Kein Browser auser IE Funktionieren So wie manche spiele

Takie · 23.06.2013, 11:05

Hey, Seit gestern Funktionieret nurnoch IE, Mozilla, Chrome und Opera stürzen ab.
Viele spiele kann ich auch nicht mehr spielen da sie sich einfach nicht starten lassen oder einfach abstürzen.
Ich habe Windows 7 benutze Antivira.
Ich habe mich ein etwas erkundigt und habe dann von HijackThis gelesen.
Das Programm sichert LogFiles. (glaube ich

)

Das ist der LogFile:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:17, on 23.06.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Marko\Desktop\Hijackt\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=56B700FF2044F2FF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S3B6A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: watchmi tray.lnk = ?
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\Windows\CBTWlanSrv.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: watchmi service (watchmi) - Unknown owner - C:\Program Files (x86)\watchmi\TvdService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14992 bytes

--- --- ---

M-K-D-B · 23.06.2013, 12:51

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

M-K-D-B · 23.06.2013, 12:51

Servus,

HijackThis ist nicht mehr zeitgemäß. Lass mal diese Tools hier laufen:

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER.

Takie · 23.06.2013, 14:16

Tut mir leid das es solange gedauert hat.

Code:

ATTFilter

OTL logfile created on: 23.06.2013 14:11:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marko\Desktop\Hijackt
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,49 Gb Available Physical Memory | 68,82% Memory free
15,96 Gb Paging File | 13,28 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 839,67 Gb Free Space | 62,32% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,72 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARKO-PC | User Name: Marko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.23 14:08:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marko\Desktop\Hijackt\OTL.exe
PRC - [2013.06.07 00:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.06 14:01:51 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.05.06 14:01:50 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013.05.06 14:01:49 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.29 14:44:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 14:44:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.24 12:25:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.03.24 10:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.03.06 14:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.05 17:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.08.24 13:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.10.19 17:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 09:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2007.07.25 11:56:12 | 000,106,496 | ---- | M] () -- C:\Windows\CBTWlanSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.07 00:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.06.07 00:06:24 | 000,109,992 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\audio.dll
MOD - [2013.05.16 08:41:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 08:41:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 08:41:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.07 03:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.18 17:33:54 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi
MOD - [2013.01.10 19:53:31 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll
MOD - [2013.01.10 19:53:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll
MOD - [2013.01.10 16:48:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 16:47:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 16:47:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 16:46:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 16:46:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.09.08 01:37:02 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi
MOD - [2011.03.11 11:19:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.06.12 21:07:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.06 14:01:51 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.29 14:44:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 14:44:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.24 12:25:24 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.03.24 11:09:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.03.24 11:08:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.06 14:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.10.05 17:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.09.18 14:04:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.24 13:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.06.25 19:09:00 | 004,705,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.10.19 17:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.25 11:56:12 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Windows\CBTWlanSrv.exe -- (CBTWlanSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.22 20:17:05 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013.03.29 14:44:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 14:44:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 14:44:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.23 11:52:23 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.09.28 04:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.02 19:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 19:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.06.01 10:13:13 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.16 22:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 15:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.09.19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008.07.29 05:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.11.28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=56B700FF2044F2FF
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes,DefaultScope = {DA68D3BD-B524-424D-9A23-FFFDD8DC8842}
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_&babsrc=SP_ss&mntrId=56B700FF2044F2FF
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{1F473F98-4890-419C-8C98-3A32B4CD386F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b6b5827d-388b-4645-9308-4ab47f0d3fc1&apn_sauid=E3289B01-21E0-4E7C-B543-C72DEBD85422
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{A78F32FC-0023-488E-A586-07CFBC123192}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\SearchScopes\{DA68D3BD-B524-424D-9A23-FFFDD8DC8842}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE501
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.10
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.16.2.509
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6.6
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.25 08:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 14:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.19 21:06:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 14:04:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.19 21:06:54 | 000,000,000 | ---D | M]
 
[2012.08.29 14:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\Extensions
[2013.06.22 13:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions
[2013.06.22 13:17:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2013.06.22 13:17:33 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2013.05.08 19:55:59 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\extensions\hdvc@hdvc.com.xpi
[2013.06.22 13:17:29 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 19:56:30 | 000,006,505 | ---- | M] () -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\searchplugins\babylon.xml
[2013.05.08 19:56:36 | 000,001,294 | ---- | M] () -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\searchplugins\delta.xml
[2012.11.28 14:52:54 | 000,002,455 | ---- | M] () -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\searchplugins\Web Search.xml
[2012.10.23 17:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.07 17:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.23 17:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.25 08:26:33 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.09.18 14:04:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Avira Toolbar = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.33344_0\
CHR - Extension: Google Docs = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: PriceGong = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.9_0\
CHR - Extension: YouTube = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DealPly = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
CHR - Extension: Youtube 2 Mp3 = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfdifeicmijiobaflmbcnohpplhiipka\1.0.0_0\
CHR - Extension: AdBlock = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0\
CHR - Extension: Wajam = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: PricePeep = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.293.0_0\
CHR - Extension: Google Mail = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [Akamai NetSession Interface] C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S3B6A.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [Facebook Update] C:\Users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1181839449-1317564519-1710926459-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50870A-9972-43FF-AD84-138395024614}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2044F2FF-EF66-4278-80B8-BFDB000B314F}: DhcpNameServer = 10.129.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.19 15:50:13 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1b8595ab-c2d8-11e2-a6cf-8c89a55c6c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{1b8595ab-c2d8-11e2-a6cf-8c89a55c6c5c}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.10.19 15:50:13 | 000,568,254 | R--- | M] (Trendy Entertainment                                        )
O33 - MountPoints2\{4093be31-d58f-11e2-adee-8c89a55c6c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{4093be31-d58f-11e2-adee-8c89a55c6c5c}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{629cab29-bace-11e2-9ba9-8c89a55c6c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{629cab29-bace-11e2-9ba9-8c89a55c6c5c}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{8e0681ce-f159-11e1-8f11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e0681ce-f159-11e1-8f11-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.10.19 15:50:13 | 000,568,254 | R--- | M] (Trendy Entertainment                                        )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CE7F268A-5DCF-2F77-2F2E-5F82941426D6} - Java (Sun)
ActiveX: {DDBED698-BD12-5E78-E874-2E0D23185894} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.23 11:44:18 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Hijackt
[2013.06.23 11:32:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 11:32:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 11:32:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.23 11:32:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Opera
[2013.06.22 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Local\Opera
[2013.06.22 12:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.06.17 18:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.17 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\teamspeak3-server_win32
[2013.06.17 18:22:33 | 032,698,840 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Marko\Desktop\TeamSpeak3-Client-win32-3.0.10.1.exe
[2013.06.16 13:26:23 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Minecraft Version Changer
[2013.06.16 13:26:21 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Local\Craften_Dev_Team
[2013.06.16 13:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013.06.16 13:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[2013.06.16 03:01:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 03:01:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.16 00:50:36 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Bukkit
[2013.06.15 19:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013.06.15 19:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013.06.15 18:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.06.12 22:48:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 22:48:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 22:48:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 22:48:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 22:48:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 22:48:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 22:48:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 22:48:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 22:48:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 22:48:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 22:48:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 22:48:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 22:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\TeamViewer
[2013.06.12 15:25:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 15:25:00 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 15:24:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 15:24:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 15:24:49 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 15:24:47 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 15:24:47 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 15:24:46 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 15:24:46 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 15:24:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 15:24:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 15:24:40 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 15:24:40 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.08 17:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013.06.08 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013.06.08 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Downloaded Installations
[2013.06.07 21:26:53 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft FTB
[2013.06.07 21:25:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Feed The Beast
[2013.06.07 21:13:15 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Vanila
[2013.06.07 13:37:25 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Tekkit
[2013.06.07 13:33:17 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\.technic
[2013.05.29 22:45:28 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.29 22:45:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.29 22:45:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.29 22:45:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.29 22:45:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.29 22:45:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.29 22:45:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.29 22:45:28 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.29 22:45:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.29 22:45:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.29 22:45:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.29 22:45:27 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.29 22:45:27 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.29 22:45:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.29 22:45:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.29 22:45:27 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.29 22:45:27 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.29 22:45:27 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.29 22:45:27 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.29 22:45:27 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.29 22:45:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.29 22:45:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.29 22:45:27 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.29 22:45:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.29 22:45:27 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.29 22:45:27 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.29 22:45:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.29 22:45:27 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.29 22:45:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.29 22:45:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.29 22:45:27 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.29 22:45:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.29 22:45:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.29 22:45:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.29 22:45:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.29 22:45:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.29 22:45:27 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.29 22:45:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.29 22:45:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.29 22:45:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.29 22:45:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.29 22:45:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.29 22:45:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.29 22:45:27 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.29 22:45:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.29 22:45:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.29 22:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.25 11:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.25 11:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.02.17 03:05:33 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2013.02.17 03:05:33 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.23 14:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.23 13:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
[2013.06.23 13:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.23 12:48:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
[2013.06.23 11:32:07 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 11:32:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 11:32:07 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.23 11:32:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.06.23 11:32:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.23 11:32:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.23 11:29:27 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 11:29:27 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 11:20:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.23 11:20:54 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.23 11:20:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.23 11:20:34 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 19:54:26 | 000,000,000 | ---- | M] () -- C:\END
[2013.06.22 18:48:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
[2013.06.22 12:06:32 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.22 11:59:30 | 000,058,815 | ---- | M] () -- C:\Users\Marko\Desktop\NICHT LÖSCHEN.rar
[2013.06.22 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
[2013.06.21 20:28:52 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.18 15:35:47 | 000,160,035 | ---- | M] () -- C:\Users\Marko\Documents\ts3_clientui-win64-1365064384-2013-06-18 15_35_46.313283.dmp
[2013.06.17 18:21:03 | 032,698,840 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Marko\Desktop\TeamSpeak3-Client-win32-3.0.10.1.exe
[2013.06.16 19:25:27 | 003,193,659 | ---- | M] () -- C:\Users\Marko\Desktop\BaffDischMix2 (1).mp3
[2013.06.16 13:25:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.06.16 00:48:32 | 025,083,402 | ---- | M] () -- C:\Users\Marko\Desktop\Minecraft Bukkit Server 1.5.2.rar
[2013.06.16 00:16:35 | 091,714,351 | ---- | M] () -- C:\Users\Marko\Desktop\Minecraft Bukkit 1.5.1 I 1.5.2.rar
[2013.06.15 18:58:41 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.15 09:43:44 | 000,317,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.14 11:48:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.14 11:48:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.14 11:47:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.12 21:07:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 21:07:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:35 | 001,651,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 21:51:35 | 000,710,344 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 21:51:35 | 000,663,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 21:51:35 | 000,154,522 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 21:51:35 | 000,126,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.08 17:13:15 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.07 13:37:36 | 000,000,632 | ---- | M] () -- C:\Users\Marko\Desktop\Tekkit_Server_v1.0.6.zip.lnk
[2013.05.29 22:45:28 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.29 22:45:28 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.29 22:45:28 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.29 22:45:28 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.29 22:45:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.29 22:45:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.29 22:45:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.29 22:45:28 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.29 22:45:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.29 22:45:28 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.29 22:45:28 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.29 22:45:27 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.29 22:45:27 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.29 22:45:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.29 22:45:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.29 22:45:27 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.29 22:45:27 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.29 22:45:27 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.29 22:45:27 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.29 22:45:27 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.29 22:45:27 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.29 22:45:27 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.29 22:45:27 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.29 22:45:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.29 22:45:27 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.29 22:45:27 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.29 22:45:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.29 22:45:27 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.29 22:45:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.29 22:45:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.29 22:45:27 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.29 22:45:27 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.29 22:45:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.29 22:45:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.29 22:45:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.29 22:45:27 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.29 22:45:27 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.29 22:45:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.29 22:45:27 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.29 22:45:27 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.29 22:45:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.29 22:45:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.29 22:45:27 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.29 22:45:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 22:45:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.29 22:45:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.29 22:45:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.29 22:45:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.29 22:45:27 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.22 12:06:32 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.22 12:06:32 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.22 11:59:30 | 000,058,815 | ---- | C] () -- C:\Users\Marko\Desktop\NICHT LÖSCHEN.rar
[2013.06.18 15:35:46 | 000,160,035 | ---- | C] () -- C:\Users\Marko\Documents\ts3_clientui-win64-1365064384-2013-06-18 15_35_46.313283.dmp
[2013.06.16 19:28:59 | 003,193,659 | ---- | C] () -- C:\Users\Marko\Desktop\BaffDischMix2 (1).mp3
[2013.06.16 13:25:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.06.16 00:47:51 | 025,083,402 | ---- | C] () -- C:\Users\Marko\Desktop\Minecraft Bukkit Server 1.5.2.rar
[2013.06.16 00:16:11 | 091,714,351 | ---- | C] () -- C:\Users\Marko\Desktop\Minecraft Bukkit 1.5.1 I 1.5.2.rar
[2013.06.15 18:58:41 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.08 17:13:15 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.06.07 13:36:24 | 000,000,632 | ---- | C] () -- C:\Users\Marko\Desktop\Tekkit_Server_v1.0.6.zip.lnk
[2013.05.29 22:45:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 22:45:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.22 16:52:55 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.20 18:12:30 | 000,106,496 | ---- | C] () -- C:\Windows\CBTWlanSrv.exe
[2013.02.09 01:08:42 | 000,006,288 | ---- | C] () -- C:\Users\Marko\AppData\Local\recently-used.xbel
[2012.12.15 01:11:02 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.11.18 11:15:34 | 000,000,019 | ---- | C] () -- C:\Windows\TKKG_9.INI
[2012.11.17 10:50:56 | 000,000,065 | ---- | C] () -- C:\Windows\Maus2.INI
[2012.11.03 23:15:51 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.11.03 23:15:51 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.11.03 23:15:51 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2012.11.03 23:15:51 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2012.10.28 10:08:37 | 000,000,093 | ---- | C] () -- C:\Users\Marko\AppData\Local\fusioncache.dat
[2012.10.04 00:48:05 | 000,102,078 | ---- | C] () -- C:\Users\Marko\cc_20121004_004740.reg
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 04:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.09.17 15:00:12 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.17 15:00:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.16 08:58:07 | 000,000,888 | ---- | C] () -- C:\Windows\disney.ini
[2012.09.16 08:56:17 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini
[2012.09.01 12:38:34 | 001,624,348 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Takie · 23.06.2013, 14:18

Code:

ATTFilter

OTL Extras logfile created on: 23.06.2013 14:11:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marko\Desktop\Hijackt
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,49 Gb Available Physical Memory | 68,82% Memory free
15,96 Gb Paging File | 13,28 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 839,67 Gb Free Space | 62,32% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,72 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARKO-PC | User Name: Marko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149137C8-AF10-439C-9915-5F3CC9A27FC0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D23994E-2612-48A8-9C8F-79881C8F4A1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{364756D3-82F3-48A0-97DC-43F9AE260343}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43B9753D-B7B6-451E-8349-8A33329F04A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FE6C525-8DCB-4767-BA0F-BF7D24FA6563}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{59E6703C-2C20-498C-A580-0DAAF897202B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BC37F4F-21A9-49FB-82CF-3C1F2F8D9038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{69CB7462-8746-45F5-A7FC-F421C8260AA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{737D7272-050D-4604-B127-B93472F3EF67}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7711390F-C2D3-4484-B313-8B854546FB67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{77BE827B-68EE-42B4-B924-1770B01EB53B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82770B05-846D-4017-863C-C7C18C367D01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E4DCDA1-15CF-416B-812B-4A54FBA2BFFB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{95CEFD6D-BB67-4426-94E9-11D6F2A9D0BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9884877E-4D67-4A76-B545-6427653E73E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3533208-DA7E-4362-AAB2-BD564240532D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AB0B0BE6-6E2B-4E1A-92F5-EE469D6D9B99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ABF5D592-EA0A-4F6E-944A-72CEB84021E6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC7B2D57-B398-4529-9A7F-17FF638646CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ADF666C3-00B7-402D-94E1-788D44CBE914}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B3C01EB0-41B8-4D3F-B607-433CFF58BE5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B46A5AA7-C721-4DF0-A137-CDD49B53B384}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C394BA47-C366-4D9D-9946-A087BE162473}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003549FF-87E9-4446-A0A9-EA168DB7B229}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{041EB5DA-8B57-4904-AFB0-5B67818FB1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{059EF4D3-E4A2-4861-8102-BAB7928765F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{05B069A7-F443-45D2-9316-C1ED1BD27352}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0981B476-8540-4E07-B0DC-77B9574C1411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0A5984C2-C2D3-4E7E-8133-FB849394784B}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{0B8D2785-78A6-4282-8EE8-3F7B68C0AE58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{116468F9-237F-4F98-829A-B135D602C4ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11BACEF0-6238-4942-9C10-045624255C29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{120DC8D7-50B7-4724-8BBD-1498076E6832}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{136229FA-A714-4F0F-A538-90200F654E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{1836E2FF-DE25-4668-AF1F-1748E130CF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1A236976-DA98-42AB-99EA-6B36D61B3351}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1B03D589-69C3-40D6-B347-D27BBDA0FCFA}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{1C2C79BA-C253-4A8B-A516-267D7166F67E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{1CA76231-9A08-4E30-A70A-A93841D967CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{1D21FD43-CA2C-4D1E-8A41-7967A2F2FD02}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{20079E73-05C1-4091-9BFA-8823D5DD518B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{21D51E16-2F3F-46F7-9116-59C2E6AF0B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{2853FC5E-3721-43C3-8C0B-B4D365D1FFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{28C1E3B4-2B1F-4872-B9F2-B44D7293D735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{291D5CCD-E17D-4C15-A670-4C5EDA4446E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{29ACDBEB-F1CF-4151-A4AA-13048A02740A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{2B78CE8F-C3F2-4A27-BCE4-0A837718D8D2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2BDBAB93-22A1-44CF-90EB-72FCAD9B22A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2C6B8EA0-0A02-4C5D-AB84-30B189DB06CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C93B8EC-E1C7-41CF-BE6E-871852E6C8A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2EDE2BAB-F5DB-4C86-B69E-BED68C580770}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{357E500F-51D9-49F9-A4AE-E686AEAF5FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{371397C4-5857-40A6-8CC9-6B958AB858CE}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{375AA0F3-7328-48DB-BF45-8CCB147DAAFC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39ED8DC6-7818-4464-9DE1-ADDD720DE54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3C0B0906-600B-470B-862E-FCBE08561CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{3C62E7B5-292D-4D8D-B641-BC98E726BB69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{42435051-9A2F-48B2-8EB6-0B7C436AAF5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42EF549E-DBCB-4A78-8D29-653F8BFC48D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{445A1772-A46D-4232-88BD-7F0A5AD40978}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{44FEB743-3885-4358-B5B5-8852C79657C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{467AD206-4925-437E-B93F-402A45F5116F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{46DB38F8-4208-4CEF-AC37-C08CA733EBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4CB7A1F9-870D-4AFE-A822-243D12E29E57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D4D99EC-E581-4C78-9479-80C42766C7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{4D60768C-2D7F-4484-8DB4-7B2BAE32386B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4DAE9D2B-BDE9-420C-A760-A310F5BB657A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E07DE23-F845-4218-8F85-23D7FA37EADA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{50B1813B-5A52-4B27-80DA-32CACA0EC8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{52B1468C-94A0-4F9A-B606-07E578403A34}" = protocol=58 | dir=in | app=system | 
"{53144344-469B-47E0-BE1B-BC5F917B55D6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{54FF8BB8-1620-43F9-AB8C-B6C8F06EDB12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{581140AC-E4FF-4FD3-8061-10861BBBD10E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{582BF172-1042-42B0-AA55-A73D409C4F35}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{58FB66B4-4B69-4B0E-8D47-A668EF428E9E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5924B558-A53C-4AB5-BE34-2280B08D75F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{592FDD8F-54FD-4D81-86D0-366BCB6D106A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5A5993C0-6889-4822-9F1D-0729DF7FB0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5B27B063-63B6-48C3-8904-3083EAA9D53D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{5BBEAF53-A461-43BC-85D2-4CEDFBCED156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{5CB3DFA7-AF30-40AF-AB99-CBA39DF82344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{5FB6BF60-BA58-4117-9A1C-1E3083976DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{61CAF8A3-BDA0-44D3-8E38-A4FB33E2AAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{65F926BE-0085-47D3-9554-61AA8AD094B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{66088498-E184-44E4-BAF3-C4F0F26266EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{66183BBF-63CC-494C-8CAE-C75FA8E7EB71}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{66E01231-A3E5-4750-B431-62E0D36FE69E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{67CAEF8A-34EE-42A6-82C4-81445F415515}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{69205C79-2F06-42CE-998A-A03825BF52BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{6A92E203-8A0A-40F2-966E-2E0BEA25C6CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B6323D8-9D6E-467E-B99B-0A329C4478D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{6BFB8B06-57E9-4322-8FCD-2DB22EB0DCB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{6C801ED5-CC14-4E62-8ADB-990E63B316A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{6CB7D893-96BF-46A3-B87B-18F6117A7E10}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{6D8A6D87-9B13-4640-BB1A-500DC476A048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{6DA3A700-282B-45E7-A46C-0AB13A00012C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{70663C19-9599-4C92-8CE2-F0AA09D7098A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{70799A3D-6F31-41CD-9791-7F8EACE4FE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{70D0B30E-A8D8-4AD1-8759-C13BF2CFAAFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{70FA73B4-4FE9-438C-B6BD-890DD4AC68D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{752C6329-7B6B-452F-A9A7-37CE6AED323B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{764D96C6-4639-4B5F-9F14-21FC1E73A273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{779AEA95-D630-41C0-916A-8F07DE26DAFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{77EECFA9-1FEB-427E-9AFC-FD8485BC3B82}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{7A648CBF-5548-403E-B14A-12633860AC90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{7B523648-678F-430E-817D-8D448175BCDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{7E9A2BE1-CBFE-4C12-98C1-1EF8F11888BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{7F0E899C-6A31-47AD-A7C4-91F8A91CCDF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{7FDD8C5A-EFF1-41D7-8D48-0281A0BAE4B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{7FE78DCE-C2C3-45BC-B851-60E4BF0C7741}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{81822F97-9681-417A-9E5C-A1E4D5D14DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{823EE8B5-0575-494F-9101-0104F3C087A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{825F1852-F77C-4CFA-BC3B-2F9B7104D881}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{865EE65E-C572-45A5-BD86-399C10694E97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{8890D599-DDA3-4EF7-8C7F-C495B10F501D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{8924C71C-FC04-4D74-9FC7-DBF44E7173AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B0BAA0F-1E84-4135-A4CB-68F8F6F55387}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8CCB0186-9DE2-4F67-BA1A-C3F2F7C7E77F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{8DE6EEF5-A666-4F82-AAFC-1AC7BEAF27FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8E266BAB-6265-4A47-A781-F97C684C5189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{8FF788F7-F7C0-469E-8415-FBCC90182320}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{911BECC1-875F-4019-874E-6C9FF9BD5063}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9276AAA8-B0B8-4236-AE17-DA64ED2D23EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{9389BC4F-0859-4EB9-8327-AF94243B3A9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{93AAE303-4A59-4D9D-BA3B-53C8BFE88F62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{953042BC-0F11-4D08-AF8A-B15023B72155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{96967CEF-9219-4A2A-8AAA-66D614D5ECC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{96B3E40D-297F-4E6E-AA9B-2929D4D12AB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{97353F4D-5588-4104-8E83-64F5125C8C09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98D30FB2-FE52-4BBF-817B-CC95C7D85F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{9E8330C7-FCAC-4D06-9282-906F7AA7D70E}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{A3C51150-33DA-4D4C-8A2B-754803158A9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{A4322B46-116F-40FB-97A4-36B0446F768E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A4AE5956-E974-42A2-9367-D3929EFCD912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{A5FABDB2-1C3E-4ACD-B54F-95D6A9778B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A6200002-2FE8-48EB-8006-F4B4C1914552}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A701038F-329E-4F57-A57E-F1826DAAC679}" = dir=in | app=c:\users\marko\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A9204272-E12E-4551-80B8-F42DE8EAEA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA54BD56-7388-4CF3-BFDB-5E861F55E944}" = protocol=6 | dir=out | app=system | 
"{AB19ED41-2355-4E5C-8672-4C3925AEEFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AB2ED931-1EC1-4DD6-97A7-EB802A44AF4B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{AD4E1789-37A7-4B00-8B2F-FE33CF64309A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF757A34-40DC-46E0-B029-DE2896122EF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B0D83AAD-8E20-4D36-B78B-7323573A5A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B26A9F31-699E-4A2E-9C5C-E52D7C1AF789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B6D96897-B7D1-4516-9E20-96315E12BA3E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{B6DF730A-7FCF-4C8F-89E9-79C831CE7F84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B70E3034-B536-4964-A7F4-F2BE3A6C95EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B776734A-8CDA-4CE3-A77D-74355EF80BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{BA8992D7-FBB2-4AED-B496-C886866A8291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BBD88E41-F3E5-447A-BC23-E48DC43A59C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{BCAD2D3B-0226-4768-8C42-3D243FD04AD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF2613B2-B00B-4083-A086-53A7ED71BA59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{C25B7712-5AC0-4E65-9DA1-C97AD25EEC2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3AB685A-79C3-47A0-97FE-449B37951DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{C4DF5A05-F887-496A-BF6C-DE35151012CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C63B850C-224E-48A0-AC41-5E7629518894}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C6BE8C78-7DFD-40D9-92F9-2A3974F6C2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{C6DEF6D4-BB1B-4BDF-8251-648CA4EF43E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C75C36FC-7716-47AA-BCC0-0A8E42BB32DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{CC464837-B757-4A7B-8EE4-4FBFB01B40BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{CD3BDA49-7996-4D90-A68B-0340D68E0CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{CF75C160-1084-45D4-94E0-C6527BEE7C5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{D3A30592-D12C-419C-850D-BF4C11F1462C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D42A9E36-CA68-4AB9-971B-E9A7DAE2268C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D58FD79F-293A-4ED7-8CED-F3FFF96ABE50}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D60830AE-FC2D-4645-9F7E-C62C9A5752C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{D76874DD-15E2-4B13-A32B-6395D4229AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{D80B4305-DE37-4E96-B578-1514C1569A04}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D8181EB2-2E73-4DF7-BCA0-189181C61C30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D89109FF-36CE-4BE7-AC94-5148DA9BE4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D8D2703D-D84B-4D2B-B384-3E42DD20E5AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8F841DF-5020-4548-B8AC-04287496F952}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{D9E782D5-58D8-4B9B-AC9C-9B826FD8C7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{DAA81AA2-18C6-4A3A-9D6D-92FB1A5BE9AA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DBFB8A70-56F9-4656-820B-173552482E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{DE74A38C-5CAB-467B-9E5C-95C36CF2853A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DEF8D179-7B2C-4809-ACE1-2317B798673F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DFD775F9-C794-4866-BFFA-EE98D9ED74DF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{E1506FBC-E84F-4C26-A902-BA1A6E5E5B53}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E41AA77B-2359-4D4A-AC0E-F4D91E645E33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E517517F-1193-4E56-8AFA-52F9A9507154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{E5AA8C7A-81A2-4FDF-8926-48089AB081D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E63F8292-987B-485E-9F20-DA775436C181}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{E82571FF-4E7C-47F9-A117-25E4FBE07CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E894C679-29CC-4433-861C-6602EA3C01C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{E8BAE786-0A41-4C60-8B7D-CCA2C3C056AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E9A1F5AD-B2F6-43A5-95C5-4A30997054C5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{EC5FB37B-444D-4291-A50E-0DBAF44D9111}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{ED8846D3-6752-4A36-8EE6-DC313773C3CA}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{EE8BFBB4-3D1B-4E5B-B2DB-2000A1BA881E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EF39D637-3341-4A6E-BAB0-9983029DAD2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{F115C2E8-C884-439E-8BE6-FEFDF5A86D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F1F704B3-6072-4F2E-BEC5-50DA13DBAD45}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F5D75967-AB3A-434E-BE33-81ECE863F41E}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{F6A3C1DC-B771-4CAF-8358-2BAC6014E08C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F7265B85-AC49-40C9-8C77-B7B93D76D263}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F73BD200-5C2E-475B-9590-293B36F8A108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F76C6790-D37D-4A10-AFD8-A9E2925D01E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C4FA83-9F7F-474E-B7E7-F3B5869B450C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F86B6E4B-D49F-4F31-8215-0FB7CC08AFAC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F9160404-E7B0-41AD-AC71-C5E5B987B43C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F95F440F-1DF8-4CA6-95E9-15F2B8392671}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{FAFB884F-87BA-421F-8A16-159CF3772C84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBF9B0C5-DE2A-4058-ABEC-9ADBC6275148}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FC766F59-D4B0-494F-BB2B-2D1A9F62B34B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{FF536D5A-B453-46C3-BD32-B298DB02E4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{FFA3B91D-B7A4-4696-9A8A-521AF622DE92}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"TCP Query User{02F67F50-6A53-41F7-9C4B-21A8F0AD68BA}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{03501292-E7A7-4635-AD70-D80E11302E56}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{0485AD80-5357-4458-A9C4-4AFF74472B84}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{07A6DC29-BF87-44CD-8CDA-AA0EB5628631}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{08175A44-812F-41A5-9676-E8DE0CE5D7F8}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{082AB431-0750-4B40-9176-9C1051BD9BEF}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{12FBE273-D1DA-4E99-A62D-8728EC7BBF72}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"TCP Query User{15288C6F-96F8-4CC3-AD5C-BC7F0923DAAD}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"TCP Query User{1E6F96B6-3EC9-4B60-AEC5-6416F9609A10}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{22D8BC2D-14B1-4F10-8424-53374490CF7F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{252CB076-F0D1-4061-A805-837D85661080}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{3D390E3C-B4FB-4EEE-8F86-04792C4EEDB1}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{40A266E7-E4E4-456D-B3B6-78000EC09F97}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{44DAE44C-6C8B-4A28-AB4A-65A5D3189A76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{455EF538-DDB3-4F53-AED9-A83332DD6545}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{49CBAFA6-E3C5-48CE-A556-59A230BF89D7}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{4CAE0980-3E7B-47F8-9AF8-BE603B06B22D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{4F63895E-E01C-4957-9F67-4AD6CF8B1DB8}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"TCP Query User{5338628A-1122-4567-B906-20B1BF0BD040}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{5798F953-8CF4-4E21-924D-0C677B5540E4}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{627C9E97-BBE7-49A6-8C82-0FF3DE026063}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{65DB257A-CA6E-413E-85DB-5553B32E281A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{66AED3F4-CAD8-4553-8C51-637E7695D5A9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{66B19EA2-35B1-4B37-8ED2-D07C29922E67}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{6B2ADF29-399D-4D9B-A36E-CA7866E8FD7F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6E1AEDF4-E998-4DE2-B0FF-67E008D0EA1D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{72D90E31-FB12-4C61-9163-CC27D5C4A566}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{7B49A587-A3D5-4984-9913-90343951B6DA}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{7DE238F2-70BB-4FD6-897C-B5B4E7F5B097}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7DF41239-A6AA-43E3-BA08-9068CBAD10D3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{83E3EF04-1F39-4778-843B-E1D144CB63C7}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"TCP Query User{85F79D83-42B0-4E5C-8BE6-571BF79D51E2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{91DF0321-2E6E-496D-958B-97D0B897D492}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{997F333C-25D4-4797-8A5E-D98C4CC309BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{9AF83CA1-BC9F-4BA5-BB04-177737628E21}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{9B5F2425-8480-48CC-A627-29F1CA4F41F2}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"TCP Query User{9BD37A06-431D-4AD2-951B-286E6B67B8BB}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{9EF3C44D-3C16-40A3-8381-8CB0E2D1DC91}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{A5BB9664-3F16-4B6F-AE38-FB3D58CD53FB}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{AA6C78EC-6146-41A8-902B-F8122B6BA29E}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{AAC6375B-6702-4D46-A8BD-91F8919C4F4B}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{AF24B2B1-586E-451D-A375-43F1B470011F}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{AFA8E65D-67E9-40A4-ABE4-49BACFF176C9}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{B70B472E-CCDD-4FDC-B506-7D5676A0C400}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{BE68F03F-3DDE-495F-B921-6AC72B3585B5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C29FA49A-93BB-44A5-851F-343DF858CA92}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{C813D873-C98E-43BA-A379-69847FB203DA}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"TCP Query User{CAA79CE7-53BC-4054-A6F0-305E7790F64C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{CACB6963-E779-46E6-A1E1-DB1CDD689A98}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{CE0DF9D8-1268-4993-8958-82490CC3307A}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{D12E066F-19C3-488B-80DB-92B2FF1F374C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E1332F19-68AE-479B-81C0-4B9594EC21A7}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"TCP Query User{E2708DCE-FE05-4B98-A88F-E7DAF3541749}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{F0B1F2DC-877E-4E7C-9DD0-D80E29127CFA}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F1BC051F-010E-4571-9DF1-A2B5AD6BAC96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{FB692F3E-414E-47EB-9A46-B7BDE2E0EA4D}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{FEAEB5A5-2B2F-4236-AE14-D37680825D00}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{0212B309-D5AD-47DA-AAAB-B00E690B2ED2}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{11ADF928-84E8-41C6-9532-4C241E39F0DE}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{2182877C-CBD9-424F-A54D-95B2BFFBAD7C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{27072956-3F8E-4EF9-8998-75FAA72F246D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{2A5400BA-9C34-424E-803D-419358DD012D}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{2CEC33EB-FD26-4ACA-A2A3-6E8D6253663C}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"UDP Query User{39677F3E-0477-4D06-9CF0-E8C893E6F81A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{399EB417-A858-4EF9-92F2-805B8E31C600}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{3F1BC503-1861-4665-ACC7-33A6C1A49F83}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{4140172C-AB36-4CD9-9E64-082E8784E327}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{44417A03-BD49-4777-BFDC-AE305F337257}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{45A433A2-973E-4AC3-8975-35D73DE1EB9B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{4824BDDA-F380-4156-A0D4-75103BC3D62C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{482BA6BF-CEFF-4EBC-86F4-EF088BA4C728}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{54A6EE97-1489-4FAC-A162-302400AE884E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{5680AC6E-9408-489F-88B6-8FFBEB051970}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{5878E318-8E0B-4070-9779-D5CEFABC9C06}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5A03762D-3492-4760-ACE6-62AB9B4C6944}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{5B6A0121-7098-4B6D-A221-ABF925F479C6}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{62CDA703-143C-4A51-9E71-4F9B288303E8}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{63D60683-2485-4B7D-998F-FEECBDF3C35C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{63E64DB9-3808-4A6C-BD28-DFEE873391D5}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{6B365E2A-87AD-4D6E-A62B-46FA818E99DA}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{6B7160E4-AC90-464E-88D8-068C3A91EA36}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{6E94EC8D-9D24-4DE8-B221-F44315E65BAB}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{7C5B2894-A071-46F5-83A2-19C5C481EEB2}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{81C1CED2-A290-4489-9E64-8D2CD9ECB174}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{86DE1A94-F076-4561-976E-82B34E70BCC9}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{8CCFC2FE-4435-429E-ABC1-E6787573EF5B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8DC79EA6-FDEE-4FC4-9E7C-E142024939F2}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"UDP Query User{92D950AE-E8A3-4BD8-ACE4-B750ADFF8710}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{93956A8A-9C94-43C2-873B-812B2652C4C7}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{9CECAF94-8984-48F7-B3E5-8BB5F5E7AE77}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{A3DD4C99-6D34-4CEE-A361-83F81EA127C3}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"UDP Query User{A5B8417E-0E45-4D62-A809-36F7370B55C2}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"UDP Query User{AA833A98-F09D-455E-8337-01112B9282BA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AD0F7432-3766-4CD5-8C30-E5228C71AC04}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{AF146B8E-652B-4178-AD73-88AEA0CF74A1}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{B7C977DA-1F56-452B-9549-FAB9AE966C5B}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{C4C778FA-7364-45E3-BA5C-9260CB4D08D4}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{CA9BC5F5-E305-439C-968C-EA98CFAB2D43}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{CCCDA095-DEC8-4A2F-A999-7CD3D8AFFC37}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{CD24C728-8E99-445F-AFFB-E2FFDCD9C5FE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{CD5C6B3A-F714-49D8-B5A4-BAAC8AACE7A4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{D60BECBB-C5D1-49A6-BDD1-1649A72B7060}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"UDP Query User{D7ADAD5D-9D63-4378-8CF0-A7827FCC513F}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{D904BD3A-B990-43B9-A1B2-2863A725FB7B}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"UDP Query User{D9330897-A4E7-459D-863A-35F85F9FBDEE}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"UDP Query User{DAEF5EAA-9E5F-47BA-ABC1-1FB1A601A8B8}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{DB8B1416-DC07-49F3-823C-646F7617741D}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{DE790E46-555D-43A0-87B9-C9027557EDAE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{E4D5B158-93BA-46ED-A4A5-CE109B57331D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{EA1F6E8B-BDA4-43D6-8C72-2F734E738D9F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{EB190651-ADFC-44DB-9F93-1AAE9906A700}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{F0B5FC06-A735-43C1-88C3-314256E17533}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{F361E9B3-1CBD-4931-A7AB-7EECB0707544}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F51A2883-FE40-4225-8E71-36A92C01C83C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"AutoHotkey" = AutoHotkey 1.1.09.02
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.120.08260
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.28.8
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388A10A3-FE60-4946-99B8-99DF1B94870A}" = S4 League_EU
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1" = JC2-MP version 0.0.12
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EBA42C8-535E-4D45-AC68-D7F4557B7336}" = Gigaset USB Stick 54
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25E16F9-902D-4B08-B6AD-C28882C6EBFE}" = Garry's Mod Manager
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Alliance of Valiant Arms" = Alliance of Valiant Arms
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combat Arms EU" = Combat Arms EU
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Diablo III" = Diablo III
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Dungeon Defenders_is1" = Dungeon Defenders
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EdenEternal-DE" = EdenEternal-DE
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Garry's Mod Manager 8.30.0000" = Garry's Mod Manager
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Maus2" = Maus2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PriceGong" = PriceGong 2.6.9
"PricePeep" = PricePeep for Google Chrome
"ProjectTINT_S_x86" = TINT Standard BETA R6
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 200170" = Worms Revolution
"Steam App 200210" = Realm of the Mad God
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 209870" = Blacklight: Retribution
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 224540" = Ace of Spades
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 96300" = Ravaged
"SysInfo" = Creative Systeminformationen
"TeamViewer 7" = TeamViewer 7
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.3
"TKKG 9" = TKKG 9
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"Urban Terror_is1" = Urban Terror 4.1
"uTorrent" = µTorrent
"Wajam" = Wajam
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1181839449-1317564519-1710926459-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Akamai" = Akamai NetSession Interface
"DealPly" = DealPly
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"SOE-C:/Users/Marko/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2013 07:19:10 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15cc    Startzeit:
 01ce6f3a0a9ec69f    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 8dfb0ffa-db2d-11e2-959e-8c89a55c6c5c  
 
Error - 22.06.2013 07:20:38 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1a1c    Startzeit:
 01ce6f3a53147da6    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 c1c4cf2a-db2d-11e2-959e-8c89a55c6c5c  
 
Error - 22.06.2013 07:38:47 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 18ec    Startzeit:
 01ce6f3cff619577    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 4b52bd7d-db30-11e2-959e-8c89a55c6c5c  
 
Error - 22.06.2013 08:59:55 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17fc    Startzeit:
 01ce6f485806970d    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 a0f7def7-db3b-11e2-959e-8c89a55c6c5c  
 
Error - 22.06.2013 18:28:03 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Terraria.exe, Version 1.2.2.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1f78    Startzeit:
 01ce6f64665e6dc1    Endzeit: 17    Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

Berichts-ID:
 fdb1d0ab-db8a-11e2-959e-8c89a55c6c5c  
 
Error - 22.06.2013 18:28:04 | Computer Name = Marko-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 22.06.2013 18:28:04 | Computer Name = Marko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TerrariaServer.exe, Version: 1.0.4.0,
 Zeitstempel: 0x4f158688  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x057e60e8  ID des fehlerhaften
 Prozesses: 0x25f4  Startzeit der fehlerhaften Anwendung: 0x01ce6f646ec016fc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Terraria\TerrariaServer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 00b7c8ff-db8b-11e2-959e-8c89a55c6c5c
 
Error - 22.06.2013 21:20:02 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 31d4    Startzeit:
 01ce6fafbd7e294f    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 050471bf-dba3-11e2-959e-8c89a55c6c5c  
 
Error - 23.06.2013 05:22:25 | Computer Name = Marko-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.06.2013 05:25:09 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 167c    Startzeit:
 01ce6ff352638112    Endzeit: 1    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 ca5ca82a-dbe6-11e2-a537-8c89a55c6c5c  
 
[ System Events ]
Error - 23.01.2013 07:04:21 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 24.01.2013 01:12:36 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 watchmi service erreicht.
 
Error - 24.01.2013 01:12:36 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.01.2013 01:56:39 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:41 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:24 on 23/06/2013 (Marko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-23 14:52:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1500DL rev.CC4A 1397,27GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Marko\AppData\Local\Temp\uwdoypoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff800037a2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614                                                                                     fffff800037a2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075a51465 2 bytes [A5, 75]
.text     C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075a51465 2 bytes [A5, 75]
.text     C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075a51465 2 bytes [A5, 75]
.text     C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000074201a22 2 bytes [20, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000074201ad0 2 bytes [20, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000074201b08 2 bytes [20, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000074201bba 2 bytes [20, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000074201bda 2 bytes [20, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000075a51465 2 bytes [A5, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075a51465 2 bytes [A5, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075a51465 2 bytes [A5, 75]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000075a514bb 2 bytes [A5, 75]
.text     ...                                                                                                                                                    * 2

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

M-K-D-B · 23.06.2013, 19:41

Servus,

Schritt 1

Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- DVDVideoSoftTB Toolbar
- PriceGong
- PricePeep
- Wajam
- DealPly
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf ? > Optionen.
Setze einen Haken bei Disable Ask Detection und bestätige mit Ok.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt. (x = fortlaufende Nummer)

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von ComboFix.

Takie · 23.06.2013, 20:13

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 23/06/2013 um 21:00:50 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marko - MARKO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marko\Desktop\Adwceaner\adwcleaner.exe
# Option [Löschen]
# Schalter verwendet : /DisableAskDetection


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\hdvc@hdvc.com.xpi
Datei Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Marko\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Marko\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Marko\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marko\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\CT2269050
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\jetpack
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\Smartbar
Ordner Gelöscht : C:\Users\Marko\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Headlight
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e08cdebd6ae444
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=56B700FF2044F2FF --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4fb893d4-4481-4d67-b97d-83c59976224c&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Datei : C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\prefs.js

C:\Users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.NotificationsToShow_666138", "[{\"id\":\"661999\",\"channelId\":\"666138\",\"ti[...]
Gelöscht : user_pref("CT2269050.UserID", "UN84564162826732636");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.defaultSearch", "FALSE");
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.fixUrls", true);
Gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT2269050.lastVersion", "10.16.2.509");
Gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "1");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledByUser", "true");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350302940275");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1350302939769");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349278114559");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.10.28.11_lastUpdate", "1350302939745");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1349775148088");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349278114580");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1350302939767");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1350302939692");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349278114507");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1350302939770");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1350302939822");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.showToolbarPermission", "false");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "FALSE");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "16-9-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "16-10-2012");
Gelöscht : user_pref("CT2269050.toolbarLoginClientTime", "Sat Jun 22 2013 13:17:35 GMT+0200");
Gelöscht : user_pref("CT2269050.upgradeFromClearSBVersion", true);
Gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "56b79f8500000000000000ff2044f2ff");
Gelöscht : user_pref("extensions.delta.instlDay", "15833");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:56:35");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

-\\ Google Chrome v28.0.1500.52

Datei : C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Marko\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [26564 octets] - [23/06/2013 21:00:50]

########## EOF - C:\AdwCleaner[S1].txt - [26625 octets] ##########

--- --- ---

Code:

ATTFilter

ComboFix 13-06-22.01 - Marko 23.06.2013  22:03:24.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6391 [GMT 2:00]
ausgeführt von:: c:\users\Marko\Desktop\Combofix\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\torrent.exe
c:\users\Marko\videos\Play4Free Funds Generator.exe
c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-23 bis 2013-06-23  ))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46	607296	----a-w-	c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-06-23 20:11 . 2013-06-23 20:11	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-06-23 20:11 . 2013-06-23 20:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-23 20:11 . 2013-06-23 20:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-23 20:10 . 2013-06-23 20:10	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8E47B6-DFCA-4739-ABC5-E40E3586982B}\offreg.dll
2013-06-23 09:32 . 2013-06-23 09:32	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 10:06 . 2013-06-22 10:06	--------	d-----w-	c:\users\Marko\AppData\Local\Opera
2013-06-22 10:06 . 2013-06-22 10:06	--------	d-----w-	c:\program files (x86)\Opera
2013-06-21 08:07 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8E47B6-DFCA-4739-ABC5-E40E3586982B}\mpengine.dll
2013-06-16 11:26 . 2013-06-16 11:41	--------	d-----w-	c:\users\Marko\AppData\Roaming\Minecraft Version Changer
2013-06-16 11:26 . 2013-06-16 11:26	--------	d-----w-	c:\users\Marko\AppData\Local\Craften_Dev_Team
2013-06-16 11:25 . 2013-06-16 11:25	--------	d-----w-	c:\program files (x86)\Craften Terminal
2013-06-15 17:03 . 2013-06-15 17:03	--------	d-----w-	c:\programdata\Sony Ericsson
2013-06-15 17:03 . 2013-06-15 17:03	--------	d-----w-	c:\program files (x86)\Sony Ericsson
2013-06-15 16:58 . 2013-06-15 16:58	--------	d-----w-	c:\programdata\Sony
2013-06-12 18:24 . 2013-06-12 18:47	--------	d-----w-	c:\users\Marko\AppData\Roaming\TeamViewer
2013-06-12 13:25 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 13:25 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 13:25 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-10 20:17 . 2013-06-10 20:17	0	----a-w-	c:\windows\SysWow64\sho1074.tmp
2013-06-08 15:13 . 2013-06-08 15:43	--------	d-----w-	c:\program files (x86)\osu!
2013-06-08 15:09 . 2013-06-08 15:09	--------	d-----w-	c:\users\Marko\AppData\Roaming\Downloaded Installations
2013-06-07 11:33 . 2013-06-07 11:45	--------	d-----w-	c:\users\Marko\AppData\Roaming\.technic
2013-05-25 09:02 . 2013-05-25 09:02	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 09:32 . 2012-10-07 15:14	867240	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-06-23 09:32 . 2012-10-07 15:14	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-14 09:48 . 2012-09-17 13:19	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-06-14 09:48 . 2012-09-17 13:00	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-14 09:47 . 2012-09-17 13:00	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-06-12 20:48 . 2011-03-14 14:08	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 19:07 . 2012-08-28 17:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:07 . 2011-08-31 22:11	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 18:17 . 2013-05-22 18:15	29696	----a-w-	c:\windows\system32\drivers\dtscsibus.sys
2013-05-14 17:07 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 12:02 . 2013-05-06 12:02	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 05:49	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 05:49	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 05:49	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 05:49	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 05:49	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:49	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:58	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 05:49	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 05:49	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 05:49	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-03-29 12:44 . 2013-03-29 12:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 12:44 . 2013-03-29 12:44	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-29 12:44 . 2013-03-29 12:44	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-26 15:23 . 2013-03-26 15:23	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2013-02-16 21:23 . 2013-02-17 01:05	499712	----a-w-	c:\program files\msvcp71.dll
2013-02-16 21:23 . 2013-02-17 01:05	348160	----a-w-	c:\program files\msvcr71.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18	1519824	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"Akamai NetSession Interface"="c:\users\Marko\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-06 3456080]
"Facebook Update"="c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-31 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-03-06 3088448]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys;c:\windows\SYSNATIVE\drivers\PDNMp50.sys [x]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys;c:\windows\SYSNATIVE\drivers\PDNSp50.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe;c:\windows\CBTWlanSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 18:28	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.52\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 19:07]
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
- c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31 17:43]
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
- c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31 17:43]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 12:51]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 12:51]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
- c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-23 20:11]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
- c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-23 20:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-03-24 976672]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\
FF - ExtSQL: 2013-05-08 19:55; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2013-05-27 19:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Marko\AppData\Roaming\Mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1181839449-1317564519-1710926459-1001\Software\SecuROM\License information*]
"datasecu"=hex:92,8a,09,dd,5c,e9,4d,f7,a3,6c,89,ff,7e,bf,ac,af,6c,0f,a6,ac,3a,
   20,18,27,89,0e,20,0b,e1,6e,63,01,4b,1d,e7,58,99,ec,8e,68,f4,d0,cb,1e,6d,c1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-23  22:14:53
ComboFix-quarantined-files.txt  2013-06-23 20:14
.
Vor Suchlauf: 23 Verzeichnis(se), 900.735.520.768 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 901.777.428.480 Bytes frei
.
- - End Of File - - 52050A8609B4B5B2804836686FDACF77
D41D8CD98F00B204E9800998ECF8427E

Mein Internet Explorer stürzt jetz die ganzezeit nach den start ab.
woran könnte das liegen? -.-
der Steam Browser geaht aber noch.

M-K-D-B · 24.06.2013, 21:12

Servus,

schwer zu sagen.

Wie siehts mit Firefox und Chrome aus? Funktionieren diese Browser?

Schritt 1

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List
Klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt 2
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von FSS.

Takie · 24.06.2013, 23:10

Ja Mozila geht danke für den tipp

Code:

ATTFilter

OTL logfile created on: 25.06.2013 00:07:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marko\Desktop\Hijackt
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,61% Memory free
15,96 Gb Paging File | 13,05 Gb Available in Paging File | 81,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 836,19 Gb Free Space | 62,06% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,72 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARKO-PC | User Name: Marko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.24 17:10:59 | 000,092,072 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
PRC - [2013.06.24 11:20:33 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 11:20:22 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.06.24 11:20:19 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 11:20:19 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.23 14:08:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marko\Desktop\Hijackt\OTL.exe
PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.06.12 21:07:11 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.06.07 00:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.24 12:25:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.03.24 10:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.03.06 14:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.18 14:04:05 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.02.23 23:33:32 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\GameOverlayUI.exe
PRC - [2011.10.19 17:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 09:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2007.07.25 11:56:12 | 000,106,496 | ---- | M] () -- C:\Windows\CBTWlanSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.25 00:03:56 | 000,155,232 | -H-- | M] () -- C:\Users\Marko\AppData\Local\Temp\~D2E5.tmp
MOD - [2013.06.24 17:11:16 | 001,355,688 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\vguimatsurface.dll
MOD - [2013.06.24 17:11:14 | 000,914,856 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\vphysics.dll
MOD - [2013.06.24 17:11:13 | 005,680,552 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\bin\server.dll
MOD - [2013.06.24 17:11:09 | 006,043,048 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\bin\client.dll
MOD - [2013.06.24 17:11:04 | 000,096,680 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\video_services.dll
MOD - [2013.06.24 17:11:03 | 000,263,592 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\tier0.dll
MOD - [2013.06.24 17:11:03 | 000,129,448 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\video_quicktime.dll
MOD - [2013.06.24 17:11:02 | 000,235,432 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\stdshader_dx6.dll
MOD - [2013.06.24 17:11:02 | 000,171,432 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\vstdlib.dll
MOD - [2013.06.24 17:11:02 | 000,154,536 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\stdshader_dbg.dll
MOD - [2013.06.24 17:11:01 | 001,615,272 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\shaderapidx9.dll
MOD - [2013.06.24 17:11:00 | 001,148,840 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\materialsystem.dll
MOD - [2013.06.24 17:11:00 | 000,352,680 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\stdshader_dx8.dll
MOD - [2013.06.24 17:11:00 | 000,075,176 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\vaudio_miles.dll
MOD - [2013.06.24 17:10:59 | 000,167,336 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\stdshader_dx7.dll
MOD - [2013.06.24 17:10:59 | 000,092,072 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
MOD - [2013.06.24 17:10:59 | 000,078,248 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\scenefilecache.dll
MOD - [2013.06.24 17:10:54 | 000,565,160 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\stdshader_dx9.dll
MOD - [2013.06.24 17:10:54 | 000,360,872 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\vgui2.dll
MOD - [2013.06.24 17:10:54 | 000,164,264 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\launcher.dll
MOD - [2013.06.24 17:10:54 | 000,108,968 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\video_bink.dll
MOD - [2013.06.24 17:10:54 | 000,070,056 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\unicode.dll
MOD - [2013.06.24 17:10:52 | 000,524,200 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\studiorender.dll
MOD - [2013.06.24 17:10:51 | 000,126,376 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\soundemittersystem.dll
MOD - [2013.06.24 17:10:50 | 000,907,688 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\serverbrowser.dll
MOD - [2013.06.24 17:10:50 | 000,698,792 | ---- | M] () -- C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\bin\filesystem_stdio.dll
MOD - [2013.06.24 17:10:50 | 000,109,992 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\inputsystem.dll
MOD - [2013.06.24 17:10:49 | 002,067,368 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\GameUI.dll
MOD - [2013.06.24 17:10:48 | 004,334,504 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\engine.dll
MOD - [2013.06.24 17:10:46 | 000,876,032 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\chromehtml.dll
MOD - [2013.06.24 17:10:43 | 000,239,528 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\datacache.dll
MOD - [2013.06.24 17:07:22 | 020,321,192 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\libcef.dll
MOD - [2013.06.24 17:07:22 | 000,055,808 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\msseax.flt
MOD - [2013.06.24 17:07:22 | 000,013,312 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\mssds3d.flt
MOD - [2013.06.24 17:07:19 | 000,153,088 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\mssvoice.asi
MOD - [2013.06.24 17:07:19 | 000,071,680 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\mssmp3.asi
MOD - [2013.06.24 17:07:17 | 001,101,240 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\avcodec-53.dll
MOD - [2013.06.24 17:07:17 | 000,192,440 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\avformat-53.dll
MOD - [2013.06.24 17:07:17 | 000,124,856 | ---- | M] () -- c:\program files (x86)\steam\steamapps\common\counter-strike source\bin\avutil-51.dll
MOD - [2013.06.12 21:07:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.06.07 00:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.05.16 08:41:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 08:41:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 08:41:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.07 03:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.10 19:53:31 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll
MOD - [2013.01.10 19:53:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll
MOD - [2013.01.10 16:48:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 16:47:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 16:47:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 16:46:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 16:46:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.09.18 14:04:05 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.11 11:19:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.06.24 11:20:33 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 11:20:22 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.24 11:20:19 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.06.12 21:07:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.24 12:25:24 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.03.24 11:09:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.03.24 11:08:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.06 14:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.09.18 14:04:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.06.25 19:09:00 | 004,705,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.10.19 17:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.25 11:56:12 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Windows\CBTWlanSrv.exe -- (CBTWlanSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.22 20:17:05 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013.03.29 14:44:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 14:44:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 14:44:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.23 11:52:23 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.09.28 04:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.02 19:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 19:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.06.01 10:13:13 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.16 22:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 15:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.09.19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008.07.29 05:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.11.28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {DA68D3BD-B524-424D-9A23-FFFDD8DC8842}
IE - HKCU\..\SearchScopes\{1F473F98-4890-419C-8C98-3A32B4CD386F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=F8C09FEC-BE2C-4AE9-A850-920D8B66EC22&apn_sauid=A977A3DB-079F-426E-9923-4F2A772717FD
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A78F32FC-0023-488E-A586-07CFBC123192}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{DA68D3BD-B524-424D-9A23-FFFDD8DC8842}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE501
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6.6
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 14:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.19 21:06:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 14:04:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.19 21:06:54 | 000,000,000 | ---D | M]
 
[2012.08.29 14:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\Extensions
[2013.06.24 16:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions
[2013.06.24 16:59:44 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Marko\AppData\Roaming\mozilla\Firefox\Profiles\j3wpw5yr.default\extensions\toolbar@ask.com
[2013.06.22 13:17:29 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.08 15:15:18 | 000,002,333 | ---- | M] () -- C:\Users\Marko\AppData\Roaming\mozilla\firefox\profiles\j3wpw5yr.default\searchplugins\askcom.xml
[2012.10.23 17:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.07 17:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.23 17:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.18 14:04:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b6b5827d-388b-4645-9308-4ab47f0d3fc1&apn_ptnrs=%5EABT&apn_sauid=E3289B01-21E0-4E7C-B543-C72DEBD85422&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Marko\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Avira Toolbar = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.33344_0\
CHR - Extension: Google Docs = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Youtube 2 Mp3 = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfdifeicmijiobaflmbcnohpplhiipka\1.0.0_0\
CHR - Extension: AdBlock = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0\
CHR - Extension: Google Mail = C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.23 22:12:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50870A-9972-43FF-AD84-138395024614}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2044F2FF-EF66-4278-80B8-BFDB000B314F}: DhcpNameServer = 10.129.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.19 15:50:13 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.25 00:06:12 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\OTL
[2013.06.23 22:22:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.23 22:14:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.23 22:00:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.23 22:00:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.23 22:00:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.23 22:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.23 22:00:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.23 21:59:15 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Combofix
[2013.06.23 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Adwceaner
[2013.06.23 15:06:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.23 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\GMER
[2013.06.23 14:22:35 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\De fogger
[2013.06.23 11:44:18 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Hijackt
[2013.06.23 11:32:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 11:32:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 11:32:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.23 11:32:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Opera
[2013.06.22 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Local\Opera
[2013.06.22 12:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.06.17 18:25:45 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\teamspeak3-server_win32
[2013.06.17 18:22:33 | 032,698,840 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Marko\Desktop\TeamSpeak3-Client-win32-3.0.10.1.exe
[2013.06.16 13:26:23 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Minecraft Version Changer
[2013.06.16 13:26:21 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Local\Craften_Dev_Team
[2013.06.16 13:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013.06.16 13:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[2013.06.16 03:01:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 03:01:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.16 00:50:36 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Bukkit
[2013.06.15 19:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013.06.15 19:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013.06.15 18:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.06.12 22:48:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 22:48:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 22:48:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 22:48:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 22:48:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 22:48:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 22:48:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 22:48:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 22:48:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 22:48:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 22:48:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 22:48:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 22:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\TeamViewer
[2013.06.12 15:25:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 15:25:00 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 15:24:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 15:24:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 15:24:49 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 15:24:47 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 15:24:47 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 15:24:46 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 15:24:46 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 15:24:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 15:24:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 15:24:40 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 15:24:40 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.08 17:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013.06.08 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013.06.08 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\Downloaded Installations
[2013.06.07 21:26:53 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft FTB
[2013.06.07 21:25:33 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Feed The Beast
[2013.06.07 21:13:15 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Vanila
[2013.06.07 13:37:25 | 000,000,000 | ---D | C] -- C:\Users\Marko\Desktop\Minecraft Tekkit
[2013.06.07 13:33:17 | 000,000,000 | ---D | C] -- C:\Users\Marko\AppData\Roaming\.technic
[2013.05.29 22:45:28 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.29 22:45:28 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.29 22:45:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.29 22:45:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.29 22:45:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.29 22:45:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.29 22:45:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.29 22:45:28 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.29 22:45:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.29 22:45:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.29 22:45:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.29 22:45:27 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.29 22:45:27 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.29 22:45:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.29 22:45:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.29 22:45:27 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.29 22:45:27 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.29 22:45:27 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.29 22:45:27 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.29 22:45:27 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.29 22:45:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.29 22:45:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.29 22:45:27 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.29 22:45:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.29 22:45:27 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.29 22:45:27 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.29 22:45:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.29 22:45:27 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.29 22:45:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.29 22:45:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.29 22:45:27 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.29 22:45:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.29 22:45:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.29 22:45:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.29 22:45:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.29 22:45:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.29 22:45:27 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.29 22:45:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.29 22:45:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.29 22:45:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.29 22:45:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.29 22:45:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.29 22:45:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.29 22:45:27 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.29 22:45:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.29 22:45:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.29 22:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.17 03:05:33 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2013.02.17 03:05:33 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.25 00:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.24 23:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
[2013.06.24 23:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.24 21:48:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001UA.job
[2013.06.24 18:48:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
[2013.06.24 18:28:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.24 14:22:51 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.24 14:22:51 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.24 14:17:35 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.24 14:14:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.24 14:14:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.24 14:14:25 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.24 11:20:36 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.23 22:12:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.23 21:07:31 | 000,314,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.23 16:09:39 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.06.23 15:39:03 | 010,092,780 | ---- | M] () -- C:\Users\Marko\Desktop\Sf bot.rar
[2013.06.23 15:05:46 | 898,998,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.23 14:23:46 | 000,000,000 | ---- | M] () -- C:\Users\Marko\defogger_reenable
[2013.06.23 11:32:07 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.23 11:32:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.23 11:32:07 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.23 11:32:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.06.23 11:32:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.23 11:32:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.22 12:06:32 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.22 11:59:30 | 000,058,815 | ---- | M] () -- C:\Users\Marko\Desktop\NICHT LÖSCHEN.rar
[2013.06.22 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181839449-1317564519-1710926459-1001Core.job
[2013.06.21 20:28:52 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.18 15:35:47 | 000,160,035 | ---- | M] () -- C:\Users\Marko\Documents\ts3_clientui-win64-1365064384-2013-06-18 15_35_46.313283.dmp
[2013.06.17 18:21:03 | 032,698,840 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Marko\Desktop\TeamSpeak3-Client-win32-3.0.10.1.exe
[2013.06.16 19:25:27 | 003,193,659 | ---- | M] () -- C:\Users\Marko\Desktop\BaffDischMix2 (1).mp3
[2013.06.16 13:25:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.06.16 00:48:32 | 025,083,402 | ---- | M] () -- C:\Users\Marko\Desktop\Minecraft Bukkit Server 1.5.2.rar
[2013.06.16 00:16:35 | 091,714,351 | ---- | M] () -- C:\Users\Marko\Desktop\Minecraft Bukkit 1.5.1 I 1.5.2.rar
[2013.06.14 11:48:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.14 11:48:27 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.14 11:47:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.12 21:07:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 21:07:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:35 | 001,651,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 21:51:35 | 000,710,344 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 21:51:35 | 000,663,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 21:51:35 | 000,154,522 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 21:51:35 | 000,126,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.08 17:13:15 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.07 13:37:36 | 000,000,632 | ---- | M] () -- C:\Users\Marko\Desktop\Tekkit_Server_v1.0.6.zip.lnk
[2013.05.29 22:45:28 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.29 22:45:28 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.29 22:45:28 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.29 22:45:28 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.29 22:45:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.29 22:45:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.29 22:45:28 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.29 22:45:28 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.29 22:45:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.29 22:45:28 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.29 22:45:28 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.29 22:45:27 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.29 22:45:27 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.29 22:45:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.29 22:45:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.29 22:45:27 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.29 22:45:27 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.29 22:45:27 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.29 22:45:27 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.29 22:45:27 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.29 22:45:27 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.29 22:45:27 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.29 22:45:27 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.29 22:45:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.29 22:45:27 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.29 22:45:27 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.29 22:45:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.29 22:45:27 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.29 22:45:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.29 22:45:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.29 22:45:27 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.29 22:45:27 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.29 22:45:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.29 22:45:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.29 22:45:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.29 22:45:27 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.29 22:45:27 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.29 22:45:27 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.29 22:45:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.29 22:45:27 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.29 22:45:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.29 22:45:27 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.29 22:45:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.29 22:45:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.29 22:45:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.29 22:45:27 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.29 22:45:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 22:45:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.29 22:45:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.29 22:45:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.29 22:45:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.29 22:45:27 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.23 22:00:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.23 22:00:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.23 22:00:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.23 22:00:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.23 22:00:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.23 16:09:39 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.06.23 16:09:39 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.06.23 15:39:02 | 010,092,780 | ---- | C] () -- C:\Users\Marko\Desktop\Sf bot.rar
[2013.06.23 15:05:46 | 898,998,443 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.23 14:23:46 | 000,000,000 | ---- | C] () -- C:\Users\Marko\defogger_reenable
[2013.06.22 12:06:32 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.22 12:06:32 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.22 11:59:30 | 000,058,815 | ---- | C] () -- C:\Users\Marko\Desktop\NICHT LÖSCHEN.rar
[2013.06.18 15:35:46 | 000,160,035 | ---- | C] () -- C:\Users\Marko\Documents\ts3_clientui-win64-1365064384-2013-06-18 15_35_46.313283.dmp
[2013.06.16 19:28:59 | 003,193,659 | ---- | C] () -- C:\Users\Marko\Desktop\BaffDischMix2 (1).mp3
[2013.06.16 13:25:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk
[2013.06.16 00:47:51 | 025,083,402 | ---- | C] () -- C:\Users\Marko\Desktop\Minecraft Bukkit Server 1.5.2.rar
[2013.06.16 00:16:11 | 091,714,351 | ---- | C] () -- C:\Users\Marko\Desktop\Minecraft Bukkit 1.5.1 I 1.5.2.rar
[2013.06.15 18:58:41 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.08 17:13:15 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.06.07 13:36:24 | 000,000,632 | ---- | C] () -- C:\Users\Marko\Desktop\Tekkit_Server_v1.0.6.zip.lnk
[2013.05.29 22:45:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 22:45:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.22 16:52:55 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.20 18:12:30 | 000,106,496 | ---- | C] () -- C:\Windows\CBTWlanSrv.exe
[2013.02.09 01:08:42 | 000,006,288 | ---- | C] () -- C:\Users\Marko\AppData\Local\recently-used.xbel
[2012.12.15 01:11:02 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.11.18 11:15:34 | 000,000,019 | ---- | C] () -- C:\Windows\TKKG_9.INI
[2012.11.17 10:50:56 | 000,000,065 | ---- | C] () -- C:\Windows\Maus2.INI
[2012.11.03 23:15:51 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.11.03 23:15:51 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.11.03 23:15:51 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2012.11.03 23:15:51 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2012.10.28 10:08:37 | 000,000,093 | ---- | C] () -- C:\Users\Marko\AppData\Local\fusioncache.dat
[2012.10.04 00:48:05 | 000,102,078 | ---- | C] () -- C:\Users\Marko\cc_20121004_004740.reg
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 04:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.09.17 15:00:12 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.17 15:00:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.16 08:58:07 | 000,000,888 | ---- | C] () -- C:\Windows\disney.ini
[2012.09.16 08:56:17 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini
[2012.09.01 12:38:34 | 001,624,348 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Takie · 24.06.2013, 23:19

Code:

ATTFilter

OTL Extras logfile created on: 25.06.2013 00:07:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marko\Desktop\Hijackt
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,61% Memory free
15,96 Gb Paging File | 13,05 Gb Available in Paging File | 81,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 836,19 Gb Free Space | 62,06% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,72 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARKO-PC | User Name: Marko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149137C8-AF10-439C-9915-5F3CC9A27FC0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D23994E-2612-48A8-9C8F-79881C8F4A1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{364756D3-82F3-48A0-97DC-43F9AE260343}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43B9753D-B7B6-451E-8349-8A33329F04A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FE6C525-8DCB-4767-BA0F-BF7D24FA6563}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{59E6703C-2C20-498C-A580-0DAAF897202B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BC37F4F-21A9-49FB-82CF-3C1F2F8D9038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{69CB7462-8746-45F5-A7FC-F421C8260AA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{737D7272-050D-4604-B127-B93472F3EF67}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7711390F-C2D3-4484-B313-8B854546FB67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{77BE827B-68EE-42B4-B924-1770B01EB53B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82770B05-846D-4017-863C-C7C18C367D01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E4DCDA1-15CF-416B-812B-4A54FBA2BFFB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{95CEFD6D-BB67-4426-94E9-11D6F2A9D0BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9884877E-4D67-4A76-B545-6427653E73E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3533208-DA7E-4362-AAB2-BD564240532D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AB0B0BE6-6E2B-4E1A-92F5-EE469D6D9B99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ABF5D592-EA0A-4F6E-944A-72CEB84021E6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC7B2D57-B398-4529-9A7F-17FF638646CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ADF666C3-00B7-402D-94E1-788D44CBE914}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B3C01EB0-41B8-4D3F-B607-433CFF58BE5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B46A5AA7-C721-4DF0-A137-CDD49B53B384}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C394BA47-C366-4D9D-9946-A087BE162473}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003549FF-87E9-4446-A0A9-EA168DB7B229}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{041EB5DA-8B57-4904-AFB0-5B67818FB1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{059EF4D3-E4A2-4861-8102-BAB7928765F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{05B069A7-F443-45D2-9316-C1ED1BD27352}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0981B476-8540-4E07-B0DC-77B9574C1411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0A5984C2-C2D3-4E7E-8133-FB849394784B}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{0B8D2785-78A6-4282-8EE8-3F7B68C0AE58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{116468F9-237F-4F98-829A-B135D602C4ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11BACEF0-6238-4942-9C10-045624255C29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{120DC8D7-50B7-4724-8BBD-1498076E6832}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{136229FA-A714-4F0F-A538-90200F654E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{1836E2FF-DE25-4668-AF1F-1748E130CF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1A236976-DA98-42AB-99EA-6B36D61B3351}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1A9ACB5D-B95A-4BBE-AB91-6BFE096E2E05}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1B03D589-69C3-40D6-B347-D27BBDA0FCFA}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{1BDA2668-76D7-4276-A33D-320F3C9F63E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1C2C79BA-C253-4A8B-A516-267D7166F67E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{1CA76231-9A08-4E30-A70A-A93841D967CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{1D21FD43-CA2C-4D1E-8A41-7967A2F2FD02}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{20079E73-05C1-4091-9BFA-8823D5DD518B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{21D51E16-2F3F-46F7-9116-59C2E6AF0B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{227B319E-74BA-4B4C-B75A-38C1D4818BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{2853FC5E-3721-43C3-8C0B-B4D365D1FFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{28C1E3B4-2B1F-4872-B9F2-B44D7293D735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{291D5CCD-E17D-4C15-A670-4C5EDA4446E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{29ACDBEB-F1CF-4151-A4AA-13048A02740A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{2B78CE8F-C3F2-4A27-BCE4-0A837718D8D2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2BDBAB93-22A1-44CF-90EB-72FCAD9B22A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2C6B8EA0-0A02-4C5D-AB84-30B189DB06CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C93B8EC-E1C7-41CF-BE6E-871852E6C8A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2EDE2BAB-F5DB-4C86-B69E-BED68C580770}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{357E500F-51D9-49F9-A4AE-E686AEAF5FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{371397C4-5857-40A6-8CC9-6B958AB858CE}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{375AA0F3-7328-48DB-BF45-8CCB147DAAFC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39ED8DC6-7818-4464-9DE1-ADDD720DE54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3C0B0906-600B-470B-862E-FCBE08561CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{3C62E7B5-292D-4D8D-B641-BC98E726BB69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{42435051-9A2F-48B2-8EB6-0B7C436AAF5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42EF549E-DBCB-4A78-8D29-653F8BFC48D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{445A1772-A46D-4232-88BD-7F0A5AD40978}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{467AD206-4925-437E-B93F-402A45F5116F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{46DB38F8-4208-4CEF-AC37-C08CA733EBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4CB7A1F9-870D-4AFE-A822-243D12E29E57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D4D99EC-E581-4C78-9479-80C42766C7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{4D60768C-2D7F-4484-8DB4-7B2BAE32386B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4DAE9D2B-BDE9-420C-A760-A310F5BB657A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E07DE23-F845-4218-8F85-23D7FA37EADA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{50B1813B-5A52-4B27-80DA-32CACA0EC8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{52B1468C-94A0-4F9A-B606-07E578403A34}" = protocol=58 | dir=in | app=system | 
"{53144344-469B-47E0-BE1B-BC5F917B55D6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{581140AC-E4FF-4FD3-8061-10861BBBD10E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{582BF172-1042-42B0-AA55-A73D409C4F35}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{58FB66B4-4B69-4B0E-8D47-A668EF428E9E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5924B558-A53C-4AB5-BE34-2280B08D75F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{592FDD8F-54FD-4D81-86D0-366BCB6D106A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5A5993C0-6889-4822-9F1D-0729DF7FB0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5B27B063-63B6-48C3-8904-3083EAA9D53D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{5BBEAF53-A461-43BC-85D2-4CEDFBCED156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{5DA290D7-83E1-447A-919B-5A618FE6FEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5FB6BF60-BA58-4117-9A1C-1E3083976DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{61CAF8A3-BDA0-44D3-8E38-A4FB33E2AAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{65F926BE-0085-47D3-9554-61AA8AD094B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{66088498-E184-44E4-BAF3-C4F0F26266EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{66183BBF-63CC-494C-8CAE-C75FA8E7EB71}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{66E01231-A3E5-4750-B431-62E0D36FE69E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{69205C79-2F06-42CE-998A-A03825BF52BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{6A92E203-8A0A-40F2-966E-2E0BEA25C6CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B6323D8-9D6E-467E-B99B-0A329C4478D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{6BFB8B06-57E9-4322-8FCD-2DB22EB0DCB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{6C801ED5-CC14-4E62-8ADB-990E63B316A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{6CB7D893-96BF-46A3-B87B-18F6117A7E10}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{6D8A6D87-9B13-4640-BB1A-500DC476A048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{6DA3A700-282B-45E7-A46C-0AB13A00012C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{70663C19-9599-4C92-8CE2-F0AA09D7098A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{70799A3D-6F31-41CD-9791-7F8EACE4FE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{70D0B30E-A8D8-4AD1-8759-C13BF2CFAAFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{70FA73B4-4FE9-438C-B6BD-890DD4AC68D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{752C6329-7B6B-452F-A9A7-37CE6AED323B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{764D96C6-4639-4B5F-9F14-21FC1E73A273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{779AEA95-D630-41C0-916A-8F07DE26DAFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{77EECFA9-1FEB-427E-9AFC-FD8485BC3B82}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{7A5C4420-D3B2-4B4D-AE0B-93C04C9997CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{7A648CBF-5548-403E-B14A-12633860AC90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{7B523648-678F-430E-817D-8D448175BCDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{7E9A2BE1-CBFE-4C12-98C1-1EF8F11888BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{7F0E899C-6A31-47AD-A7C4-91F8A91CCDF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{7FDD8C5A-EFF1-41D7-8D48-0281A0BAE4B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{7FE78DCE-C2C3-45BC-B851-60E4BF0C7741}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{801C86F8-D8F7-4496-8A7A-D5F05E72A4B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{81822F97-9681-417A-9E5C-A1E4D5D14DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{823EE8B5-0575-494F-9101-0104F3C087A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{825F1852-F77C-4CFA-BC3B-2F9B7104D881}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{865EE65E-C572-45A5-BD86-399C10694E97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{8890D599-DDA3-4EF7-8C7F-C495B10F501D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{8924C71C-FC04-4D74-9FC7-DBF44E7173AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{89A5879D-DEF4-4BFF-8AEC-22FB51739B32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8B0BAA0F-1E84-4135-A4CB-68F8F6F55387}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8CCB0186-9DE2-4F67-BA1A-C3F2F7C7E77F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{8DE6EEF5-A666-4F82-AAFC-1AC7BEAF27FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8E266BAB-6265-4A47-A781-F97C684C5189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{8FF788F7-F7C0-469E-8415-FBCC90182320}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{911BECC1-875F-4019-874E-6C9FF9BD5063}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9276AAA8-B0B8-4236-AE17-DA64ED2D23EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{9389BC4F-0859-4EB9-8327-AF94243B3A9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{93AAE303-4A59-4D9D-BA3B-53C8BFE88F62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{953042BC-0F11-4D08-AF8A-B15023B72155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{96B3E40D-297F-4E6E-AA9B-2929D4D12AB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{97353F4D-5588-4104-8E83-64F5125C8C09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98D30FB2-FE52-4BBF-817B-CC95C7D85F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{9D2DFEF1-D648-4859-AFE7-A2385A0DC11F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9E8330C7-FCAC-4D06-9282-906F7AA7D70E}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{A3C51150-33DA-4D4C-8A2B-754803158A9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{A4322B46-116F-40FB-97A4-36B0446F768E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A4AE5956-E974-42A2-9367-D3929EFCD912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{A4ECD141-14DD-4A62-853D-3BF87D7A2C93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{A5FABDB2-1C3E-4ACD-B54F-95D6A9778B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A6200002-2FE8-48EB-8006-F4B4C1914552}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A701038F-329E-4F57-A57E-F1826DAAC679}" = dir=in | app=c:\users\marko\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A9204272-E12E-4551-80B8-F42DE8EAEA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA54BD56-7388-4CF3-BFDB-5E861F55E944}" = protocol=6 | dir=out | app=system | 
"{AB19ED41-2355-4E5C-8672-4C3925AEEFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AB2ED931-1EC1-4DD6-97A7-EB802A44AF4B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{AD4E1789-37A7-4B00-8B2F-FE33CF64309A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF757A34-40DC-46E0-B029-DE2896122EF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B0D83AAD-8E20-4D36-B78B-7323573A5A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B26A9F31-699E-4A2E-9C5C-E52D7C1AF789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B6D96897-B7D1-4516-9E20-96315E12BA3E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{B6DF730A-7FCF-4C8F-89E9-79C831CE7F84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B70E3034-B536-4964-A7F4-F2BE3A6C95EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B776734A-8CDA-4CE3-A77D-74355EF80BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{BA8992D7-FBB2-4AED-B496-C886866A8291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BBD88E41-F3E5-447A-BC23-E48DC43A59C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{BCAD2D3B-0226-4768-8C42-3D243FD04AD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF2613B2-B00B-4083-A086-53A7ED71BA59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{C25B7712-5AC0-4E65-9DA1-C97AD25EEC2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3AB685A-79C3-47A0-97FE-449B37951DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{C4DF5A05-F887-496A-BF6C-DE35151012CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C63B850C-224E-48A0-AC41-5E7629518894}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C6BE8C78-7DFD-40D9-92F9-2A3974F6C2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{C6DEF6D4-BB1B-4BDF-8251-648CA4EF43E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C75C36FC-7716-47AA-BCC0-0A8E42BB32DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{CC464837-B757-4A7B-8EE4-4FBFB01B40BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{CD3BDA49-7996-4D90-A68B-0340D68E0CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{D3A30592-D12C-419C-850D-BF4C11F1462C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D42A9E36-CA68-4AB9-971B-E9A7DAE2268C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D4A0DDE2-3466-4A25-A0EB-80ECAF270186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{D58FD79F-293A-4ED7-8CED-F3FFF96ABE50}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D60830AE-FC2D-4645-9F7E-C62C9A5752C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{D76874DD-15E2-4B13-A32B-6395D4229AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{D8181EB2-2E73-4DF7-BCA0-189181C61C30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D89109FF-36CE-4BE7-AC94-5148DA9BE4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D8D2703D-D84B-4D2B-B384-3E42DD20E5AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8F841DF-5020-4548-B8AC-04287496F952}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{D930FA5C-C5D4-429F-9771-4757EC3E82F9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D9E782D5-58D8-4B9B-AC9C-9B826FD8C7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{DAA81AA2-18C6-4A3A-9D6D-92FB1A5BE9AA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DBFB8A70-56F9-4656-820B-173552482E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{DE74A38C-5CAB-467B-9E5C-95C36CF2853A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DEF8D179-7B2C-4809-ACE1-2317B798673F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DFD775F9-C794-4866-BFFA-EE98D9ED74DF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{E1506FBC-E84F-4C26-A902-BA1A6E5E5B53}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E41AA77B-2359-4D4A-AC0E-F4D91E645E33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E517517F-1193-4E56-8AFA-52F9A9507154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{E5AA8C7A-81A2-4FDF-8926-48089AB081D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E82571FF-4E7C-47F9-A117-25E4FBE07CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E894C679-29CC-4433-861C-6602EA3C01C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{E8BAE786-0A41-4C60-8B7D-CCA2C3C056AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E9A1F5AD-B2F6-43A5-95C5-4A30997054C5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{EC5FB37B-444D-4291-A50E-0DBAF44D9111}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{ED8846D3-6752-4A36-8EE6-DC313773C3CA}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{EE8BFBB4-3D1B-4E5B-B2DB-2000A1BA881E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1F704B3-6072-4F2E-BEC5-50DA13DBAD45}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F5D75967-AB3A-434E-BE33-81ECE863F41E}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{F6A3C1DC-B771-4CAF-8358-2BAC6014E08C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F7265B85-AC49-40C9-8C77-B7B93D76D263}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F73BD200-5C2E-475B-9590-293B36F8A108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F76C6790-D37D-4A10-AFD8-A9E2925D01E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C4FA83-9F7F-474E-B7E7-F3B5869B450C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F86B6E4B-D49F-4F31-8215-0FB7CC08AFAC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F87BF768-67FA-4749-980E-AFAE0E337BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{F9160404-E7B0-41AD-AC71-C5E5B987B43C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F95F440F-1DF8-4CA6-95E9-15F2B8392671}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{FAFB884F-87BA-421F-8A16-159CF3772C84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBF9B0C5-DE2A-4058-ABEC-9ADBC6275148}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FC766F59-D4B0-494F-BB2B-2D1A9F62B34B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{FF536D5A-B453-46C3-BD32-B298DB02E4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{FFA3B91D-B7A4-4696-9A8A-521AF622DE92}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"TCP Query User{02F67F50-6A53-41F7-9C4B-21A8F0AD68BA}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{03501292-E7A7-4635-AD70-D80E11302E56}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{0485AD80-5357-4458-A9C4-4AFF74472B84}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{07A6DC29-BF87-44CD-8CDA-AA0EB5628631}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{08175A44-812F-41A5-9676-E8DE0CE5D7F8}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{082AB431-0750-4B40-9176-9C1051BD9BEF}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{12FBE273-D1DA-4E99-A62D-8728EC7BBF72}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"TCP Query User{15288C6F-96F8-4CC3-AD5C-BC7F0923DAAD}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"TCP Query User{1E6F96B6-3EC9-4B60-AEC5-6416F9609A10}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{22D8BC2D-14B1-4F10-8424-53374490CF7F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{252CB076-F0D1-4061-A805-837D85661080}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{3D390E3C-B4FB-4EEE-8F86-04792C4EEDB1}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{40A266E7-E4E4-456D-B3B6-78000EC09F97}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{44DAE44C-6C8B-4A28-AB4A-65A5D3189A76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{455EF538-DDB3-4F53-AED9-A83332DD6545}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{49CBAFA6-E3C5-48CE-A556-59A230BF89D7}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{4CAE0980-3E7B-47F8-9AF8-BE603B06B22D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{4F63895E-E01C-4957-9F67-4AD6CF8B1DB8}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"TCP Query User{5338628A-1122-4567-B906-20B1BF0BD040}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{5798F953-8CF4-4E21-924D-0C677B5540E4}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{627C9E97-BBE7-49A6-8C82-0FF3DE026063}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{65DB257A-CA6E-413E-85DB-5553B32E281A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{66AED3F4-CAD8-4553-8C51-637E7695D5A9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{66B19EA2-35B1-4B37-8ED2-D07C29922E67}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{6B2ADF29-399D-4D9B-A36E-CA7866E8FD7F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6E1AEDF4-E998-4DE2-B0FF-67E008D0EA1D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{72D90E31-FB12-4C61-9163-CC27D5C4A566}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{7B49A587-A3D5-4984-9913-90343951B6DA}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{7DE238F2-70BB-4FD6-897C-B5B4E7F5B097}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7DF41239-A6AA-43E3-BA08-9068CBAD10D3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{83E3EF04-1F39-4778-843B-E1D144CB63C7}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"TCP Query User{85F79D83-42B0-4E5C-8BE6-571BF79D51E2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{91DF0321-2E6E-496D-958B-97D0B897D492}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{997F333C-25D4-4797-8A5E-D98C4CC309BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{9AF83CA1-BC9F-4BA5-BB04-177737628E21}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{9B5F2425-8480-48CC-A627-29F1CA4F41F2}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"TCP Query User{9BD37A06-431D-4AD2-951B-286E6B67B8BB}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{9EF3C44D-3C16-40A3-8381-8CB0E2D1DC91}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{A5BB9664-3F16-4B6F-AE38-FB3D58CD53FB}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{AA6C78EC-6146-41A8-902B-F8122B6BA29E}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{AAC6375B-6702-4D46-A8BD-91F8919C4F4B}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{AF24B2B1-586E-451D-A375-43F1B470011F}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{AFA8E65D-67E9-40A4-ABE4-49BACFF176C9}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{B70B472E-CCDD-4FDC-B506-7D5676A0C400}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{BE68F03F-3DDE-495F-B921-6AC72B3585B5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C29FA49A-93BB-44A5-851F-343DF858CA92}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{C813D873-C98E-43BA-A379-69847FB203DA}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"TCP Query User{CAA79CE7-53BC-4054-A6F0-305E7790F64C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{CACB6963-E779-46E6-A1E1-DB1CDD689A98}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{CE0DF9D8-1268-4993-8958-82490CC3307A}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{D12E066F-19C3-488B-80DB-92B2FF1F374C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E1332F19-68AE-479B-81C0-4B9594EC21A7}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"TCP Query User{E2708DCE-FE05-4B98-A88F-E7DAF3541749}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{F0B1F2DC-877E-4E7C-9DD0-D80E29127CFA}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F1BC051F-010E-4571-9DF1-A2B5AD6BAC96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{FB692F3E-414E-47EB-9A46-B7BDE2E0EA4D}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{FEAEB5A5-2B2F-4236-AE14-D37680825D00}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{0212B309-D5AD-47DA-AAAB-B00E690B2ED2}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{11ADF928-84E8-41C6-9532-4C241E39F0DE}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{2182877C-CBD9-424F-A54D-95B2BFFBAD7C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{27072956-3F8E-4EF9-8998-75FAA72F246D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{2A5400BA-9C34-424E-803D-419358DD012D}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{2CEC33EB-FD26-4ACA-A2A3-6E8D6253663C}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"UDP Query User{39677F3E-0477-4D06-9CF0-E8C893E6F81A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{399EB417-A858-4EF9-92F2-805B8E31C600}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{3F1BC503-1861-4665-ACC7-33A6C1A49F83}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{4140172C-AB36-4CD9-9E64-082E8784E327}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{44417A03-BD49-4777-BFDC-AE305F337257}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{45A433A2-973E-4AC3-8975-35D73DE1EB9B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{4824BDDA-F380-4156-A0D4-75103BC3D62C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{482BA6BF-CEFF-4EBC-86F4-EF088BA4C728}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{54A6EE97-1489-4FAC-A162-302400AE884E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{5680AC6E-9408-489F-88B6-8FFBEB051970}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{5878E318-8E0B-4070-9779-D5CEFABC9C06}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5A03762D-3492-4760-ACE6-62AB9B4C6944}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{5B6A0121-7098-4B6D-A221-ABF925F479C6}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{62CDA703-143C-4A51-9E71-4F9B288303E8}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{63D60683-2485-4B7D-998F-FEECBDF3C35C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{63E64DB9-3808-4A6C-BD28-DFEE873391D5}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{6B365E2A-87AD-4D6E-A62B-46FA818E99DA}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{6B7160E4-AC90-464E-88D8-068C3A91EA36}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{6E94EC8D-9D24-4DE8-B221-F44315E65BAB}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{7C5B2894-A071-46F5-83A2-19C5C481EEB2}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{81C1CED2-A290-4489-9E64-8D2CD9ECB174}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{86DE1A94-F076-4561-976E-82B34E70BCC9}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{8CCFC2FE-4435-429E-ABC1-E6787573EF5B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8DC79EA6-FDEE-4FC4-9E7C-E142024939F2}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"UDP Query User{92D950AE-E8A3-4BD8-ACE4-B750ADFF8710}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{93956A8A-9C94-43C2-873B-812B2652C4C7}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{9CECAF94-8984-48F7-B3E5-8BB5F5E7AE77}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{A3DD4C99-6D34-4CEE-A361-83F81EA127C3}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"UDP Query User{A5B8417E-0E45-4D62-A809-36F7370B55C2}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"UDP Query User{AA833A98-F09D-455E-8337-01112B9282BA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AD0F7432-3766-4CD5-8C30-E5228C71AC04}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{AF146B8E-652B-4178-AD73-88AEA0CF74A1}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{B7C977DA-1F56-452B-9549-FAB9AE966C5B}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{C4C778FA-7364-45E3-BA5C-9260CB4D08D4}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{CA9BC5F5-E305-439C-968C-EA98CFAB2D43}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{CCCDA095-DEC8-4A2F-A999-7CD3D8AFFC37}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{CD24C728-8E99-445F-AFFB-E2FFDCD9C5FE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{CD5C6B3A-F714-49D8-B5A4-BAAC8AACE7A4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{D60BECBB-C5D1-49A6-BDD1-1649A72B7060}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"UDP Query User{D7ADAD5D-9D63-4378-8CF0-A7827FCC513F}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{D904BD3A-B990-43B9-A1B2-2863A725FB7B}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"UDP Query User{D9330897-A4E7-459D-863A-35F85F9FBDEE}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"UDP Query User{DAEF5EAA-9E5F-47BA-ABC1-1FB1A601A8B8}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{DB8B1416-DC07-49F3-823C-646F7617741D}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{DE790E46-555D-43A0-87B9-C9027557EDAE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{E4D5B158-93BA-46ED-A4A5-CE109B57331D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{EA1F6E8B-BDA4-43D6-8C72-2F734E738D9F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{EB190651-ADFC-44DB-9F93-1AAE9906A700}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{F0B5FC06-A735-43C1-88C3-314256E17533}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{F361E9B3-1CBD-4931-A7AB-7EECB0707544}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F51A2883-FE40-4225-8E71-36A92C01C83C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"AutoHotkey" = AutoHotkey 1.1.09.02
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.120.08260
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.28.8
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388A10A3-FE60-4946-99B8-99DF1B94870A}" = S4 League_EU
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1" = JC2-MP version 0.0.12
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EBA42C8-535E-4D45-AC68-D7F4557B7336}" = Gigaset USB Stick 54
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25E16F9-902D-4B08-B6AD-C28882C6EBFE}" = Garry's Mod Manager
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Alliance of Valiant Arms" = Alliance of Valiant Arms
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combat Arms EU" = Combat Arms EU
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Diablo III" = Diablo III
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Dungeon Defenders_is1" = Dungeon Defenders
"EdenEternal-DE" = EdenEternal-DE
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Garry's Mod Manager 8.30.0000" = Garry's Mod Manager
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Maus2" = Maus2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ProjectTINT_S_x86" = TINT Standard BETA R6
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 200170" = Worms Revolution
"Steam App 200210" = Realm of the Mad God
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 209870" = Blacklight: Retribution
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 224540" = Ace of Spades
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 96300" = Ravaged
"SysInfo" = Creative Systeminformationen
"TeamViewer 8" = TeamViewer 8
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.3
"TKKG 9" = TKKG 9
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"Urban Terror_is1" = Urban Terror 4.1
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" =  Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"SOE-C:/Users/Marko/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2013 05:17:00 | Computer Name = Marko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611,
 Zeitstempel: 0x5191e7aa  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xbdc  Startzeit der fehlerhaften Anwendung: 0x01ce70bb9556e1ef  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: d322ebce-dcae-11e2-b66c-8c89a55c6c5c
 
Error - 24.06.2013 05:17:45 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17cc    Startzeit:
 01ce70bb9af987ef    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 e40622cd-dcae-11e2-b66c-8c89a55c6c5c  
 
Error - 24.06.2013 05:20:41 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 172c    Startzeit:
 01ce70bbb55d70eb    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 54acdde7-dcaf-11e2-b66c-8c89a55c6c5c  
 
Error - 24.06.2013 05:23:54 | Computer Name = Marko-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 08:07:33 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e2c    Startzeit: 
01ce70d2abf94762    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 a519db55-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:07:50 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1bf4    Startzeit:
 01ce70d36a99d480    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 aebf7afe-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:08:06 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1914    Startzeit:
 01ce70d37466369b    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 b8294947-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:09:54 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1bf4    Startzeit:
 01ce70d37ea88dc0    Endzeit: 1    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 f9949ccf-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:10:19 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm t6mp.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 6f8    Startzeit: 
01ce70bcc26ce4e8    Endzeit: 272    Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Call
 of Duty Black Ops II\t6mp.exe    Berichts-ID:   
 
Error - 24.06.2013 08:10:34 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7c0    Startzeit: 
01ce70bc5325ee71    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 0c6e7b09-dcc7-11e2-af3c-8c89a55c6c5c  
 
[ System Events ]
Error - 24.01.2013 01:12:36 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.01.2013 01:56:39 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:41 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 31.01.2013 01:41:24 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 watchmi service erreicht.
 
Error - 31.01.2013 01:41:24 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >

Takie · 24.06.2013, 23:22

Code:

ATTFilter

OTL Extras logfile created on: 25.06.2013 00:07:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marko\Desktop\Hijackt
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,61% Memory free
15,96 Gb Paging File | 13,05 Gb Available in Paging File | 81,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 836,19 Gb Free Space | 62,06% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,72 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive F: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARKO-PC | User Name: Marko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149137C8-AF10-439C-9915-5F3CC9A27FC0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D23994E-2612-48A8-9C8F-79881C8F4A1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{364756D3-82F3-48A0-97DC-43F9AE260343}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43B9753D-B7B6-451E-8349-8A33329F04A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FE6C525-8DCB-4767-BA0F-BF7D24FA6563}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{59E6703C-2C20-498C-A580-0DAAF897202B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BC37F4F-21A9-49FB-82CF-3C1F2F8D9038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{69CB7462-8746-45F5-A7FC-F421C8260AA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{737D7272-050D-4604-B127-B93472F3EF67}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7711390F-C2D3-4484-B313-8B854546FB67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{77BE827B-68EE-42B4-B924-1770B01EB53B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82770B05-846D-4017-863C-C7C18C367D01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E4DCDA1-15CF-416B-812B-4A54FBA2BFFB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{95CEFD6D-BB67-4426-94E9-11D6F2A9D0BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9884877E-4D67-4A76-B545-6427653E73E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3533208-DA7E-4362-AAB2-BD564240532D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AB0B0BE6-6E2B-4E1A-92F5-EE469D6D9B99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ABF5D592-EA0A-4F6E-944A-72CEB84021E6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC7B2D57-B398-4529-9A7F-17FF638646CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ADF666C3-00B7-402D-94E1-788D44CBE914}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B3C01EB0-41B8-4D3F-B607-433CFF58BE5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B46A5AA7-C721-4DF0-A137-CDD49B53B384}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C394BA47-C366-4D9D-9946-A087BE162473}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003549FF-87E9-4446-A0A9-EA168DB7B229}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{041EB5DA-8B57-4904-AFB0-5B67818FB1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{059EF4D3-E4A2-4861-8102-BAB7928765F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{05B069A7-F443-45D2-9316-C1ED1BD27352}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0981B476-8540-4E07-B0DC-77B9574C1411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0A5984C2-C2D3-4E7E-8133-FB849394784B}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{0B8D2785-78A6-4282-8EE8-3F7B68C0AE58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{116468F9-237F-4F98-829A-B135D602C4ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11BACEF0-6238-4942-9C10-045624255C29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{120DC8D7-50B7-4724-8BBD-1498076E6832}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{136229FA-A714-4F0F-A538-90200F654E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{1836E2FF-DE25-4668-AF1F-1748E130CF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1A236976-DA98-42AB-99EA-6B36D61B3351}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1A9ACB5D-B95A-4BBE-AB91-6BFE096E2E05}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1B03D589-69C3-40D6-B347-D27BBDA0FCFA}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{1BDA2668-76D7-4276-A33D-320F3C9F63E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1C2C79BA-C253-4A8B-A516-267D7166F67E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{1CA76231-9A08-4E30-A70A-A93841D967CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{1D21FD43-CA2C-4D1E-8A41-7967A2F2FD02}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{20079E73-05C1-4091-9BFA-8823D5DD518B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{21D51E16-2F3F-46F7-9116-59C2E6AF0B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{227B319E-74BA-4B4C-B75A-38C1D4818BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{2853FC5E-3721-43C3-8C0B-B4D365D1FFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{28C1E3B4-2B1F-4872-B9F2-B44D7293D735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{291D5CCD-E17D-4C15-A670-4C5EDA4446E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{29ACDBEB-F1CF-4151-A4AA-13048A02740A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{2B78CE8F-C3F2-4A27-BCE4-0A837718D8D2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2BDBAB93-22A1-44CF-90EB-72FCAD9B22A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2C6B8EA0-0A02-4C5D-AB84-30B189DB06CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C93B8EC-E1C7-41CF-BE6E-871852E6C8A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2EDE2BAB-F5DB-4C86-B69E-BED68C580770}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{357E500F-51D9-49F9-A4AE-E686AEAF5FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{371397C4-5857-40A6-8CC9-6B958AB858CE}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{375AA0F3-7328-48DB-BF45-8CCB147DAAFC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39ED8DC6-7818-4464-9DE1-ADDD720DE54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{3C0B0906-600B-470B-862E-FCBE08561CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{3C62E7B5-292D-4D8D-B641-BC98E726BB69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{42435051-9A2F-48B2-8EB6-0B7C436AAF5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42EF549E-DBCB-4A78-8D29-653F8BFC48D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{445A1772-A46D-4232-88BD-7F0A5AD40978}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{467AD206-4925-437E-B93F-402A45F5116F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{46DB38F8-4208-4CEF-AC37-C08CA733EBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4CB7A1F9-870D-4AFE-A822-243D12E29E57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D4D99EC-E581-4C78-9479-80C42766C7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{4D60768C-2D7F-4484-8DB4-7B2BAE32386B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4DAE9D2B-BDE9-420C-A760-A310F5BB657A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E07DE23-F845-4218-8F85-23D7FA37EADA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{50B1813B-5A52-4B27-80DA-32CACA0EC8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{52B1468C-94A0-4F9A-B606-07E578403A34}" = protocol=58 | dir=in | app=system | 
"{53144344-469B-47E0-BE1B-BC5F917B55D6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{581140AC-E4FF-4FD3-8061-10861BBBD10E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{582BF172-1042-42B0-AA55-A73D409C4F35}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{58FB66B4-4B69-4B0E-8D47-A668EF428E9E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5924B558-A53C-4AB5-BE34-2280B08D75F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{592FDD8F-54FD-4D81-86D0-366BCB6D106A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5A5993C0-6889-4822-9F1D-0729DF7FB0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5B27B063-63B6-48C3-8904-3083EAA9D53D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{5BBEAF53-A461-43BC-85D2-4CEDFBCED156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{5DA290D7-83E1-447A-919B-5A618FE6FEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5FB6BF60-BA58-4117-9A1C-1E3083976DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{61CAF8A3-BDA0-44D3-8E38-A4FB33E2AAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{65F926BE-0085-47D3-9554-61AA8AD094B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{66088498-E184-44E4-BAF3-C4F0F26266EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{66183BBF-63CC-494C-8CAE-C75FA8E7EB71}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{66E01231-A3E5-4750-B431-62E0D36FE69E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{69205C79-2F06-42CE-998A-A03825BF52BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{6A92E203-8A0A-40F2-966E-2E0BEA25C6CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B6323D8-9D6E-467E-B99B-0A329C4478D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{6BFB8B06-57E9-4322-8FCD-2DB22EB0DCB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{6C801ED5-CC14-4E62-8ADB-990E63B316A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{6CB7D893-96BF-46A3-B87B-18F6117A7E10}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{6D8A6D87-9B13-4640-BB1A-500DC476A048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{6DA3A700-282B-45E7-A46C-0AB13A00012C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{70663C19-9599-4C92-8CE2-F0AA09D7098A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{70799A3D-6F31-41CD-9791-7F8EACE4FE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{70D0B30E-A8D8-4AD1-8759-C13BF2CFAAFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{70FA73B4-4FE9-438C-B6BD-890DD4AC68D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{752C6329-7B6B-452F-A9A7-37CE6AED323B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{764D96C6-4639-4B5F-9F14-21FC1E73A273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\garrysmod\hl2.exe | 
"{779AEA95-D630-41C0-916A-8F07DE26DAFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{77EECFA9-1FEB-427E-9AFC-FD8485BC3B82}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{7A5C4420-D3B2-4B4D-AE0B-93C04C9997CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{7A648CBF-5548-403E-B14A-12633860AC90}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{7B523648-678F-430E-817D-8D448175BCDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{7E9A2BE1-CBFE-4C12-98C1-1EF8F11888BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{7F0E899C-6A31-47AD-A7C4-91F8A91CCDF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{7FDD8C5A-EFF1-41D7-8D48-0281A0BAE4B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{7FE78DCE-C2C3-45BC-B851-60E4BF0C7741}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{801C86F8-D8F7-4496-8A7A-D5F05E72A4B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{81822F97-9681-417A-9E5C-A1E4D5D14DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{823EE8B5-0575-494F-9101-0104F3C087A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{825F1852-F77C-4CFA-BC3B-2F9B7104D881}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{865EE65E-C572-45A5-BD86-399C10694E97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{8890D599-DDA3-4EF7-8C7F-C495B10F501D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{8924C71C-FC04-4D74-9FC7-DBF44E7173AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{89A5879D-DEF4-4BFF-8AEC-22FB51739B32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8B0BAA0F-1E84-4135-A4CB-68F8F6F55387}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8CCB0186-9DE2-4F67-BA1A-C3F2F7C7E77F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{8DE6EEF5-A666-4F82-AAFC-1AC7BEAF27FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8E266BAB-6265-4A47-A781-F97C684C5189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{8FF788F7-F7C0-469E-8415-FBCC90182320}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{911BECC1-875F-4019-874E-6C9FF9BD5063}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9276AAA8-B0B8-4236-AE17-DA64ED2D23EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{9389BC4F-0859-4EB9-8327-AF94243B3A9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{93AAE303-4A59-4D9D-BA3B-53C8BFE88F62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{953042BC-0F11-4D08-AF8A-B15023B72155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{96B3E40D-297F-4E6E-AA9B-2929D4D12AB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{97353F4D-5588-4104-8E83-64F5125C8C09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98D30FB2-FE52-4BBF-817B-CC95C7D85F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{9D2DFEF1-D648-4859-AFE7-A2385A0DC11F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9E8330C7-FCAC-4D06-9282-906F7AA7D70E}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{A3C51150-33DA-4D4C-8A2B-754803158A9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{A4322B46-116F-40FB-97A4-36B0446F768E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A4AE5956-E974-42A2-9367-D3929EFCD912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{A4ECD141-14DD-4A62-853D-3BF87D7A2C93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{A5FABDB2-1C3E-4ACD-B54F-95D6A9778B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A6200002-2FE8-48EB-8006-F4B4C1914552}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A701038F-329E-4F57-A57E-F1826DAAC679}" = dir=in | app=c:\users\marko\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A9204272-E12E-4551-80B8-F42DE8EAEA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA54BD56-7388-4CF3-BFDB-5E861F55E944}" = protocol=6 | dir=out | app=system | 
"{AB19ED41-2355-4E5C-8672-4C3925AEEFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AB2ED931-1EC1-4DD6-97A7-EB802A44AF4B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{AD4E1789-37A7-4B00-8B2F-FE33CF64309A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF757A34-40DC-46E0-B029-DE2896122EF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B0D83AAD-8E20-4D36-B78B-7323573A5A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B26A9F31-699E-4A2E-9C5C-E52D7C1AF789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ravaged\binaries\win32\ravagedgame.exe | 
"{B6D96897-B7D1-4516-9E20-96315E12BA3E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{B6DF730A-7FCF-4C8F-89E9-79C831CE7F84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B70E3034-B536-4964-A7F4-F2BE3A6C95EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B776734A-8CDA-4CE3-A77D-74355EF80BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{BA8992D7-FBB2-4AED-B496-C886866A8291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BBD88E41-F3E5-447A-BC23-E48DC43A59C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{BCAD2D3B-0226-4768-8C42-3D243FD04AD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF2613B2-B00B-4083-A086-53A7ED71BA59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{C25B7712-5AC0-4E65-9DA1-C97AD25EEC2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3AB685A-79C3-47A0-97FE-449B37951DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{C4DF5A05-F887-496A-BF6C-DE35151012CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C63B850C-224E-48A0-AC41-5E7629518894}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{C6BE8C78-7DFD-40D9-92F9-2A3974F6C2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{C6DEF6D4-BB1B-4BDF-8251-648CA4EF43E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C75C36FC-7716-47AA-BCC0-0A8E42BB32DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{CC464837-B757-4A7B-8EE4-4FBFB01B40BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{CD3BDA49-7996-4D90-A68B-0340D68E0CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{D3A30592-D12C-419C-850D-BF4C11F1462C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D42A9E36-CA68-4AB9-971B-E9A7DAE2268C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D4A0DDE2-3466-4A25-A0EB-80ECAF270186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{D58FD79F-293A-4ED7-8CED-F3FFF96ABE50}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D60830AE-FC2D-4645-9F7E-C62C9A5752C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{D76874DD-15E2-4B13-A32B-6395D4229AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{D8181EB2-2E73-4DF7-BCA0-189181C61C30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D89109FF-36CE-4BE7-AC94-5148DA9BE4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D8D2703D-D84B-4D2B-B384-3E42DD20E5AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8F841DF-5020-4548-B8AC-04287496F952}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{D930FA5C-C5D4-429F-9771-4757EC3E82F9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D9E782D5-58D8-4B9B-AC9C-9B826FD8C7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{DAA81AA2-18C6-4A3A-9D6D-92FB1A5BE9AA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DBFB8A70-56F9-4656-820B-173552482E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\counter-strike source\hl2.exe | 
"{DE74A38C-5CAB-467B-9E5C-95C36CF2853A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DEF8D179-7B2C-4809-ACE1-2317B798673F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DFD775F9-C794-4866-BFFA-EE98D9ED74DF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{E1506FBC-E84F-4C26-A902-BA1A6E5E5B53}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E41AA77B-2359-4D4A-AC0E-F4D91E645E33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E517517F-1193-4E56-8AFA-52F9A9507154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | 
"{E5AA8C7A-81A2-4FDF-8926-48089AB081D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E82571FF-4E7C-47F9-A117-25E4FBE07CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E894C679-29CC-4433-861C-6602EA3C01C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{E8BAE786-0A41-4C60-8B7D-CCA2C3C056AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E9A1F5AD-B2F6-43A5-95C5-4A30997054C5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{EC5FB37B-444D-4291-A50E-0DBAF44D9111}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{ED8846D3-6752-4A36-8EE6-DC313773C3CA}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{EE8BFBB4-3D1B-4E5B-B2DB-2000A1BA881E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1F704B3-6072-4F2E-BEC5-50DA13DBAD45}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F5D75967-AB3A-434E-BE33-81ECE863F41E}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{F6A3C1DC-B771-4CAF-8358-2BAC6014E08C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F7265B85-AC49-40C9-8C77-B7B93D76D263}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F73BD200-5C2E-475B-9590-293B36F8A108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F76C6790-D37D-4A10-AFD8-A9E2925D01E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C4FA83-9F7F-474E-B7E7-F3B5869B450C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F86B6E4B-D49F-4F31-8215-0FB7CC08AFAC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F87BF768-67FA-4749-980E-AFAE0E337BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{F9160404-E7B0-41AD-AC71-C5E5B987B43C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F95F440F-1DF8-4CA6-95E9-15F2B8392671}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{FAFB884F-87BA-421F-8A16-159CF3772C84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBF9B0C5-DE2A-4058-ABEC-9ADBC6275148}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FC766F59-D4B0-494F-BB2B-2D1A9F62B34B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{FF536D5A-B453-46C3-BD32-B298DB02E4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{FFA3B91D-B7A4-4696-9A8A-521AF622DE92}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"TCP Query User{02F67F50-6A53-41F7-9C4B-21A8F0AD68BA}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{03501292-E7A7-4635-AD70-D80E11302E56}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{0485AD80-5357-4458-A9C4-4AFF74472B84}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{07A6DC29-BF87-44CD-8CDA-AA0EB5628631}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{08175A44-812F-41A5-9676-E8DE0CE5D7F8}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{082AB431-0750-4B40-9176-9C1051BD9BEF}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{12FBE273-D1DA-4E99-A62D-8728EC7BBF72}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"TCP Query User{15288C6F-96F8-4CC3-AD5C-BC7F0923DAAD}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"TCP Query User{1E6F96B6-3EC9-4B60-AEC5-6416F9609A10}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{22D8BC2D-14B1-4F10-8424-53374490CF7F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{252CB076-F0D1-4061-A805-837D85661080}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{3D390E3C-B4FB-4EEE-8F86-04792C4EEDB1}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{40A266E7-E4E4-456D-B3B6-78000EC09F97}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{44DAE44C-6C8B-4A28-AB4A-65A5D3189A76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{455EF538-DDB3-4F53-AED9-A83332DD6545}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{49CBAFA6-E3C5-48CE-A556-59A230BF89D7}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{4CAE0980-3E7B-47F8-9AF8-BE603B06B22D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{4F63895E-E01C-4957-9F67-4AD6CF8B1DB8}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"TCP Query User{5338628A-1122-4567-B906-20B1BF0BD040}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{5798F953-8CF4-4E21-924D-0C677B5540E4}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{627C9E97-BBE7-49A6-8C82-0FF3DE026063}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{65DB257A-CA6E-413E-85DB-5553B32E281A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{66AED3F4-CAD8-4553-8C51-637E7695D5A9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{66B19EA2-35B1-4B37-8ED2-D07C29922E67}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{6B2ADF29-399D-4D9B-A36E-CA7866E8FD7F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{6E1AEDF4-E998-4DE2-B0FF-67E008D0EA1D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{72D90E31-FB12-4C61-9163-CC27D5C4A566}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{7B49A587-A3D5-4984-9913-90343951B6DA}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{7DE238F2-70BB-4FD6-897C-B5B4E7F5B097}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7DF41239-A6AA-43E3-BA08-9068CBAD10D3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{83E3EF04-1F39-4778-843B-E1D144CB63C7}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"TCP Query User{85F79D83-42B0-4E5C-8BE6-571BF79D51E2}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{91DF0321-2E6E-496D-958B-97D0B897D492}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{997F333C-25D4-4797-8A5E-D98C4CC309BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{9AF83CA1-BC9F-4BA5-BB04-177737628E21}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{9B5F2425-8480-48CC-A627-29F1CA4F41F2}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"TCP Query User{9BD37A06-431D-4AD2-951B-286E6B67B8BB}C:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"TCP Query User{9EF3C44D-3C16-40A3-8381-8CB0E2D1DC91}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{A5BB9664-3F16-4B6F-AE38-FB3D58CD53FB}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{AA6C78EC-6146-41A8-902B-F8122B6BA29E}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{AAC6375B-6702-4D46-A8BD-91F8919C4F4B}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{AF24B2B1-586E-451D-A375-43F1B470011F}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{AFA8E65D-67E9-40A4-ABE4-49BACFF176C9}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{B70B472E-CCDD-4FDC-B506-7D5676A0C400}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"TCP Query User{BE68F03F-3DDE-495F-B921-6AC72B3585B5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C29FA49A-93BB-44A5-851F-343DF858CA92}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{C813D873-C98E-43BA-A379-69847FB203DA}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"TCP Query User{CAA79CE7-53BC-4054-A6F0-305E7790F64C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{CACB6963-E779-46E6-A1E1-DB1CDD689A98}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"TCP Query User{CE0DF9D8-1268-4993-8958-82490CC3307A}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{D12E066F-19C3-488B-80DB-92B2FF1F374C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E1332F19-68AE-479B-81C0-4B9594EC21A7}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"TCP Query User{E2708DCE-FE05-4B98-A88F-E7DAF3541749}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"TCP Query User{F0B1F2DC-877E-4E7C-9DD0-D80E29127CFA}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F1BC051F-010E-4571-9DF1-A2B5AD6BAC96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{FB692F3E-414E-47EB-9A46-B7BDE2E0EA4D}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{FEAEB5A5-2B2F-4236-AE14-D37680825D00}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{0212B309-D5AD-47DA-AAAB-B00E690B2ED2}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{11ADF928-84E8-41C6-9532-4C241E39F0DE}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{2182877C-CBD9-424F-A54D-95B2BFFBAD7C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{27072956-3F8E-4EF9-8998-75FAA72F246D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{2A5400BA-9C34-424E-803D-419358DD012D}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{2CEC33EB-FD26-4ACA-A2A3-6E8D6253663C}C:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\mw2\mw2sa.exe | 
"UDP Query User{39677F3E-0477-4D06-9CF0-E8C893E6F81A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{399EB417-A858-4EF9-92F2-805B8E31C600}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{3F1BC503-1861-4665-ACC7-33A6C1A49F83}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{4140172C-AB36-4CD9-9E64-082E8784E327}C:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.951\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{44417A03-BD49-4777-BFDC-AE305F337257}C:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.767\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{45A433A2-973E-4AC3-8975-35D73DE1EB9B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{4824BDDA-F380-4156-A0D4-75103BC3D62C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{482BA6BF-CEFF-4EBC-86F4-EF088BA4C728}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{54A6EE97-1489-4FAC-A162-302400AE884E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{5680AC6E-9408-489F-88B6-8FFBEB051970}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{5878E318-8E0B-4070-9779-D5CEFABC9C06}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5A03762D-3492-4760-ACE6-62AB9B4C6944}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{5B6A0121-7098-4B6D-A221-ABF925F479C6}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{62CDA703-143C-4A51-9E71-4F9B288303E8}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{63D60683-2485-4B7D-998F-FEECBDF3C35C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{63E64DB9-3808-4A6C-BD28-DFEE873391D5}C:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.630\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{6B365E2A-87AD-4D6E-A62B-46FA818E99DA}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{6B7160E4-AC90-464E-88D8-068C3A91EA36}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{6E94EC8D-9D24-4DE8-B221-F44315E65BAB}C:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=c:\srcds\orangebox\srcds.exe | 
"UDP Query User{7C5B2894-A071-46F5-83A2-19C5C481EEB2}C:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exb0.812\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{81C1CED2-A290-4489-9E64-8D2CD9ECB174}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{86DE1A94-F076-4561-976E-82B34E70BCC9}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{8CCFC2FE-4435-429E-ABC1-E6787573EF5B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8DC79EA6-FDEE-4FC4-9E7C-E142024939F2}C:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\teamspeak3-server_win32\ts3server_win32.exe | 
"UDP Query User{92D950AE-E8A3-4BD8-ACE4-B750ADFF8710}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{93956A8A-9C94-43C2-873B-812B2652C4C7}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{9CECAF94-8984-48F7-B3E5-8BB5F5E7AE77}C:\program files (x86)\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\urbanterror\iourbanterror.exe | 
"UDP Query User{A3DD4C99-6D34-4CEE-A361-83F81EA127C3}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | 
"UDP Query User{A5B8417E-0E45-4D62-A809-36F7370B55C2}C:\users\marko\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\iw4m\iw4m.dat | 
"UDP Query User{AA833A98-F09D-455E-8337-01112B9282BA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AD0F7432-3766-4CD5-8C30-E5228C71AC04}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{AF146B8E-652B-4178-AD73-88AEA0CF74A1}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{B7C977DA-1F56-452B-9549-FAB9AE966C5B}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{C4C778FA-7364-45E3-BA5C-9260CB4D08D4}C:\users\marko\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{CA9BC5F5-E305-439C-968C-EA98CFAB2D43}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{CCCDA095-DEC8-4A2F-A999-7CD3D8AFFC37}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{CD24C728-8E99-445F-AFFB-E2FFDCD9C5FE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{CD5C6B3A-F714-49D8-B5A4-BAAC8AACE7A4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{D60BECBB-C5D1-49A6-BDD1-1649A72B7060}C:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\temp\rar$exa0.416\terraria v1.1.2\terraria v1.1.2\terrariaserver.exe | 
"UDP Query User{D7ADAD5D-9D63-4378-8CF0-A7827FCC513F}C:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\marko\documents\[ghbsys.net] public-client\ghb - pclient.exe | 
"UDP Query User{D904BD3A-B990-43B9-A1B2-2863A725FB7B}C:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe" = protocol=17 | dir=in | app=c:\users\marko\desktop\modernadmin_1.0.0\modernadmin.exe | 
"UDP Query User{D9330897-A4E7-459D-863A-35F85F9FBDEE}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"UDP Query User{DAEF5EAA-9E5F-47BA-ABC1-1FB1A601A8B8}C:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\der_zocker2012\team fortress 2\hl2.exe | 
"UDP Query User{DB8B1416-DC07-49F3-823C-646F7617741D}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{DE790E46-555D-43A0-87B9-C9027557EDAE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{E4D5B158-93BA-46ED-A4A5-CE109B57331D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{EA1F6E8B-BDA4-43D6-8C72-2F734E738D9F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{EB190651-ADFC-44DB-9F93-1AAE9906A700}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{F0B5FC06-A735-43C1-88C3-314256E17533}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{F361E9B3-1CBD-4931-A7AB-7EECB0707544}C:\users\marko\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marko\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F51A2883-FE40-4225-8E71-36A92C01C83C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"AutoHotkey" = AutoHotkey 1.1.09.02
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.120.08260
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.28.8
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388A10A3-FE60-4946-99B8-99DF1B94870A}" = S4 League_EU
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1" = JC2-MP version 0.0.12
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EBA42C8-535E-4D45-AC68-D7F4557B7336}" = Gigaset USB Stick 54
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25E16F9-902D-4B08-B6AD-C28882C6EBFE}" = Garry's Mod Manager
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Alliance of Valiant Arms" = Alliance of Valiant Arms
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combat Arms EU" = Combat Arms EU
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Diablo III" = Diablo III
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Dungeon Defenders_is1" = Dungeon Defenders
"EdenEternal-DE" = EdenEternal-DE
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Garry's Mod Manager 8.30.0000" = Garry's Mod Manager
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Maus2" = Maus2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ProjectTINT_S_x86" = TINT Standard BETA R6
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 200170" = Worms Revolution
"Steam App 200210" = Realm of the Mad God
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 209870" = Blacklight: Retribution
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 224540" = Ace of Spades
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 96300" = Ravaged
"SysInfo" = Creative Systeminformationen
"TeamViewer 8" = TeamViewer 8
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.3
"TKKG 9" = TKKG 9
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"Urban Terror_is1" = Urban Terror 4.1
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" =  Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"SOE-C:/Users/Marko/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2013 05:17:00 | Computer Name = Marko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611,
 Zeitstempel: 0x5191e7aa  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xbdc  Startzeit der fehlerhaften Anwendung: 0x01ce70bb9556e1ef  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: d322ebce-dcae-11e2-b66c-8c89a55c6c5c
 
Error - 24.06.2013 05:17:45 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17cc    Startzeit:
 01ce70bb9af987ef    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 e40622cd-dcae-11e2-b66c-8c89a55c6c5c  
 
Error - 24.06.2013 05:20:41 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 172c    Startzeit:
 01ce70bbb55d70eb    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 54acdde7-dcaf-11e2-b66c-8c89a55c6c5c  
 
Error - 24.06.2013 05:23:54 | Computer Name = Marko-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 08:07:33 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e2c    Startzeit: 
01ce70d2abf94762    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 a519db55-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:07:50 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1bf4    Startzeit:
 01ce70d36a99d480    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 aebf7afe-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:08:06 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1914    Startzeit:
 01ce70d37466369b    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 b8294947-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:09:54 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1bf4    Startzeit:
 01ce70d37ea88dc0    Endzeit: 1    Anwendungspfad: C:\Program Files (x86)\Opera\Opera.exe

Berichts-ID:
 f9949ccf-dcc6-11e2-af3c-8c89a55c6c5c  
 
Error - 24.06.2013 08:10:19 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm t6mp.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 6f8    Startzeit: 
01ce70bcc26ce4e8    Endzeit: 272    Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Call
 of Duty Black Ops II\t6mp.exe    Berichts-ID:   
 
Error - 24.06.2013 08:10:34 | Computer Name = Marko-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7c0    Startzeit: 
01ce70bc5325ee71    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 0c6e7b09-dcc7-11e2-af3c-8c89a55c6c5c  
 
[ System Events ]
Error - 24.01.2013 01:12:36 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.01.2013 01:56:39 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:40 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 25.01.2013 01:56:41 | Computer Name = Marko-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 26.01.2013 04:44:09 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 31.01.2013 01:41:24 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 watchmi service erreicht.
 
Error - 31.01.2013 01:41:24 | Computer Name = Marko-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >

Code:

ATTFilter

Farbar Service Scanner Version: 16-06-2013
Ran by Marko (administrator) on 25-06-2013 at 00:24:01
Running from "C:\Users\Marko\Desktop\FSS"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 15:25] - [2013-05-08 08:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 15:24] - [2013-05-13 07:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

M-K-D-B · 25.06.2013, 19:50

Servus,

versuch mal den IE zurückzusetzen:

Setze folgendermaßen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

ggf. im abgesicherten Modus versuchen, wenns im normalen Modus nicht geht.

Bitte berichte mir, ob der IE danach wieder funktioniert.

Takie · 26.06.2013, 14:07

IE geht wieder aber leider mein
Lieblings Browser Chrome Nicht ;(
trotzdem danke

M-K-D-B · 26.06.2013, 19:03

Servus,

du solltest ein neues Nutzerprofil unter Google Chrome erstellen, evtl. funktioniert er dann wieder.

Erstellen eines neuen Browser-Nutzerprofils

Anschließend kontrollieren wir nochmal alles.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes\{A78F32FC-0023-488E-A586-07CFBC123192}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Takie · 26.06.2013, 22:00

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A78F32FC-0023-488E-A586-07CFBC123192}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A78F32FC-0023-488E-A586-07CFBC123192}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: hedev
->Temp folder emptied: 0 bytes
 
User: Marko
->Temp folder emptied: 25415634 bytes
->Temporary Internet Files folder emptied: 321929880 bytes
->Java cache emptied: 18028664 bytes
->FireFox cache emptied: 1146638473 bytes
->Google Chrome cache emptied: 384689297 bytes
->Opera cache emptied: 29329787 bytes
->Flash cache emptied: 63964 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321378 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.878,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06262013_225437

Files\Folders moved on Reboot...
C:\Users\Marko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marko\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Marko :: MARKO-PC [Administrator]

26.06.2013 23:08:00
mbam-log-2013-06-26 (23-08-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252794
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Marko\Downloads\PerX-Injector.rar (HackTool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marko\Downloads\Terraria 1.1.2 (1).rar (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marko\Downloads\WinJect.zip (HackTool.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marko\Downloads\__rzi_0.047 (HackTool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marko\Downloads\__rzi_0.708 (HackTool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marko\Downloads\__rzi_0.890 (HackTool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a8408647b9eae84a9334fa0951fec981
# engine=14165
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-26 11:35:20
# local_time=2013-06-27 01:35:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 23995 142961025 16783 0
# compatibility_mode=5893 16776573 100 94 44639 123919570 0 0
# scanned=444090
# found=1
# cleaned=0
# scan_time=7920
sh=E25E699620BCD586D323A0C0442BF55998245069 ft=1 fh=5763cd66e7547bb9 vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Users\Marko\Downloads\codec_pack_509581_ch.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 37  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 15.0 Firefox out of Date!  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.52  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Kein Browser auser IE Funktionieren So wie manche spiele

Log-Analyse und Auswertung: Kein Browser auser IE Funktionieren So wie manche spiele