dll
02:41:05.0307 6756  Schedule - ok
02:41:05.0339 6756  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:41:05.0354 6756  SCPolicySvc - ok
02:41:05.0385 6756  [ 047315E75392CEA447ACC86257824C16 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
02:41:05.0401 6756  sdbus - ok
02:41:05.0432 6756  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:41:05.0448 6756  SDRSVC - ok
02:41:05.0495 6756  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
02:41:05.0510 6756  sdstor - ok
02:41:05.0510 6756  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:41:05.0526 6756  secdrv - ok
02:41:05.0541 6756  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
02:41:05.0557 6756  seclogon - ok
02:41:05.0588 6756  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
02:41:05.0619 6756  SENS - ok
02:41:05.0635 6756  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
02:41:05.0666 6756  SensrSvc - ok
02:41:05.0697 6756  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
02:41:05.0697 6756  SerCx - ok
02:41:05.0713 6756  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
02:41:05.0728 6756  Serenum - ok
02:41:05.0744 6756  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
02:41:05.0760 6756  Serial - ok
02:41:05.0775 6756  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
02:41:05.0791 6756  sermouse - ok
02:41:05.0822 6756  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
02:41:05.0853 6756  SessionEnv - ok
02:41:05.0869 6756  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
02:41:05.0884 6756  sfloppy - ok
02:41:05.0916 6756  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:41:05.0947 6756  SharedAccess - ok
02:41:05.0978 6756  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:41:06.0040 6756  ShellHWDetection - ok
02:41:06.0040 6756  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
02:41:06.0056 6756  SiSRaid2 - ok
02:41:06.0056 6756  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
02:41:06.0072 6756  SiSRaid4 - ok
02:41:06.0134 6756  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
02:41:06.0150 6756  SkypeUpdate - ok
02:41:06.0165 6756  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:41:06.0181 6756  SNMPTRAP - ok
02:41:06.0228 6756  [ 872E937681910E2456A054331C7D5A18 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
02:41:06.0243 6756  spaceport - ok
02:41:06.0243 6756  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
02:41:06.0274 6756  SpbCx - ok
02:41:06.0306 6756  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
02:41:06.0352 6756  Spooler - ok
02:41:06.0430 6756  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
02:41:06.0508 6756  sppsvc - ok
02:41:06.0540 6756  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:41:06.0571 6756  srv - ok
02:41:06.0618 6756  [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:41:06.0665 6756  srv2 - ok
02:41:06.0696 6756  [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:41:06.0758 6756  srvnet - ok
02:41:06.0821 6756  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:41:06.0836 6756  SSDPSRV - ok
02:41:06.0852 6756  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:41:06.0867 6756  SstpSvc - ok
02:41:06.0883 6756  Steam Client Service - ok
02:41:06.0914 6756  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
02:41:06.0914 6756  stexstor - ok
02:41:06.0961 6756  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
02:41:07.0008 6756  stisvc - ok
02:41:07.0039 6756  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\Windows\system32\drivers\storahci.sys
02:41:07.0054 6756  storahci - ok
02:41:07.0086 6756  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
02:41:07.0086 6756  storflt - ok
02:41:07.0101 6756  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
02:41:07.0133 6756  StorSvc - ok
02:41:07.0148 6756  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
02:41:07.0148 6756  storvsc - ok
02:41:07.0164 6756  [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\Windows\System32\drivers\storvsp.sys
02:41:07.0195 6756  storvsp - ok
02:41:07.0211 6756  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
02:41:07.0226 6756  svsvc - ok
02:41:07.0242 6756  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
02:41:07.0257 6756  swenum - ok
02:41:07.0289 6756  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
02:41:07.0335 6756  swprv - ok
02:41:07.0351 6756  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
02:41:07.0398 6756  SysMain - ok
02:41:07.0445 6756  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
02:41:07.0523 6756  SystemEventsBroker - ok
02:41:07.0554 6756  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
02:41:07.0585 6756  TabletInputService - ok
02:41:07.0616 6756  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:41:07.0632 6756  TapiSrv - ok
02:41:07.0694 6756  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:41:07.0756 6756  Tcpip - ok
02:41:07.0772 6756  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
02:41:07.0819 6756  TCPIP6 - ok
02:41:07.0834 6756  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:41:07.0850 6756  tcpipreg - ok
02:41:07.0850 6756  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:41:07.0881 6756  tdx - ok
02:41:07.0897 6756  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
02:41:07.0913 6756  terminpt - ok
02:41:07.0959 6756  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
02:41:07.0991 6756  TermService - ok
02:41:08.0006 6756  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
02:41:08.0037 6756  Themes - ok
02:41:08.0069 6756  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
02:41:08.0084 6756  THREADORDER - ok
02:41:08.0100 6756  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
02:41:08.0115 6756  TimeBroker - ok
02:41:08.0147 6756  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\Windows\system32\drivers\tpm.sys
02:41:08.0162 6756  TPM - ok
02:41:08.0178 6756  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
02:41:08.0209 6756  TrkWks - ok
02:41:08.0240 6756  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:41:08.0271 6756  TrustedInstaller - ok
02:41:08.0287 6756  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
02:41:08.0334 6756  TsUsbFlt - ok
02:41:08.0334 6756  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
02:41:08.0349 6756  TsUsbGD - ok
02:41:08.0365 6756  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:41:08.0381 6756  tunnel - ok
02:41:08.0396 6756  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
02:41:08.0396 6756  uagp35 - ok
02:41:08.0427 6756  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
02:41:08.0427 6756  UASPStor - ok
02:41:08.0474 6756  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
02:41:08.0490 6756  UCX01000 - ok
02:41:08.0505 6756  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:41:08.0521 6756  udfs - ok
02:41:08.0552 6756  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:41:08.0583 6756  UI0Detect - ok
02:41:08.0599 6756  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:41:08.0615 6756  uliagpkx - ok
02:41:08.0630 6756  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
02:41:08.0646 6756  umbus - ok
02:41:08.0661 6756  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
02:41:08.0677 6756  UmPass - ok
02:41:08.0677 6756  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
02:41:08.0708 6756  UmRdpService - ok
02:41:08.0786 6756  [ D73693C89E60137310B1EF61CD4E6442 ] Uniblue.MaxiDiskSvc C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
02:41:08.0817 6756  Uniblue.MaxiDiskSvc - ok
02:41:08.0973 6756  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
02:41:08.0989 6756  upnphost - ok
02:41:09.0020 6756  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
02:41:09.0036 6756  usbccgp - ok
02:41:09.0051 6756  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
02:41:09.0083 6756  usbcir - ok
02:41:09.0114 6756  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
02:41:09.0129 6756  usbehci - ok
02:41:09.0176 6756  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
02:41:09.0192 6756  usbhub - ok
02:41:09.0239 6756  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
02:41:09.0254 6756  USBHUB3 - ok
02:41:09.0270 6756  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
02:41:09.0332 6756  usbohci - ok
02:41:09.0348 6756  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
02:41:09.0395 6756  usbprint - ok
02:41:09.0395 6756  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
02:41:09.0410 6756  USBSTOR - ok
02:41:09.0426 6756  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
02:41:09.0473 6756  usbuhci - ok
02:41:09.0488 6756  [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
02:41:09.0504 6756  USBXHCI - ok
02:41:09.0519 6756  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
02:41:09.0535 6756  VaultSvc - ok
02:41:09.0535 6756  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
02:41:09.0551 6756  vdrvroot - ok
02:41:09.0597 6756  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
02:41:09.0644 6756  vds - ok
02:41:09.0644 6756  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
02:41:09.0660 6756  VerifierExt - ok
02:41:09.0691 6756  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
02:41:09.0722 6756  vhdmp - ok
02:41:09.0738 6756  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
02:41:09.0738 6756  viaide - ok
02:41:09.0769 6756  [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\Windows\System32\drivers\Vid.sys
02:41:09.0785 6756  Vid - ok
02:41:09.0816 6756  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
02:41:09.0831 6756  vmbus - ok
02:41:09.0847 6756  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
02:41:09.0847 6756  VMBusHID - ok
02:41:09.0863 6756  [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
02:41:09.0863 6756  vmbusr - ok
02:41:09.0894 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
02:41:09.0925 6756  vmicheartbeat - ok
02:41:09.0941 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
02:41:09.0956 6756  vmickvpexchange - ok
02:41:09.0956 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
02:41:09.0972 6756  vmicrdv - ok
02:41:09.0987 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
02:41:09.0987 6756  vmicshutdown - ok
02:41:10.0003 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
02:41:10.0019 6756  vmictimesync - ok
02:41:10.0019 6756  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
02:41:10.0034 6756  vmicvss - ok
02:41:10.0050 6756  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:41:10.0065 6756  volmgr - ok
02:41:10.0097 6756  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:41:10.0112 6756  volmgrx - ok
02:41:10.0128 6756  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:41:10.0143 6756  volsnap - ok
02:41:10.0143 6756  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
02:41:10.0159 6756  vpci - ok
02:41:10.0175 6756  [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
02:41:10.0190 6756  vpcivsp - ok
02:41:10.0206 6756  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
02:41:10.0221 6756  vsmraid - ok
02:41:10.0268 6756  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
02:41:10.0315 6756  VSS - ok
02:41:10.0331 6756  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
02:41:10.0346 6756  VSTXRAID - ok
02:41:10.0362 6756  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
02:41:10.0377 6756  vwifibus - ok
02:41:10.0393 6756  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
02:41:10.0424 6756  W32Time - ok
02:41:10.0440 6756  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
02:41:10.0455 6756  WacomPen - ok
02:41:10.0487 6756  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
02:41:10.0502 6756  Wanarp - ok
02:41:10.0502 6756  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:41:10.0518 6756  Wanarpv6 - ok
02:41:10.0565 6756  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
02:41:10.0627 6756  wbengine - ok
02:41:10.0643 6756  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
02:41:10.0674 6756  WbioSrvc - ok
02:41:10.0689 6756  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
02:41:10.0705 6756  Wcmsvc - ok
02:41:10.0752 6756  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:41:10.0814 6756  wcncsvc - ok
02:41:10.0814 6756  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:41:10.0861 6756  WcsPlugInService - ok
02:41:10.0877 6756  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
02:41:10.0892 6756  Wd - ok
02:41:10.0923 6756  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
02:41:10.0923 6756  WdBoot - ok
02:41:10.0970 6756  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:41:11.0001 6756  Wdf01000 - ok
02:41:11.0017 6756  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
02:41:11.0033 6756  WdFilter - ok
02:41:11.0048 6756  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:41:11.0079 6756  WdiServiceHost - ok
02:41:11.0079 6756  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:41:11.0111 6756  WdiSystemHost - ok
02:41:11.0126 6756  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
02:41:11.0157 6756  WebClient - ok
02:41:11.0173 6756  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:41:11.0204 6756  Wecsvc - ok
02:41:11.0220 6756  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:41:11.0267 6756  wercplsupport - ok
02:41:11.0298 6756  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:41:11.0376 6756  WerSvc - ok
02:41:11.0407 6756  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
02:41:11.0423 6756  WFPLWFS - ok
02:41:11.0423 6756  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
02:41:11.0454 6756  WiaRpc - ok
02:41:11.0469 6756  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
02:41:11.0485 6756  WIMMount - ok
02:41:11.0501 6756  WinDefend - ok
02:41:11.0547 6756  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
02:41:11.0594 6756  WinHttpAutoProxySvc - ok
02:41:11.0657 6756  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:41:11.0672 6756  Winmgmt - ok
02:41:11.0735 6756  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
02:41:11.0813 6756  WinRM - ok
02:41:11.0859 6756  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
02:41:11.0891 6756  WlanSvc - ok
02:41:11.0937 6756  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
02:41:12.0000 6756  wlidsvc - ok
02:41:12.0015 6756  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
02:41:12.0031 6756  WmiAcpi - ok
02:41:12.0062 6756  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:41:12.0078 6756  wmiApSrv - ok
02:41:12.0093 6756  WMPNetworkSvc - ok
02:41:12.0093 6756  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
02:41:12.0140 6756  wpcfltr - ok
02:41:12.0156 6756  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:41:12.0187 6756  WPCSvc - ok
02:41:12.0234 6756  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:41:12.0281 6756  WPDBusEnum - ok
02:41:12.0312 6756  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
02:41:12.0327 6756  WpdUpFltr - ok
02:41:12.0374 6756  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:41:12.0374 6756  ws2ifsl - ok
02:41:12.0421 6756  [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc          C:\Windows\System32\wscsvc.dll
02:41:12.0452 6756  wscsvc - ok
02:41:12.0452 6756  WSearch - ok
02:41:12.0515 6756  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
02:41:12.0593 6756  WSService - ok
02:41:12.0655 6756  [ 79F95469604B77296346DE7DB463EA2A ] wuauserv        C:\Windows\system32\wuaueng.dll
02:41:12.0733 6756  wuauserv - ok
02:41:12.0764 6756  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:41:12.0811 6756  WudfPf - ok
02:41:12.0827 6756  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
02:41:12.0842 6756  WUDFRd - ok
02:41:12.0873 6756  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:41:12.0889 6756  wudfsvc - ok
02:41:12.0889 6756  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
02:41:12.0905 6756  WUDFWpdFs - ok
02:41:12.0936 6756  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
02:41:12.0998 6756  WwanSvc - ok
02:41:13.0061 6756  X6va012 - ok
02:41:13.0107 6756  [ D107AA09E4E233E1AAE126255D8A4057 ] xusb22          C:\Windows\System32\drivers\xusb22.sys
02:41:13.0154 6756  xusb22 - ok
02:41:13.0154 6756  ================ Scan global ===============================
02:41:13.0185 6756  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
02:41:13.0217 6756  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
02:41:13.0248 6756  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
02:41:13.0295 6756  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
02:41:13.0295 6756  [Global] - ok
02:41:13.0295 6756  ================ Scan MBR ==================================
02:41:13.0326 6756  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:41:13.0544 6756  \Device\Harddisk0\DR0 - ok
02:41:13.0544 6756  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
02:41:13.0716 6756  \Device\Harddisk1\DR2 - ok
02:41:13.0716 6756  ================ Scan VBR ==================================
02:41:13.0716 6756  [ 9A9D5880C0E2182F56141C2014277315 ] \Device\Harddisk0\DR0\Partition1
02:41:13.0716 6756  \Device\Harddisk0\DR0\Partition1 - ok
02:41:13.0747 6756  [ 8E709C7F29F90B71F1969A2AF2A1CEDF ] \Device\Harddisk0\DR0\Partition2
02:41:13.0747 6756  \Device\Harddisk0\DR0\Partition2 - ok
02:41:13.0747 6756  [ 1F0125D9E125DAAF15EEC61D85429C6C ] \Device\Harddisk1\DR2\Partition1
02:41:13.0747 6756  \Device\Harddisk1\DR2\Partition1 - ok
02:41:13.0747 6756  ============================================================
02:41:13.0747 6756  Scan finished
02:41:13.0747 6756  ============================================================
02:41:13.0763 6516  Detected object count: 1
02:41:13.0763 6516  Actual detected object count: 1
02:41:23.0481 6516  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
02:41:23.0481 6516  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

und haha mir ist aufgefallen, dass ich in meinem ersten Post 6 mal meinen Namen nicht weggemacht habe :P blödes nicht editieren^^

cosinus · 23.05.2013, 09:54

Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Ethanil · 23.05.2013, 15:38

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro x64
Ran by Ruben on 23.05.2013 at 16:07:42,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 16:11:10,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 23/05/2013 um 16:12:33 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : ***- ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ruben\Desktop\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1659 octets] - [21/05/2013 22:56:30]
AdwCleaner[S1].txt - [1721 octets] - [21/05/2013 22:57:05]
AdwCleaner[S2].txt - [814 octets] - [23/05/2013 16:12:33]

########## EOF - C:\AdwCleaner[S2].txt - [873 octets] ##########

Code:

ATTFilter

OTL logfile created on: 23.05.2013 16:31:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,02% Memory free
9,99 Gb Paging File | 8,77 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,18 Gb Free Space | 35,06% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 389,63 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\foobar2000\foobar2000.exe (Peter Pawlowski)
PRC - C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_unpack.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_converter.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_cdda.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_input_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_fileops.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll ()
MOD - C:\Program Files (x86)\foobar2000\shared.dll ()
MOD - C:\Program Files (x86)\foobar2000\avutil-51.dll ()
MOD - C:\Program Files (x86)\foobar2000\avcodec-54.dll ()
MOD - C:\Program Files (x86)\foobar2000\zlib1.dll ()
MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll ()
MOD - C:\Program Files (x86)\Secure Banking\funcs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Uniblue.MaxiDiskSvc) -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe ()
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\Drivers\hitmanpro37.sys ()
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (xusb22) -- C:\Windows\SysNative\Drivers\xusb22.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\Drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\Drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\Drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\Drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 AB 23 BA 43 48 CE 01  [binary data]
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\***\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\***\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EDBDD86-7D55-4D42-A48F-D0758BFB0A3E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\blub
[2013.05.23 16:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.23 16:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.23 16:07:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.23 16:07:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.23 16:06:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.23 02:38:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.22 16:38:45 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.22 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi
[2013.05.22 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.05.22 00:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.05.22 00:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.05.21 23:27:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.21 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.21 22:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.21 22:43:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.21 22:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.21 22:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.21 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.21 22:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.21 22:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.21 22:20:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.20 06:33:12 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.20 06:33:10 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.17 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.05.17 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Maike bilder
[2013.05.17 21:11:43 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.05.17 21:11:42 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.05.17 21:11:42 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.05.17 21:11:39 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.05.17 21:11:39 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.05.17 21:11:38 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.05.17 21:11:37 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.05.17 21:11:36 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.05.17 21:11:35 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.05.17 21:11:34 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013.05.17 21:11:30 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.05.17 21:11:28 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013.05.17 21:11:27 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013.05.17 21:11:26 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.05.17 21:11:26 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013.05.17 21:11:25 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.05.17 21:11:25 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.05.17 21:11:24 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.05.17 21:11:23 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.05.17 21:11:23 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.05.17 21:11:23 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.05.17 21:11:23 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013.05.17 21:11:22 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.17 21:11:22 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.05.17 21:11:22 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.05.17 21:11:21 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013.05.17 21:11:21 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013.05.17 21:11:20 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.05.17 21:11:20 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.05.17 21:11:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.05.17 21:11:19 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.17 21:11:19 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.17 21:11:18 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.05.17 21:11:17 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.05.17 21:11:17 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.05.17 21:11:17 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013.05.17 21:11:16 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.05.17 21:11:16 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013.05.17 21:11:16 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.05.17 21:11:16 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.05.17 21:11:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013.05.17 21:11:15 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.05.17 21:11:15 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.05.17 21:11:15 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013.05.17 21:11:15 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013.05.17 21:11:14 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013.05.17 21:11:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.05.17 21:11:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013.05.17 21:11:14 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013.05.17 21:11:13 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013.05.17 21:11:13 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.05.17 21:11:12 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013.05.17 21:11:12 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013.05.17 21:11:11 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.17 21:11:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.05.17 21:11:10 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.05.17 21:11:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.05.17 21:11:09 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013.05.17 21:11:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013.05.17 21:11:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.05.17 21:11:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013.05.17 21:11:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013.05.17 21:11:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013.05.17 21:11:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.05.17 21:11:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013.05.17 21:11:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013.05.17 14:45:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 14:44:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 14:44:52 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.05.17 14:44:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 14:44:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.17 14:44:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.17 14:44:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.17 14:44:16 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.17 14:43:59 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.05.17 14:43:59 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.05.17 14:43:56 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.05.12 00:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.11 00:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\raidcall
[2013.05.11 00:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.05.10 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2013.05.10 01:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.05.10 01:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.05.10 01:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.04.29 06:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.27 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TERA
[2013.04.24 20:06:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.04.23 16:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2013.04.23 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 16:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 16:14:57 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 16:14:27 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.23 16:14:27 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013.05.23 16:14:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.23 16:13:46 | 3433,918,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 16:06:52 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.05.23 15:51:15 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.23 15:41:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 02:39:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.22 17:00:31 | 000,007,425 | ---- | M] () -- C:\Users\***\Desktop\GMER.7z
[2013.05.22 16:38:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.21 23:48:52 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.21 23:27:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 23:27:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.21 22:43:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:37:15 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.21 22:37:06 | 000,304,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.17 21:52:43 | 000,001,027 | ---- | M] () -- C:\Users\***\Desktop\SciLor's grooveshark(tm).com Downloader.lnk
[2013.05.17 21:52:43 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk
[2013.05.17 17:33:30 | 009,784,854 | ---- | M] () -- C:\Users\***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | M] () -- C:\Users\***\Desktop\mdl2.jpg
[2013.05.17 15:34:38 | 000,070,422 | ---- | M] () -- C:\Users\***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:24 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:01:45 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 20:07:26 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.11 20:07:26 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.11 20:07:26 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.11 20:07:26 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.11 20:07:26 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 00:45:38 | 000,001,011 | ---- | M] () -- C:\Users\***\Desktop\RaidCall.lnk
[2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.28 01:14:18 | 000,001,235 | ---- | M] () -- C:\Users\***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.23 16:06:58 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.05.22 17:00:31 | 000,007,425 | ---- | C] () -- C:\Users\***\Desktop\GMER.7z
[2013.05.21 23:48:50 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.21 23:27:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.21 22:43:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:36:55 | 000,304,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.21 22:24:22 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.17 21:11:07 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.17 17:33:20 | 009,784,854 | ---- | C] () -- C:\Users\***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | C] () -- C:\Users\***\Desktop\mdl2.jpg
[2013.05.17 15:34:37 | 000,070,422 | ---- | C] () -- C:\Users\***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:44 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:07:20 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:07:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:07:16 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 00:45:38 | 000,001,011 | ---- | C] () -- C:\Users\***\Desktop\RaidCall.lnk
[2013.05.06 20:52:15 | 000,132,623 | ---- | C] () -- C:\Probeprüfungen.PDF
[2013.04.28 01:14:18 | 000,001,235 | ---- | C] () -- C:\Users\***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013.03.29 00:59:32 | 000,001,532 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.24 23:16:41 | 000,609,772 | ---- | C] () -- C:\Users\***\Fil.pdf
[2013.03.24 23:16:41 | 000,581,797 | ---- | C] () -- C:\Users\***\Lemak.pdf
[2013.03.03 16:12:58 | 000,005,444 | ---- | C] () -- C:\Users\***\.prolog_console_history
[2013.02.03 07:03:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.31 20:06:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.31 20:06:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.29 16:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.27 18:53:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.01.27 18:53:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.01.27 18:53:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2013.02.02 23:33:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.05.2013 16:31:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,02% Memory free
9,99 Gb Paging File | 8,77 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,18 Gb Free Space | 35,06% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 389,63 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030DE039-291F-4911-903C-EBA3210B50C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{077A6DD7-7286-4EB2-8A67-92FB70A4DF0A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15ACFE88-B5DC-4927-8F4D-34FB9A0E6969}" = lport=137 | protocol=17 | dir=in | app=system | 
"{18F23D46-6351-4AB0-B9B4-044CBB4B5D65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23E675CE-049C-432F-8A17-D44B0138612D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5922F5EA-38CE-467B-A6BB-52C0A912627C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D08C594-1BD8-4C8B-A3D9-64EF04F286B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DBAA488-19FA-4507-B5EA-11CB62C2F358}" = rport=445 | protocol=6 | dir=out | app=system | 
"{622D81DB-1CAA-4707-A8AE-780D075EAC91}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{639EFE58-4023-479E-9A09-4590A909A75F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{650B48E0-693E-4C61-9ABD-89C884DDB950}" = rport=137 | protocol=17 | dir=out | app=system | 
"{695BCD6C-358E-45E1-AB86-3D4F78BCABB8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{725D272A-DFF7-4479-A715-33007951B034}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5B06BBA-9215-45D0-A63D-BBCAB8747718}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8929CBF-100F-44A3-8C82-3DDD558743FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6CB2C8D-D3C8-42D6-8C8E-4D62AEB88962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8B40E0C-4F76-431D-8419-CFD5B9266C47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CBAEB5B8-CC51-4127-BD9C-751F48A89BB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD1E2064-E638-4A0C-8775-5208EFB445E9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2398BE9-C364-4ACC-907A-E2D04618F301}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5A66B18-FE57-4789-9F9B-E2D17892E502}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6F3C3-5D5F-4592-A4D8-F657B79090AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{00CB0EAF-ED75-4825-B22B-9CCC342C1EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{0119D483-E0F9-4FE7-AFCF-2DA3B2656101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{015BDE77-9C8D-4076-BFF3-834D8A65BBE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{021658C6-BFC4-429E-86AA-E1F10A64BBC8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{03422241-0091-442C-B923-7A7501997714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{0381A856-DBB5-499D-947C-5B03CCFDDD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{03857195-B502-45A0-A91F-952F6525A434}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{04ECC309-61F7-425D-BCFA-846FF03C38D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{05D7589E-F924-40C1-ADE0-69BFA209265C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{0AB05247-E8FE-4CA0-88F9-830B4B31FB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{0AC7288F-DF12-4E28-9EE5-1542C1ADC1A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{0B78485A-3B5E-4F80-8541-9A99BBC57501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{0BA2EB68-3E8A-44FE-A866-DC47DE905648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{0BC5294F-77FA-4EE6-836B-DF09AF6F45D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{0C12BB13-B99E-4C32-AC66-75EB3E4397DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C1504D9-130B-416A-83CC-2AE1D463145C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE1E0DA-E77D-44D6-BAAC-5B1DDDFAEBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{10E811B3-DEC0-4553-9348-65BBE1640748}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{1129F389-B41E-40E7-B25B-B0837DF010A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{123F0D5E-ABF8-4407-AB2E-526719F2F63C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{12EA61BC-B396-46EF-B7E0-4E31A5ACE933}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{149F21F8-B68F-4ED7-87BE-757A13E3F4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{17C964DB-3637-4421-B040-FC5E09A76C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{195F1D02-37E6-4369-952B-99FC8C37E5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{1CE19A9B-AF80-45E7-B738-443763970783}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1F21D5A8-6EBD-4AE0-9BEF-19C0C91A507E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{204EDB5A-C5CF-4E16-9473-4D9BE15E45C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{217D3E1A-BCCF-49F4-BB08-0046377609F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{21FAF734-7661-4DC6-9799-627D55878C84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{22E36769-636E-4CCD-869A-50CFC56F1E02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{238223A4-E3D3-42A2-B6A0-214B2B0CB19D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{241A2AE4-9903-4E1E-AB7C-F48454F10FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{2512A40B-5A8A-4341-9F7F-8363E90FAAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{27544670-11A3-4E7C-9BE8-A9ED6CEB60DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{291464B4-79E4-454A-BB91-9D777C74D402}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{2921AAE0-4CFA-407E-BB45-93C0F156D371}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{29CB9C73-4284-4298-BC98-BC08AA078839}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{2C1CF26A-44DC-4C7C-B0E1-2E095BE4E5CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C8FD086-3112-427D-9749-DB079FF7B64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{2DB85094-29F5-4FB2-95B8-B5318783903E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{2DE42095-F3A4-47E5-8BDE-07D5E1BB1CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{2E6274FB-5D5C-4514-8B62-7CD52369AFF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{2F47B232-C0FC-4F46-AAEC-96AE6E700A02}" = protocol=6 | dir=out | app=system | 
"{2F6F7432-311A-4C77-A26A-73D09C3CB903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{30021FEC-955E-4761-82E4-7AA045B56AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{3047EB3B-58A3-430F-9D51-852705BBE1BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{322097CA-FD8A-4B8A-BF3A-4ACFF0A526DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{3291D7FD-3008-4021-8CC2-A90F64FC880D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{381774E5-9234-4853-8444-3571B4FEF4DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{3CFBE06D-FDD0-4104-9C36-6E17DFBD9F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{3D0D6175-0D08-4EC3-927C-6F7DE0C40049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{3E204284-1C3B-4020-BC5A-71376EF85DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{3EC767F2-53DA-42F2-8DDD-28C806290837}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3EDFC091-8713-4A6C-B21F-015B72CB8360}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3FE0CFBD-A36B-45B2-BF44-573668FDCF84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4163DEED-647A-46C2-AF00-24B9CE8E34A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{416CA105-B6E3-4366-AFA7-1DE485EA6B10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{44EC039D-C432-485C-8E89-BA4ECAAF4CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{46D2402F-E003-45C7-9CCA-35BF428D8229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{483F6B9C-C064-433D-A0FF-911569C8722E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{4979904D-5559-41CF-9C3C-67FAD420BE43}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4A53497B-1B25-4688-A81E-AF36A14FB428}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{4BC0733C-C718-4189-A3E4-8C7B6D7E8C77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{4DE6A156-16B7-4486-A848-A62EB874D06B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{4ED55D69-EAD1-4615-91D0-2DDD0347E0DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{4F027637-1B54-412F-B487-C08774E1090E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{4F347490-1BB1-48C8-8C42-81BCC73370F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{501EA033-C46B-4FB4-B1E6-D0338AAF6FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{50762242-49AF-4149-BFD3-290C851CDB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{50FD1AE6-5516-40C1-BAB2-B4641F200844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{5110E520-FB6A-48EC-B339-97FC624BF174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{514737AF-7CBF-4A6F-B32B-53A6D31E2294}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{51489347-620D-413C-B2AC-FB5319BD5B88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{521375CA-A53E-4726-8722-1E7D1219098E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{53938F51-BAD5-4B7B-9955-E185392070EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{548A492A-439A-4EC6-A2B9-2828959AC28B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{54E1A330-0296-4D1D-B177-1D675803CEAD}" = protocol=17 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{5502FF7F-FA8E-4B5A-A8AE-DBDB8611E4D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{56C65758-FD81-423F-9449-3997CCDF1ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{59D59AC0-7A85-4C11-B522-AF03A97C6DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5A240E37-5A9B-4E5B-BB2D-45925BA9C66B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{5A7A9564-F860-43CA-8FA0-09E91D76059E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5DA49107-F401-470E-9F72-74FBD96269B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{5E923814-8A02-49AD-9EF2-874A35BE4844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{5EE4C46C-A80D-4117-A93A-18302F7DA7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{614B8265-677F-448D-9E5E-962B4DEADE06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{6313D2AC-49AD-4DA9-88E4-F47707FB0F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{63526DF7-ECD0-48CB-8EDD-86AC8A1EB331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{63D28A66-4157-4F75-8FB1-15A698D2B19B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6BE9DC98-1745-4549-9D94-80451117C17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{6C215412-BBCC-490E-AE47-EBED3EA50394}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C2D4517-E78A-4EF1-A6A9-463C8CC0D152}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{6C94CD1A-3477-49A6-8F5A-D9740D901888}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{6D25FB67-DC63-4BF0-926C-411A399EC3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{6ECEEA95-8C4C-407C-8068-0E01F8596956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{759CED39-6B8B-48B9-9B57-0D8FAE9BD43B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{76A5CE02-7680-44D7-9667-C91693B91EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{78645FCB-CF39-439C-BE7B-48D1D298AFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{7AED8428-37D7-4B55-9CE2-96DB4E5CA0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{7B0EF11E-446E-48DB-BAC2-F55EC0DABC64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C2B26C3-B73D-41C8-9725-093375E1C00F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{7FE36847-95DB-4A35-95AB-6B5BC5D07974}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{807C8A48-C0DD-4D45-AFA0-D5D76FAC9169}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8233DCBC-B971-4484-BCF3-1EC90A6D0C35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{824EA552-51E6-4C12-B01A-7B1E01D8D8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{8251F26E-11BA-4E37-B01C-CDB1569F9BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{830F0FEA-1BCF-406E-BB3E-C5D5C68EA2F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{84D5A8D8-6C36-4FF7-98F4-639F0636ABA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{85C20383-1BEF-4175-87AA-539E65FE27BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{873AEA4F-D6D4-45F1-A85C-084599236B65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{8742A7E1-6B76-4FA6-8731-578FF67F635A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{87C75011-0748-40C4-AAC5-CBB3336E6FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{883C5D06-3018-49AE-99F0-E8D084A3A06E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{891B9891-5B47-4C06-A390-267B606B0B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{895F13D1-0911-4836-9AF4-5B06A64F99A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{89B954E3-AD13-42F1-9CC0-39C6CDD3006F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{8ACC1E38-E8B7-4B94-BBB6-6A71E92D3B81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{8ADA0186-E0B4-4198-887F-A7A2FF9376FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8B2E988A-26F1-43A0-9102-2A955C8EE51E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8EC105F0-4D3F-4E24-9892-C096D7870DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8FD7EDA3-A797-4255-92A2-D23D0A1E7B9F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9021A217-5C58-43E2-92AF-7282ADE96D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{91A13D59-9EE8-4848-B131-E907E4C513E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{93D67CB1-E82C-49F4-922A-CB93434AF55F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93E5ED86-5FC4-4F4D-95EA-308FC9122DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{945AE1C3-8A01-45A4-B60F-AD7F7D177FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{94894C3A-F1BB-4BF5-9FC7-96031A69EE41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{97D8B6BA-F5DD-4888-917E-3E1980021719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{98A894DA-8A07-456B-930F-7552AD98CDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{9AD40217-701B-4D30-B3FE-C8BD8F05D5B3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{9BD128E0-65C1-4FEA-91F1-55069D424F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{9C765FD4-2E85-48F2-BB12-2EADFF3A66F6}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C85EBDA-9A5F-4269-985B-2E6482404D1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{9DBC2A36-8051-402B-AB1C-DDD30CCCC528}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{9DCE65E3-AC68-4D4B-A15C-34BFDD3FBA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{9DF46A4D-06B8-49D0-A1D7-8F637D206DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{A02DBBFE-EA57-4DBC-BA4A-C5DCCCE1F731}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A099B61D-A1CC-4987-AB65-6A4A46EF6034}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A0AAEBC8-3F6B-48D2-9508-68B8E4D5589D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{A40EF0D7-9F93-418A-8010-ED69FF3B8242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{A43781E5-6A2A-406E-A288-7B96D58B8CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{A5FECC44-1498-4A13-8C60-3F864ED3879E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{A6629400-2CF2-42D1-ABAF-8E91EF1396B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{A825661B-5684-4273-9F5E-7E95FE2EDD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{A89398BE-8619-4A98-BAC6-F1CFA7498A54}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AB5F6420-25DA-4562-8CCF-6D6A26633B6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{AC55B685-03D8-4B5D-96B3-12A14D2DA80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{ACA33D29-7F2C-48E3-95CE-4F841A1F3A74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{AD01EB2F-BA52-4066-9C97-A40EAB0840C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{AD788440-AC87-478F-925D-635D8911979F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{AD8854F8-AB84-4FB2-9512-1BE733A5B190}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{AE030391-3B01-4E2F-AB94-1FAE94D1DEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{B1ACBCF5-E71B-45DF-91D6-4CBE25F5788D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{B1CF0F4C-5D89-4E7E-A25B-F755163EE597}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B32C0B51-AF9C-4171-A70E-D159689EFA45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3492401-C777-48A5-875F-B6AACB2E4263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{B50FBD68-13AF-4738-A153-BCC282ED9382}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{B5618049-5203-4817-A9F0-5DF1CE98CBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{B6696433-02FE-4525-8DBD-093AC1E8B269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{B76F9DAE-DC23-42B2-84D6-4C535473F97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{BA3CB8F6-D8D3-4DA7-89B9-29E7646B2BBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{BA6F34A4-D11E-46AA-8999-D08963B5F534}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{BB15458B-270C-4A9B-A034-63DF61C185EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{BB5AE134-C6AC-4301-A1FB-D8D051E5CFC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{BBEFC994-2841-4255-A617-BF6EDF553756}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{BCC23A6D-8FF6-46A0-A913-844E8D27729E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{BD7A7ABE-8053-4FB4-9034-8065A56C3F98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{BDBB54CF-9BA1-431F-A890-57291EDE96B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{BF3E1588-3987-4D4A-81D2-105C4D8BE928}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{BF4BAA04-2270-429C-8D88-9E96C55AEE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C01126E0-D014-470F-AB57-E49491A1048E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{C0E369D6-0B60-4181-8CCF-731DD64DF58D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{C116234F-AF8C-4A3E-BE20-241D507E121D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{C1352AF5-A79A-4AD3-A738-8B0F38D990C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{C19B2F89-1B9F-40D0-B111-828F7FAA4999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{C29DBB19-A68E-41B4-BE04-CB0CAF310339}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{C32A81A5-C0F0-4A9D-ABA0-4DE1979AFD68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C3BAE191-1B73-4603-91D0-80FDA11ED53B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C40FB18B-EF35-422B-9E57-1BF0AD42CC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{C43E68CF-B230-4F15-9BAD-3E7BB435A4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C47940A6-0FA7-4BCF-8C42-FC5D34B22A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{C4C056EA-41F6-4D12-AB26-70B9801B5258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{C5A1D004-8FDF-4735-9949-398C4AB514D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{C5F6868A-CB22-49B8-A218-690D9C1F2816}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C7296419-B8C3-414B-AF24-F194161743BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{C8485611-C72E-4CC2-8B75-51D5F43FD539}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{C85ACC3D-08FA-4A71-9604-1A5CC4314C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{C88DA139-ADC4-4D82-B634-8737EF24ADD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FD4908-E14C-4296-A52F-6D02E3E2D37E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{CA362FA1-C85D-4927-B827-BB1654F5EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{CAE6A77E-A0B5-4DF8-B5CC-77A330E7F978}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{CB848A52-5EFC-4278-B063-9C3F8BC32FF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{CE91B9CA-C795-44B6-BDA8-D6258BEC32BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{D12EB5BD-AE92-438E-A2A4-5E8C4269AFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D1EE4449-7F0B-4028-A2DE-E4DC4ED91B06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{D20C645B-6CFB-43F0-A30F-94B58210D21D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{D32ED3AA-0824-4F85-8168-C61367877D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{D365CF95-568B-4563-A838-6033D6AAC4B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D5BB726F-2175-42B6-9921-754E749A7BED}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D63DEAEB-4CF3-4F9B-A70B-BE571894DB2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D698CFB8-3624-45D6-BF4D-CBC9E917C350}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{D749BEA0-AFCE-411F-8F26-2CB1799075E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D7BE538F-844E-412D-8AE2-2D459E2D1670}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D8254036-25B8-4F92-95AA-586759F6C488}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{D93ED920-1469-421C-98DB-3865E978D5C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D9E984F5-AB7E-4EBB-8B9E-E8AF89964906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{DA6ECFA6-AFA1-44AB-BD2F-0A81C96A1CB6}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{DA830AF2-4198-401F-B485-4BB0D97C89C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{DC314223-0A28-4E62-A66C-DD7F377EA479}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{DCEBDC65-F076-4DDD-A70F-C25A2F0337AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{DE5A8B8D-1367-40CA-BE12-64E6D6CEBCCA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{DEC442C1-0753-4FDA-A7FC-6877F0F6C654}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{E09304D3-0FAB-496C-BB17-4ADDB107CBEA}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{E0DA97FA-2B72-4033-B350-1F0CD8EC039E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{E509CE4E-FEB8-4812-AC0C-C9BFEC8735F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E59BCEC3-5BB1-47A1-A631-1FF7295479DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{E64721DD-4B07-49D9-9CB4-D30897BF0622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8FC40A4-886F-4741-BEB0-527A653D4CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{E915E54C-72D9-4E77-8F03-EC03D2A0D502}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{E94431A2-BF36-47DB-AF99-D5DE983BC1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{EC7F2695-8870-4BAE-81CA-0BB3AAB182DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{ECA139EF-67B5-42E0-B749-06E1E971EAF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{ED68315B-5E8B-4A74-8256-DFF6092D2B82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{EF27A5F9-121D-46FE-813C-2CC236E27A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{F1F657E2-5A86-410E-95C5-4BCB86D20A89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{F32A405E-CD37-43FA-B8F2-FFABDC647BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{F4287F1C-A50C-4D49-90BD-EE2F95856070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F5DE0A25-0435-4E91-8748-E8D8166242B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{F5FB94E3-E3F3-4242-9DCF-48DCA21EDEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{F5FCABD1-0FAC-4484-BCEC-584E548CD0B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{F636C8FD-6445-40A2-8D40-89CA4ACDF7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{F7460FE7-0E8A-41D1-8D19-E2F912101D84}" = protocol=6 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{F7EA8D92-7880-48E7-8781-D081F9DCC9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{FA46D5FA-1000-4E66-B212-905F9D51D186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{FADEFD79-F63F-4DC5-8C08-99118CF28A69}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{FBFA6CB2-47D6-42BE-850F-9EE5BD9BFB02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{FC425A59-D983-419C-BF46-ABF4996F1444}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD2B6429-D763-4F81-825A-EF3F21ECB805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD8B206A-29AE-427A-B47E-4629811869E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{FF0C77F4-783E-4BCB-9DB5-A502FC9E488D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{FF154D5E-A1B9-4774-B01B-53F793160F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"TCP Query User{026364E4-7006-4E66-9631-686B3D4C8A20}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1CB9480E-C55B-425E-9BC2-1966705C47FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2C55C218-DD30-4D9B-9A21-13A88536E6FE}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{394986A9-0BE6-4B39-BB25-A43824DE6082}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{46F9DA95-9B0C-46E8-A2E3-A76EBB9F4D91}C:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{5961AACF-FF95-45EE-B080-2924AFD05EA0}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{6A65D3E4-637C-4AE8-BFCB-7F05B1649BEE}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"TCP Query User{6BDA9C38-7721-45D7-B038-4B0834DB6DFF}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"TCP Query User{6E552EAB-0183-4234-AA17-62B858991CCF}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{8140D65A-269C-42ED-8338-8670D8695FD0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{A3224889-6C1C-4FCE-B441-B1195F9A22C9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{F85448DF-3945-417F-82B5-2892D42E137D}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{0EEA1BB7-0F16-4420-A4CC-7F253483A71F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{57DC5C36-4E4B-4358-8EC9-1FBCDD86B489}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{71150DDA-C985-426E-BF75-11E6BE7E4B61}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{73E2A1B9-66A9-40D1-85F9-FE8CC7429985}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{747FF1B6-280A-447E-B41E-75A783CCFB81}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{992CABD0-3394-4A16-8F55-7CCC795A43EF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9D5C915C-34ED-4C87-A4DE-64B8D4EB4B1C}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{A7D5ADC4-53AA-49C1-AD40-AF28F18EAACC}C:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{B4284386-1581-40BF-B464-37C8F46A712E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{D53C273C-FE8E-4383-9420-E5087879DDE2}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"UDP Query User{ECB8C36A-B2BA-4648-9ECD-44F9CFFE6B84}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"UDP Query User{FB727FC6-B65F-4E52-BBF3-38C2423303FF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"GIMP-2_is1" = GIMP 2.8.4
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SWI-Prolog" = SWI-Prolog (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C1130F5-F955-4319-BFF6-AFE4A42BC3A8}_is1" = MaxiDisk
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"foobar2000" = foobar2000 v1.2.2
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Steam App 105600" = Terraria
"Steam App 111600" = Serious Sam Double D
"Steam App 12900" = Audiosurf
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 17080" = Tribes: Ascend
"Steam App 17410" = Mirror's Edge
"Steam App 19980" = Prince of Persia
"Steam App 201210" = PoxNora
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202170" = Sleeping Dogs™
"Steam App 203140" = Hitman: Absolution
"Steam App 204260" = Trine 2 Demo
"Steam App 204340" = Serious Sam 2
"Steam App 204360" = Castle Crashers
"Steam App 206500" = AirMech
"Steam App 207230" = Archeblade
"Steam App 209870" = Blacklight: Retribution
"Steam App 211180" = Unmechanical
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214560" = Mark of the Ninja
"Steam App 218110" = Din's Curse Demo
"Steam App 219340" = The Banner Saga: Factions
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 221790" = Renaissance Heroes
"Steam App 224500" = Gnomoria
"Steam App 224640" = Krater Demo
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 35720" = Trine 2
"Steam App 400" = Portal
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 65800" = Dungeon Defenders
"Steam App 8980" = Borderlands
"Steam App 99870" = Bulletstorm Demo
"SWI-Prolog" = SWI-Prolog (remove only)
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 18:53:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1c70    Startzeit: 01ce502ca4a7697e    Endzeit: 67    Anwendungspfad:
 C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe    Berichts-ID: e3cf8ced-bc1f-11e2-be79-1c6f6581e666    Vollständiger Name
 des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
   
 
Error - 17.05.2013 08:30:19 | Computer Name = *** | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d)
 festgestellt.
 
Error - 17.05.2013 15:21:36 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 17.05.2013 16:34:22 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 21.05.2013 17:31:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 600    Startzeit: 
01ce5669ffb1aa9b    Endzeit: 4294967295    Anwendungspfad: C:\Users\***\Downloads\OTL.exe

Berichts-ID:
 c59028c5-c25d-11e2-be7d-1c6f6581e666    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 21.05.2013 18:53:15 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.2.9498.500,
 Zeitstempel: 0x4bf4c207  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108b02  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00010137  ID des fehlerhaften
 Prozesses: 0xf88  Startzeit der fehlerhaften Anwendung: 0x01ce5675ed28b825  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll  Berichtskennung: 384e8ce3-c269-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 10:40:46 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x1390  Startzeit der fehlerhaften Anwendung: 0x01ce56fa1858851d  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 964f5746-c2ed-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 10:57:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x570  Startzeit der fehlerhaften Anwendung: 0x01ce56fc88879560  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ef66194e-c2ef-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 12:56:01 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x850  Startzeit der fehlerhaften Anwendung: 0x01ce570d067696bb  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7b237f4e-c300-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 13:44:33 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x7e4  Startzeit der fehlerhaften Anwendung: 0x01ce5713d9133bcf  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 42d8f305-c307-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 19.05.2013 18:19:36 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 20.05.2013 00:31:26 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:36:32 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:37:53 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit dem folgenden
 dienstspezifischen Fehler beendet:   %%0
 
Error - 21.05.2013 16:58:17 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 17:30:38 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.05.2013 10:13:42 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >

Ethanil · 23.05.2013, 15:41

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro x64
Ran by Ruben on 23.05.2013 at 16:07:42,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 16:11:10,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 23/05/2013 um 16:12:33 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : ***- ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ruben\Desktop\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1659 octets] - [21/05/2013 22:56:30]
AdwCleaner[S1].txt - [1721 octets] - [21/05/2013 22:57:05]
AdwCleaner[S2].txt - [814 octets] - [23/05/2013 16:12:33]

########## EOF - C:\AdwCleaner[S2].txt - [873 octets] ##########

Ethanil · 23.05.2013, 15:42

Code:

ATTFilter

OTL logfile created on: 23.05.2013 16:31:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,02% Memory free
9,99 Gb Paging File | 8,77 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,18 Gb Free Space | 35,06% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 389,63 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\foobar2000\foobar2000.exe (Peter Pawlowski)
PRC - C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_unpack.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_converter.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_cdda.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_input_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_fileops.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll ()
MOD - C:\Program Files (x86)\foobar2000\shared.dll ()
MOD - C:\Program Files (x86)\foobar2000\avutil-51.dll ()
MOD - C:\Program Files (x86)\foobar2000\avcodec-54.dll ()
MOD - C:\Program Files (x86)\foobar2000\zlib1.dll ()
MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll ()
MOD - C:\Program Files (x86)\Secure Banking\funcs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Uniblue.MaxiDiskSvc) -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe ()
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\Drivers\hitmanpro37.sys ()
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (xusb22) -- C:\Windows\SysNative\Drivers\xusb22.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\Drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\Drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\Drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\Drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 AB 23 BA 43 48 CE 01  [binary data]
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\***\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\***\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2974008515-1301726394-3259296961-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EDBDD86-7D55-4D42-A48F-D0758BFB0A3E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\blub
[2013.05.23 16:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.23 16:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.23 16:07:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.23 16:07:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.23 16:06:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.23 02:38:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.22 16:38:45 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.22 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi
[2013.05.22 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.05.22 00:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.05.22 00:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.05.21 23:27:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.21 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.21 22:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.21 22:43:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.21 22:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.21 22:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.21 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.21 22:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.21 22:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.21 22:20:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.20 06:33:12 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.20 06:33:10 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.17 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.05.17 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Maike bilder
[2013.05.17 21:11:43 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.05.17 21:11:42 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.05.17 21:11:42 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.05.17 21:11:39 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.05.17 21:11:39 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.05.17 21:11:38 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.05.17 21:11:37 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.05.17 21:11:36 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.05.17 21:11:35 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.05.17 21:11:34 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013.05.17 21:11:30 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.05.17 21:11:28 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013.05.17 21:11:27 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013.05.17 21:11:26 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.05.17 21:11:26 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013.05.17 21:11:25 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.05.17 21:11:25 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.05.17 21:11:24 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.05.17 21:11:23 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.05.17 21:11:23 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.05.17 21:11:23 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.05.17 21:11:23 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013.05.17 21:11:22 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.17 21:11:22 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.05.17 21:11:22 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.05.17 21:11:21 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013.05.17 21:11:21 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013.05.17 21:11:20 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.05.17 21:11:20 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.05.17 21:11:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.05.17 21:11:19 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.17 21:11:19 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.17 21:11:18 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.05.17 21:11:17 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.05.17 21:11:17 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.05.17 21:11:17 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013.05.17 21:11:16 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.05.17 21:11:16 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013.05.17 21:11:16 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.05.17 21:11:16 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.05.17 21:11:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013.05.17 21:11:15 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.05.17 21:11:15 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.05.17 21:11:15 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013.05.17 21:11:15 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013.05.17 21:11:14 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013.05.17 21:11:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.05.17 21:11:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013.05.17 21:11:14 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013.05.17 21:11:13 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013.05.17 21:11:13 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.05.17 21:11:12 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013.05.17 21:11:12 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013.05.17 21:11:11 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.17 21:11:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.05.17 21:11:10 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.05.17 21:11:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.05.17 21:11:09 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013.05.17 21:11:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013.05.17 21:11:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.05.17 21:11:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013.05.17 21:11:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013.05.17 21:11:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013.05.17 21:11:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.05.17 21:11:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013.05.17 21:11:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013.05.17 14:45:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 14:44:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 14:44:52 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.05.17 14:44:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 14:44:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.17 14:44:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.17 14:44:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.17 14:44:16 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.17 14:43:59 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.05.17 14:43:59 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.05.17 14:43:56 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.05.12 00:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.11 00:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\raidcall
[2013.05.11 00:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.05.11 00:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.05.10 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2013.05.10 01:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.05.10 01:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.05.10 01:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.04.29 06:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.27 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TERA
[2013.04.24 20:06:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.04.23 16:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2013.04.23 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 16:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 16:14:57 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 16:14:27 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.23 16:14:27 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013.05.23 16:14:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.23 16:13:46 | 3433,918,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 16:06:52 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.05.23 15:51:15 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.05.23 15:41:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 02:39:01 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.05.22 17:00:31 | 000,007,425 | ---- | M] () -- C:\Users\***\Desktop\GMER.7z
[2013.05.22 16:38:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.05.21 23:48:52 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.21 23:27:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.21 23:27:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.21 22:43:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:37:15 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.21 22:37:06 | 000,304,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.17 21:52:43 | 000,001,027 | ---- | M] () -- C:\Users\***\Desktop\SciLor's grooveshark(tm).com Downloader.lnk
[2013.05.17 21:52:43 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk
[2013.05.17 17:33:30 | 009,784,854 | ---- | M] () -- C:\Users\***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | M] () -- C:\Users\***\Desktop\mdl2.jpg
[2013.05.17 15:34:38 | 000,070,422 | ---- | M] () -- C:\Users\***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:34:44 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:24 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:01:45 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 20:07:26 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.11 20:07:26 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.11 20:07:26 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.11 20:07:26 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.11 20:07:26 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 00:45:38 | 000,001,011 | ---- | M] () -- C:\Users\***\Desktop\RaidCall.lnk
[2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.28 01:14:18 | 000,001,235 | ---- | M] () -- C:\Users\***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.23 16:06:58 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.05.22 17:00:31 | 000,007,425 | ---- | C] () -- C:\Users\***\Desktop\GMER.7z
[2013.05.21 23:48:50 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.21 23:27:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.21 22:43:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:36:55 | 000,304,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 22:32:53 | 000,001,298 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.21 22:24:22 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.17 21:11:07 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.17 17:33:20 | 009,784,854 | ---- | C] () -- C:\Users\***\Desktop\Neue Bitmap (2).bmp
[2013.05.17 15:34:49 | 000,061,978 | ---- | C] () -- C:\Users\***\Desktop\mdl2.jpg
[2013.05.17 15:34:37 | 000,070,422 | ---- | C] () -- C:\Users\***\Desktop\mdl1.jpg
[2013.05.12 19:57:27 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\Neue Bitmap.bmp
[2013.05.12 00:34:44 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.12 00:07:20 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.12 00:07:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.12 00:07:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 00:07:16 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013.05.11 00:45:38 | 000,001,011 | ---- | C] () -- C:\Users\***\Desktop\RaidCall.lnk
[2013.05.06 20:52:15 | 000,132,623 | ---- | C] () -- C:\Probeprüfungen.PDF
[2013.04.28 01:14:18 | 000,001,235 | ---- | C] () -- C:\Users\***\Desktop\Neverwinter.lnk
[2013.04.23 16:51:19 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
[2013.03.29 00:59:32 | 000,001,532 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.24 23:16:41 | 000,609,772 | ---- | C] () -- C:\Users\***\Fil.pdf
[2013.03.24 23:16:41 | 000,581,797 | ---- | C] () -- C:\Users\***\Lemak.pdf
[2013.03.03 16:12:58 | 000,005,444 | ---- | C] () -- C:\Users\***\.prolog_console_history
[2013.02.03 07:03:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.31 20:06:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.31 20:06:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.29 16:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.27 18:53:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.01.27 18:53:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.01.27 18:53:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2013.02.02 23:33:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.05.2013 16:31:30 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,02% Memory free
9,99 Gb Paging File | 8,77 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): C:\pagefile.sys 6139 6139H:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 171,18 Gb Free Space | 35,06% Space Free | Partition Type: NTFS
Drive D: | 443,22 Gb Total Space | 441,95 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 389,63 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030DE039-291F-4911-903C-EBA3210B50C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{077A6DD7-7286-4EB2-8A67-92FB70A4DF0A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15ACFE88-B5DC-4927-8F4D-34FB9A0E6969}" = lport=137 | protocol=17 | dir=in | app=system | 
"{18F23D46-6351-4AB0-B9B4-044CBB4B5D65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23E675CE-049C-432F-8A17-D44B0138612D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5922F5EA-38CE-467B-A6BB-52C0A912627C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D08C594-1BD8-4C8B-A3D9-64EF04F286B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DBAA488-19FA-4507-B5EA-11CB62C2F358}" = rport=445 | protocol=6 | dir=out | app=system | 
"{622D81DB-1CAA-4707-A8AE-780D075EAC91}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{639EFE58-4023-479E-9A09-4590A909A75F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{650B48E0-693E-4C61-9ABD-89C884DDB950}" = rport=137 | protocol=17 | dir=out | app=system | 
"{695BCD6C-358E-45E1-AB86-3D4F78BCABB8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{725D272A-DFF7-4479-A715-33007951B034}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5B06BBA-9215-45D0-A63D-BBCAB8747718}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8929CBF-100F-44A3-8C82-3DDD558743FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6CB2C8D-D3C8-42D6-8C8E-4D62AEB88962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8B40E0C-4F76-431D-8419-CFD5B9266C47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CBAEB5B8-CC51-4127-BD9C-751F48A89BB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CD1E2064-E638-4A0C-8775-5208EFB445E9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2398BE9-C364-4ACC-907A-E2D04618F301}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5A66B18-FE57-4789-9F9B-E2D17892E502}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6F3C3-5D5F-4592-A4D8-F657B79090AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{00CB0EAF-ED75-4825-B22B-9CCC342C1EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{0119D483-E0F9-4FE7-AFCF-2DA3B2656101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{015BDE77-9C8D-4076-BFF3-834D8A65BBE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{021658C6-BFC4-429E-86AA-E1F10A64BBC8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{03422241-0091-442C-B923-7A7501997714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{0381A856-DBB5-499D-947C-5B03CCFDDD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{03857195-B502-45A0-A91F-952F6525A434}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{04ECC309-61F7-425D-BCFA-846FF03C38D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{05D7589E-F924-40C1-ADE0-69BFA209265C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{0AB05247-E8FE-4CA0-88F9-830B4B31FB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{0AC7288F-DF12-4E28-9EE5-1542C1ADC1A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{0B78485A-3B5E-4F80-8541-9A99BBC57501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{0BA2EB68-3E8A-44FE-A866-DC47DE905648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{0BC5294F-77FA-4EE6-836B-DF09AF6F45D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{0C12BB13-B99E-4C32-AC66-75EB3E4397DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C1504D9-130B-416A-83CC-2AE1D463145C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CE1E0DA-E77D-44D6-BAAC-5B1DDDFAEBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{10E811B3-DEC0-4553-9348-65BBE1640748}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{1129F389-B41E-40E7-B25B-B0837DF010A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{123F0D5E-ABF8-4407-AB2E-526719F2F63C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{12EA61BC-B396-46EF-B7E0-4E31A5ACE933}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{149F21F8-B68F-4ED7-87BE-757A13E3F4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{17C964DB-3637-4421-B040-FC5E09A76C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{195F1D02-37E6-4369-952B-99FC8C37E5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{1CE19A9B-AF80-45E7-B738-443763970783}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1F21D5A8-6EBD-4AE0-9BEF-19C0C91A507E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{204EDB5A-C5CF-4E16-9473-4D9BE15E45C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{217D3E1A-BCCF-49F4-BB08-0046377609F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{21FAF734-7661-4DC6-9799-627D55878C84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{22E36769-636E-4CCD-869A-50CFC56F1E02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{238223A4-E3D3-42A2-B6A0-214B2B0CB19D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{241A2AE4-9903-4E1E-AB7C-F48454F10FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{2512A40B-5A8A-4341-9F7F-8363E90FAAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{27544670-11A3-4E7C-9BE8-A9ED6CEB60DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{291464B4-79E4-454A-BB91-9D777C74D402}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{2921AAE0-4CFA-407E-BB45-93C0F156D371}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{29CB9C73-4284-4298-BC98-BC08AA078839}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{2C1CF26A-44DC-4C7C-B0E1-2E095BE4E5CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C8FD086-3112-427D-9749-DB079FF7B64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{2DB85094-29F5-4FB2-95B8-B5318783903E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{2DE42095-F3A4-47E5-8BDE-07D5E1BB1CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{2E6274FB-5D5C-4514-8B62-7CD52369AFF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{2F47B232-C0FC-4F46-AAEC-96AE6E700A02}" = protocol=6 | dir=out | app=system | 
"{2F6F7432-311A-4C77-A26A-73D09C3CB903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{30021FEC-955E-4761-82E4-7AA045B56AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{3047EB3B-58A3-430F-9D51-852705BBE1BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{322097CA-FD8A-4B8A-BF3A-4ACFF0A526DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{3291D7FD-3008-4021-8CC2-A90F64FC880D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{381774E5-9234-4853-8444-3571B4FEF4DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{3CFBE06D-FDD0-4104-9C36-6E17DFBD9F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{3D0D6175-0D08-4EC3-927C-6F7DE0C40049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{3E204284-1C3B-4020-BC5A-71376EF85DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{3EC767F2-53DA-42F2-8DDD-28C806290837}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3EDFC091-8713-4A6C-B21F-015B72CB8360}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3FE0CFBD-A36B-45B2-BF44-573668FDCF84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4163DEED-647A-46C2-AF00-24B9CE8E34A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{416CA105-B6E3-4366-AFA7-1DE485EA6B10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{44EC039D-C432-485C-8E89-BA4ECAAF4CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{46D2402F-E003-45C7-9CCA-35BF428D8229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{483F6B9C-C064-433D-A0FF-911569C8722E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{4979904D-5559-41CF-9C3C-67FAD420BE43}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4A53497B-1B25-4688-A81E-AF36A14FB428}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{4BC0733C-C718-4189-A3E4-8C7B6D7E8C77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{4DE6A156-16B7-4486-A848-A62EB874D06B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{4ED55D69-EAD1-4615-91D0-2DDD0347E0DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{4F027637-1B54-412F-B487-C08774E1090E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{4F347490-1BB1-48C8-8C42-81BCC73370F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{501EA033-C46B-4FB4-B1E6-D0338AAF6FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{50762242-49AF-4149-BFD3-290C851CDB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{50FD1AE6-5516-40C1-BAB2-B4641F200844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{5110E520-FB6A-48EC-B339-97FC624BF174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{514737AF-7CBF-4A6F-B32B-53A6D31E2294}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{51489347-620D-413C-B2AC-FB5319BD5B88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{521375CA-A53E-4726-8722-1E7D1219098E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{53938F51-BAD5-4B7B-9955-E185392070EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{548A492A-439A-4EC6-A2B9-2828959AC28B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{54E1A330-0296-4D1D-B177-1D675803CEAD}" = protocol=17 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{5502FF7F-FA8E-4B5A-A8AE-DBDB8611E4D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{56C65758-FD81-423F-9449-3997CCDF1ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{59D59AC0-7A85-4C11-B522-AF03A97C6DF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5A240E37-5A9B-4E5B-BB2D-45925BA9C66B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{5A7A9564-F860-43CA-8FA0-09E91D76059E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5DA49107-F401-470E-9F72-74FBD96269B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{5E923814-8A02-49AD-9EF2-874A35BE4844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{5EE4C46C-A80D-4117-A93A-18302F7DA7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{614B8265-677F-448D-9E5E-962B4DEADE06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{6313D2AC-49AD-4DA9-88E4-F47707FB0F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{63526DF7-ECD0-48CB-8EDD-86AC8A1EB331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{63D28A66-4157-4F75-8FB1-15A698D2B19B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6BE9DC98-1745-4549-9D94-80451117C17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{6C215412-BBCC-490E-AE47-EBED3EA50394}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C2D4517-E78A-4EF1-A6A9-463C8CC0D152}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{6C94CD1A-3477-49A6-8F5A-D9740D901888}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{6D25FB67-DC63-4BF0-926C-411A399EC3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{6ECEEA95-8C4C-407C-8068-0E01F8596956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{759CED39-6B8B-48B9-9B57-0D8FAE9BD43B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{76A5CE02-7680-44D7-9667-C91693B91EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{78645FCB-CF39-439C-BE7B-48D1D298AFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{7AED8428-37D7-4B55-9CE2-96DB4E5CA0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gnomoria\gnomoria.exe | 
"{7B0EF11E-446E-48DB-BAC2-F55EC0DABC64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C2B26C3-B73D-41C8-9725-093375E1C00F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{7FE36847-95DB-4A35-95AB-6B5BC5D07974}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dins curse demo\dinscurse.exe | 
"{807C8A48-C0DD-4D45-AFA0-D5D76FAC9169}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8233DCBC-B971-4484-BCF3-1EC90A6D0C35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{824EA552-51E6-4C12-B01A-7B1E01D8D8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe | 
"{8251F26E-11BA-4E37-B01C-CDB1569F9BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{830F0FEA-1BCF-406E-BB3E-C5D5C68EA2F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{84D5A8D8-6C36-4FF7-98F4-639F0636ABA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{85C20383-1BEF-4175-87AA-539E65FE27BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{873AEA4F-D6D4-45F1-A85C-084599236B65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{8742A7E1-6B76-4FA6-8731-578FF67F635A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{87C75011-0748-40C4-AAC5-CBB3336E6FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{883C5D06-3018-49AE-99F0-E8D084A3A06E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | 
"{891B9891-5B47-4C06-A390-267B606B0B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{895F13D1-0911-4836-9AF4-5B06A64F99A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{89B954E3-AD13-42F1-9CC0-39C6CDD3006F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{8ACC1E38-E8B7-4B94-BBB6-6A71E92D3B81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{8ADA0186-E0B4-4198-887F-A7A2FF9376FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8B2E988A-26F1-43A0-9102-2A955C8EE51E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8EC105F0-4D3F-4E24-9892-C096D7870DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8FD7EDA3-A797-4255-92A2-D23D0A1E7B9F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9021A217-5C58-43E2-92AF-7282ADE96D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{91A13D59-9EE8-4848-B131-E907E4C513E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{93D67CB1-E82C-49F4-922A-CB93434AF55F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93E5ED86-5FC4-4F4D-95EA-308FC9122DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{945AE1C3-8A01-45A4-B60F-AD7F7D177FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{94894C3A-F1BB-4BF5-9FC7-96031A69EE41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{97D8B6BA-F5DD-4888-917E-3E1980021719}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{98A894DA-8A07-456B-930F-7552AD98CDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{9AD40217-701B-4D30-B3FE-C8BD8F05D5B3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{9BD128E0-65C1-4FEA-91F1-55069D424F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{9C765FD4-2E85-48F2-BB12-2EADFF3A66F6}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C85EBDA-9A5F-4269-985B-2E6482404D1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{9DBC2A36-8051-402B-AB1C-DDD30CCCC528}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{9DCE65E3-AC68-4D4B-A15C-34BFDD3FBA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{9DF46A4D-06B8-49D0-A1D7-8F637D206DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{A02DBBFE-EA57-4DBC-BA4A-C5DCCCE1F731}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A099B61D-A1CC-4987-AB65-6A4A46EF6034}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A0AAEBC8-3F6B-48D2-9508-68B8E4D5589D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{A40EF0D7-9F93-418A-8010-ED69FF3B8242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{A43781E5-6A2A-406E-A288-7B96D58B8CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{A5FECC44-1498-4A13-8C60-3F864ED3879E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{A6629400-2CF2-42D1-ABAF-8E91EF1396B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{A825661B-5684-4273-9F5E-7E95FE2EDD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{A89398BE-8619-4A98-BAC6-F1CFA7498A54}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AB5F6420-25DA-4562-8CCF-6D6A26633B6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{AC55B685-03D8-4B5D-96B3-12A14D2DA80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{ACA33D29-7F2C-48E3-95CE-4F841A1F3A74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{AD01EB2F-BA52-4066-9C97-A40EAB0840C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{AD788440-AC87-478F-925D-635D8911979F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{AD8854F8-AB84-4FB2-9512-1BE733A5B190}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{AE030391-3B01-4E2F-AB94-1FAE94D1DEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{B1ACBCF5-E71B-45DF-91D6-4CBE25F5788D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{B1CF0F4C-5D89-4E7E-A25B-F755163EE597}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B32C0B51-AF9C-4171-A70E-D159689EFA45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3492401-C777-48A5-875F-B6AACB2E4263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{B50FBD68-13AF-4738-A153-BCC282ED9382}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{B5618049-5203-4817-A9F0-5DF1CE98CBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{B6696433-02FE-4525-8DBD-093AC1E8B269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{B76F9DAE-DC23-42B2-84D6-4C535473F97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{BA3CB8F6-D8D3-4DA7-89B9-29E7646B2BBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe | 
"{BA6F34A4-D11E-46AA-8999-D08963B5F534}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{BB15458B-270C-4A9B-A034-63DF61C185EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{BB5AE134-C6AC-4301-A1FB-D8D051E5CFC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{BBEFC994-2841-4255-A617-BF6EDF553756}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{BCC23A6D-8FF6-46A0-A913-844E8D27729E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{BD7A7ABE-8053-4FB4-9034-8065A56C3F98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{BDBB54CF-9BA1-431F-A890-57291EDE96B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{BF3E1588-3987-4D4A-81D2-105C4D8BE928}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{BF4BAA04-2270-429C-8D88-9E96C55AEE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{C01126E0-D014-470F-AB57-E49491A1048E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{C0E369D6-0B60-4181-8CCF-731DD64DF58D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{C116234F-AF8C-4A3E-BE20-241D507E121D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{C1352AF5-A79A-4AD3-A738-8B0F38D990C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{C19B2F89-1B9F-40D0-B111-828F7FAA4999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{C29DBB19-A68E-41B4-BE04-CB0CAF310339}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{C32A81A5-C0F0-4A9D-ABA0-4DE1979AFD68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C3BAE191-1B73-4603-91D0-80FDA11ED53B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C40FB18B-EF35-422B-9E57-1BF0AD42CC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{C43E68CF-B230-4F15-9BAD-3E7BB435A4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C47940A6-0FA7-4BCF-8C42-FC5D34B22A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{C4C056EA-41F6-4D12-AB26-70B9801B5258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{C5A1D004-8FDF-4735-9949-398C4AB514D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{C5F6868A-CB22-49B8-A218-690D9C1F2816}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C7296419-B8C3-414B-AF24-F194161743BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{C8485611-C72E-4CC2-8B75-51D5F43FD539}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{C85ACC3D-08FA-4A71-9604-1A5CC4314C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{C88DA139-ADC4-4D82-B634-8737EF24ADD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FD4908-E14C-4296-A52F-6D02E3E2D37E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe | 
"{CA362FA1-C85D-4927-B827-BB1654F5EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{CAE6A77E-A0B5-4DF8-B5CC-77A330E7F978}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{CB848A52-5EFC-4278-B063-9C3F8BC32FF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{CE91B9CA-C795-44B6-BDA8-D6258BEC32BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe | 
"{D12EB5BD-AE92-438E-A2A4-5E8C4269AFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D1EE4449-7F0B-4028-A2DE-E4DC4ED91B06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe | 
"{D20C645B-6CFB-43F0-A30F-94B58210D21D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{D32ED3AA-0824-4F85-8168-C61367877D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{D365CF95-568B-4563-A838-6033D6AAC4B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D5BB726F-2175-42B6-9921-754E749A7BED}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D63DEAEB-4CF3-4F9B-A70B-BE571894DB2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\run_game.exe | 
"{D698CFB8-3624-45D6-BF4D-CBC9E917C350}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{D749BEA0-AFCE-411F-8F26-2CB1799075E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D7BE538F-844E-412D-8AE2-2D459E2D1670}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D8254036-25B8-4F92-95AA-586759F6C488}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{D93ED920-1469-421C-98DB-3865E978D5C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{D9E984F5-AB7E-4EBB-8B9E-E8AF89964906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{DA6ECFA6-AFA1-44AB-BD2F-0A81C96A1CB6}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{DA830AF2-4198-401F-B485-4BB0D97C89C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{DC314223-0A28-4E62-A66C-DD7F377EA479}" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{DCEBDC65-F076-4DDD-A70F-C25A2F0337AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"{DE5A8B8D-1367-40CA-BE12-64E6D6CEBCCA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{DEC442C1-0753-4FDA-A7FC-6877F0F6C654}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{E09304D3-0FAB-496C-BB17-4ADDB107CBEA}" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"{E0DA97FA-2B72-4033-B350-1F0CD8EC039E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{E509CE4E-FEB8-4812-AC0C-C9BFEC8735F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E59BCEC3-5BB1-47A1-A631-1FF7295479DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{E64721DD-4B07-49D9-9CB4-D30897BF0622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8FC40A4-886F-4741-BEB0-527A653D4CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{E915E54C-72D9-4E77-8F03-EC03D2A0D502}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{E94431A2-BF36-47DB-AF99-D5DE983BC1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{EC7F2695-8870-4BAE-81CA-0BB3AAB182DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{ECA139EF-67B5-42E0-B749-06E1E971EAF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{ED68315B-5E8B-4A74-8256-DFF6092D2B82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{EF27A5F9-121D-46FE-813C-2CC236E27A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{F1F657E2-5A86-410E-95C5-4BCB86D20A89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{F32A405E-CD37-43FA-B8F2-FFABDC647BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe | 
"{F4287F1C-A50C-4D49-90BD-EE2F95856070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F5DE0A25-0435-4E91-8748-E8D8166242B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{F5FB94E3-E3F3-4242-9DCF-48DCA21EDEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe | 
"{F5FCABD1-0FAC-4484-BCEC-584E548CD0B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{F636C8FD-6445-40A2-8D40-89CA4ACDF7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{F7460FE7-0E8A-41D1-8D19-E2F912101D84}" = protocol=6 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"{F7EA8D92-7880-48E7-8781-D081F9DCC9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{FA46D5FA-1000-4E66-B212-905F9D51D186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe | 
"{FADEFD79-F63F-4DC5-8C08-99118CF28A69}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{FBFA6CB2-47D6-42BE-850F-9EE5BD9BFB02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{FC425A59-D983-419C-BF46-ABF4996F1444}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD2B6429-D763-4F81-825A-EF3F21ECB805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD8B206A-29AE-427A-B47E-4629811869E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{FF0C77F4-783E-4BCB-9DB5-A502FC9E488D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{FF154D5E-A1B9-4774-B01B-53F793160F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"TCP Query User{026364E4-7006-4E66-9631-686B3D4C8A20}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1CB9480E-C55B-425E-9BC2-1966705C47FE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2C55C218-DD30-4D9B-9A21-13A88536E6FE}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{394986A9-0BE6-4B39-BB25-A43824DE6082}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{46F9DA95-9B0C-46E8-A2E3-A76EBB9F4D91}C:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{5961AACF-FF95-45EE-B080-2924AFD05EA0}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{6A65D3E4-637C-4AE8-BFCB-7F05B1649BEE}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"TCP Query User{6BDA9C38-7721-45D7-B038-4B0834DB6DFF}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"TCP Query User{6E552EAB-0183-4234-AA17-62B858991CCF}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{8140D65A-269C-42ED-8338-8670D8695FD0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{A3224889-6C1C-4FCE-B441-B1195F9A22C9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{F85448DF-3945-417F-82B5-2892D42E137D}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{0EEA1BB7-0F16-4420-A4CC-7F253483A71F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{57DC5C36-4E4B-4358-8EC9-1FBCDD86B489}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{71150DDA-C985-426E-BF75-11E6BE7E4B61}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{73E2A1B9-66A9-40D1-85F9-FE8CC7429985}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{747FF1B6-280A-447E-B41E-75A783CCFB81}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{992CABD0-3394-4A16-8F55-7CCC795A43EF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9D5C915C-34ED-4C87-A4DE-64B8D4EB4B1C}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{A7D5ADC4-53AA-49C1-AD40-AF28F18EAACC}C:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{B4284386-1581-40BF-B464-37C8F46A712E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{D53C273C-FE8E-4383-9420-E5087879DDE2}C:\program files (x86)\steam\steamapps\common\krater demo\krater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater demo\krater.exe | 
"UDP Query User{ECB8C36A-B2BA-4648-9ECD-44F9CFFE6B84}C:\program files (x86)\swipl\bin\swipl-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swipl\bin\swipl-win.exe | 
"UDP Query User{FB727FC6-B65F-4E52-BBF3-38C2423303FF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"GIMP-2_is1" = GIMP 2.8.4
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SWI-Prolog" = SWI-Prolog (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C1130F5-F955-4319-BFF6-AFE4A42BC3A8}_is1" = MaxiDisk
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"foobar2000" = foobar2000 v1.2.2
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Steam App 105600" = Terraria
"Steam App 111600" = Serious Sam Double D
"Steam App 12900" = Audiosurf
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 17080" = Tribes: Ascend
"Steam App 17410" = Mirror's Edge
"Steam App 19980" = Prince of Persia
"Steam App 201210" = PoxNora
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202170" = Sleeping Dogs™
"Steam App 203140" = Hitman: Absolution
"Steam App 204260" = Trine 2 Demo
"Steam App 204340" = Serious Sam 2
"Steam App 204360" = Castle Crashers
"Steam App 206500" = AirMech
"Steam App 207230" = Archeblade
"Steam App 209870" = Blacklight: Retribution
"Steam App 211180" = Unmechanical
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214560" = Mark of the Ninja
"Steam App 218110" = Din's Curse Demo
"Steam App 219340" = The Banner Saga: Factions
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 221790" = Renaissance Heroes
"Steam App 224500" = Gnomoria
"Steam App 224640" = Krater Demo
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 35720" = Trine 2
"Steam App 400" = Portal
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 65800" = Dungeon Defenders
"Steam App 8980" = Borderlands
"Steam App 99870" = Bulletstorm Demo
"SWI-Prolog" = SWI-Prolog (remove only)
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2974008515-1301726394-3259296961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 18:53:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1c70    Startzeit: 01ce502ca4a7697e    Endzeit: 67    Anwendungspfad:
 C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
 of Legends.exe    Berichts-ID: e3cf8ced-bc1f-11e2-be79-1c6f6581e666    Vollständiger Name
 des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
   
 
Error - 17.05.2013 08:30:19 | Computer Name = *** | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d)
 festgestellt.
 
Error - 17.05.2013 15:21:36 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 17.05.2013 16:34:22 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 21.05.2013 17:31:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 600    Startzeit: 
01ce5669ffb1aa9b    Endzeit: 4294967295    Anwendungspfad: C:\Users\***\Downloads\OTL.exe

Berichts-ID:
 c59028c5-c25d-11e2-be7d-1c6f6581e666    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 21.05.2013 18:53:15 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.2.9498.500,
 Zeitstempel: 0x4bf4c207  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108b02  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00010137  ID des fehlerhaften
 Prozesses: 0xf88  Startzeit der fehlerhaften Anwendung: 0x01ce5675ed28b825  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll  Berichtskennung: 384e8ce3-c269-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 10:40:46 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x1390  Startzeit der fehlerhaften Anwendung: 0x01ce56fa1858851d  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 964f5746-c2ed-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 10:57:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x570  Startzeit der fehlerhaften Anwendung: 0x01ce56fc88879560  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ef66194e-c2ef-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 12:56:01 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x850  Startzeit der fehlerhaften Anwendung: 0x01ce570d067696bb  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7b237f4e-c300-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 22.05.2013 13:44:33 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051f81  ID des fehlerhaften
 Prozesses: 0x7e4  Startzeit der fehlerhaften Anwendung: 0x01ce5713d9133bcf  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 42d8f305-c307-11e2-be7d-1c6f6581e666
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 19.05.2013 18:19:36 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 20.05.2013 00:31:26 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:36:32 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 16:37:53 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit dem folgenden
 dienstspezifischen Fehler beendet:   %%0
 
Error - 21.05.2013 16:58:17 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 21.05.2013 17:30:38 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.05.2013 10:13:42 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 23.05.2013 10:15:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >

war für einen Post zulange, sorry

cosinus · 23.05.2013, 15:51

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ethanil · 24.05.2013, 10:07

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.23.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
*** :: *** [Administrator]

23.05.2013 21:20:36
mbam-log-2013-05-23 (21-20-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 573343
Laufzeit: 1 Stunde(n), 13 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=498617c33a9f4d48a74e7244dfc41edc
# engine=13897
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-23 07:09:00
# local_time=2013-05-23 09:09:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 91 6513395 146046012 0 0
# compatibility_mode=5893 16776574 100 94 5531518 28842251 0 0
# scanned=371727
# found=3
# cleaned=0
# scan_time=14785
sh=0993D0921154BD9D6E317CFBE707F3656C19CFF8 ft=0 fh=0000000000000000 vn="Win32/PSW.Agent.NUY trojan" ac=I fn="C:\Users\***\Downloads\v-pack (1).zip"
sh=0993D0921154BD9D6E317CFBE707F3656C19CFF8 ft=0 fh=0000000000000000 vn="Win32/PSW.Agent.NUY trojan" ac=I fn="C:\Users\***\Downloads\v-pack.zip"
sh=DFDCEFD024264F338631F166CF13E8294FFFF407 ft=1 fh=ed105e8bef72fddf vn="Win32/PSW.Agent.NUY trojan" ac=I fn="C:\Users\***\Downloads\v-pack (1)\GMZ.dll"

mhm das v-pack(Volutua-Pack) ist ein gemoddetes minecraft von einer vertrauenswürdigen Quelle...

cosinus · 24.05.2013, 10:35

Sieht dann soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail

Plagegeister aller Art und deren Bekämpfung: Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail