|
Infizierung mit locked-Trojaner Hallo Leute, heute morgen wurde bei mir der Verschlüsselungstrojaner aktiv. Aufgefallen ist es mir, als diverse Programme nicht mehr starten wollten. Bei meiner Fehlersuche habe ich dann die schönen "locked-"-Dateien bemerkt. Obwohl er wohl nur ca. 12min aktiv war, bevor ihn MSE in Quarantäne gesteckt hat, hat er über 50.000 Dateien verschlüsselt, die ich aber mit dem Decrypter-Tool wieder herstellen konnte. Es folgen die OTL-Logfiles: OTL.txt: OTL logfile created on: 06.06.2012 21:51:47 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free 15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.06 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.29 13:45:40 | 001,626,952 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe PRC - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe PRC - [2012.03.20 00:58:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.19 16:42:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.06 02:47:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 00:06:48 | 003,280,208 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.22 15:59:00 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.03 19:57:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.01 15:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010.09.07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.08.24 19:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/20 10:54:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys -- (NTIOLib_1_0_6) DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.05.10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF DA FE E7 F4 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {5E0392FD-BFF4-4931-AFF0-2B13B19635EC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5E0392FD-BFF4-4931-AFF0-2B13B19635EC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 19:47:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.20 01:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 16:20:44 | 000,000,000 | ---D | M] [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.05.20 01:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions [2011.04.07 11:20:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011.05.26 11:02:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{ff0981f1-9827-44a3-88cd-e760430793c9} [2011.08.09 12:16:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\DeviceDetection@logitech.com [2011.08.05 22:26:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\https-everywhere@eff.org [2012.05.20 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.05 10:13:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found O4 - HKCU..\Run: [TVgenial] C:\Program Files (x86)\TVgenial\TVgenial.exe (ARAKON TVgenial Systems GbR) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351D8CE3-E5D2-4ED1-8315-AA4EDD4663F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B4B76D-4E68-4B4E-B387-020CD9EC3264}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.06 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.06 14:33:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.06 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.06 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.06 11:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2012.06.05 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive [2012.06.05 18:34:36 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2012.06.05 18:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes [2012.06.05 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.06.05 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2012.06.05 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft [2012.06.01 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.05.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLT [2012.05.24 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ZinioTabletReader [2012.05.22 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.19 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.09 20:25:29 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.09 18:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.05.09 18:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.05.09 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.09 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.06 21:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000UA.job [2012.06.06 21:51:38 | 000,000,250 | ---- | M] () -- C:\Windows\Brownie.ini [2012.06.06 21:49:39 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.06 21:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.06 21:06:36 | 000,002,765 | ---- | M] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk [2012.06.06 21:06:36 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk [2012.06.06 21:06:36 | 000,002,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk [2012.06.06 21:04:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.06 21:01:08 | 000,000,083 | ---- | M] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.06.06 19:10:50 | 001,805,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.06 19:10:50 | 000,774,964 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.06 19:10:50 | 000,716,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.06 19:10:50 | 000,175,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.06 19:10:50 | 000,143,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 19:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.06 19:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.06 19:03:11 | 2122,235,903 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 19:03:09 | 000,122,929 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.06 17:54:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000Core.job [2012.06.06 11:44:50 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2012.06.06 11:43:54 | 000,000,847 | ---- | M] () -- C:\Users\***\locked-.recently-used.xbel.anxj [2012.06.06 11:43:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00002C3C.LCS.tkfo [2012.06.06 11:42:24 | 000,000,083 | ---- | M] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.06 11:42:24 | 000,000,011 | ---- | M] () -- C:\ProgramData\locked-.tv6.rntp [2012.06.05 18:26:31 | 1805,090,816 | ---- | M] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:26:31 | 000,004,316 | ---- | M] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:21:54 | 2578,579,455 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.04 17:33:35 | 000,000,040 | ---- | M] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:10:31 | 000,000,856 | ---- | M] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | M] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.22 20:55:33 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.09 20:27:07 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2012.05.09 16:53:32 | 000,357,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 21:49:39 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.06 21:06:36 | 000,002,765 | ---- | C] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk [2012.06.06 21:06:36 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk [2012.06.06 21:01:08 | 000,000,083 | ---- | C] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.06.05 18:26:31 | 000,004,316 | ---- | C] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:23:16 | 1805,090,816 | ---- | C] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.05 18:08:36 | 2578,579,455 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 17:54:50 | 000,000,083 | ---- | C] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.04 17:33:35 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:31:40 | 000,000,856 | ---- | C] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | C] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.24 17:03:46 | 000,002,975 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinio Tablet Reader Beta.lnk [2012.05.22 20:55:33 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.09 20:26:11 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.17 18:03:35 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.22 15:58:26 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini [2011.12.22 15:58:26 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin [2011.12.11 05:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.11 05:03:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.10.28 11:40:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.01 00:01:25 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.28 23:35:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2011.07.27 12:50:24 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2011.07.25 13:51:40 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.06.29 15:24:56 | 000,000,371 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.06.15 21:31:58 | 000,000,011 | ---- | C] () -- C:\ProgramData\locked-.tv6.rntp [2011.05.14 02:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI [2011.05.09 02:53:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.29 10:43:46 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [2011.04.24 00:27:28 | 000,000,062 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2011.04.17 08:21:56 | 000,000,021 | ---- | C] () -- C:\Windows\Quicken.ini [2011.04.09 22:03:14 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.07 23:30:24 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.04.07 23:30:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.04.07 23:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.07 23:30:22 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI [2011.04.07 23:29:39 | 000,000,250 | ---- | C] () -- C:\Windows\Brownie.ini [2011.04.07 23:27:07 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.07 23:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT [2011.04.07 13:50:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.07 13:50:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.06 22:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.06 21:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.06 21:43:32 | 001,830,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== LOP Check ========== [2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono [2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports [2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision [2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine [2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome [2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard [2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign [2012.06.06 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC [2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools [2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD [2012.04.23 22:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com [2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy [2012.05.02 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.06.06 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive [2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts [2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix [2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee [2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio [2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012 [2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube [2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising [2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo [2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.06.06 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial [2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia [2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer [2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak [2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic [2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2 [2009.07.14 07:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC < End of report > extras.txt: OTL Extras logfile created on: 06.06.2012 21:51:47 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free 15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .ini [@ = Notepad++_file] -- Reg Error: Key error. File not found .txt [@ = Notepad++_file] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07079019-BAC2-408D-8BE2-0613F94B82DA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{08C8B36B-515D-4AEC-B6C9-F33548CEF89F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{1A38F24D-438C-472B-88E6-6F8D4A6B6B3C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1F370DF9-FAD4-407C-A33D-5F084AC36979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1F9A2A7A-AFDA-4A4E-88A6-62FC23EB0157}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2DAC6330-BA79-41CC-ADD9-83935F7A1C9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{30957B6C-EE69-4F41-86DA-82DD4E3E36FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4321DA8A-C18B-4D43-A244-A9B850B8BE12}" = rport=10243 | protocol=6 | dir=out | app=system | "{4A9E6A18-D19F-4EFF-9BEB-9108F3320185}" = lport=138 | protocol=17 | dir=in | app=system | "{4BD71C72-2D6F-4C80-AA7B-E64C9017416D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{556A9AE2-49A0-4AD4-9139-845AD749794E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{5843E091-B4D3-4E3F-8BC0-164C9BF1EE40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AF51FC0-F305-431F-8ECD-DD623A1A9537}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{5DA53699-BE38-4DC0-A69D-08FDF13E01C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{623F3DFF-8536-4DDF-B5D8-2F4C68F796FC}" = lport=3333 | protocol=6 | dir=in | name=network caller id | "{6262B7E5-B5DA-40E1-ABF8-6C1E5360DC01}" = lport=10243 | protocol=6 | dir=in | app=system | "{6344BAB9-3AC9-4848-AD40-8B0A734BA970}" = rport=445 | protocol=6 | dir=out | app=system | "{6749B654-7187-4D0C-A965-ED4932C6C68E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6ABA42A5-B5BA-45A1-B878-B568C7592DC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72A47412-350B-4E6E-9E1E-1C791561C6ED}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7334FFCF-D383-486D-9019-03FF3105F6A6}" = lport=445 | protocol=6 | dir=in | app=system | "{99468133-9119-4922-A378-FB0B4470B40C}" = rport=139 | protocol=6 | dir=out | app=system | "{9D8B3644-034F-4B08-9F00-D447BE477C97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DA1E87B-24DA-4A97-B78A-6B6BB9650B8D}" = lport=139 | protocol=6 | dir=in | app=system | "{A4297212-A50F-49AD-AAA6-93F53CA07633}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA331C79-7D8D-4285-A83E-F496F4D09E31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B0121EE2-CF39-4BFE-8B6B-14C854176376}" = rport=138 | protocol=17 | dir=out | app=system | "{B257455F-1FEE-437E-A0E6-D2CB1D7F25BB}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE7E4A75-6959-4599-A72D-DE192E0DD36B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BEE13D73-AA7F-44D1-9E04-7AEE00B26A34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C089FAB7-71E7-46AD-920B-C7D76535EF83}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C1B16FB1-B9B5-429D-B508-6736F9C325FB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C4E010E2-C0A7-4F84-A6EC-54C7F119B9EF}" = lport=137 | protocol=17 | dir=in | app=system | "{CBBCC64A-975D-478B-8EBF-2BDF63C54FB7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D4C9C895-A1FA-4FF0-ACDD-16DEE20DC580}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DE05AF0F-96CA-4F1F-B026-A09E1B140F86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E368BB7A-EB39-451D-B5A2-C1D244026BEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F939E50F-FB5A-47AD-B3BE-1F10FB9DE00A}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04ADBA1F-054D-401D-B087-BDE7DE3249AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0525FA8A-B6B5-4C47-BE58-43DDAF05A26F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{05993B37-B41E-4C36-B247-FC9A7AE5F15A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0645547D-CFB5-4348-8FAE-1EF0E4338E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{07E27360-33CD-4402-BBCF-AB894EEF3547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "{07FD1051-7026-4E8E-90F9-8EF3EA7730E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{099CF369-DEA5-4D03-8199-492200764006}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{09E12737-0FCB-4885-B69B-F02F1E058549}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | "{09E5888C-5AE6-4BCA-9325-B67E6CE64D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{0A5219A5-9D30-4C9B-9CE4-98616766BB3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | "{0ADCE080-F620-46F5-9A25-1AAF92C38270}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0C675F38-A85C-4789-B8DA-9F931BE22B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{0C796A86-8925-4974-8E3C-6BE0CE199D26}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe | "{10EC6CDB-4DE7-4245-B530-A6C142E00E9F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | "{11407DE3-13B8-46EE-9917-9286D37053D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe | "{1162D98C-5280-4347-A441-A90B2A1478BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{11D10033-B046-4624-B106-14CFF7FB4C45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | "{11FD4058-1C54-4209-8C4C-8BF13A4D6EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{12470128-3837-4775-A030-8E3557F5BFD4}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe | "{12844895-7DFD-401B-A507-18F0892920F6}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe | "{135B0A2E-8404-475A-A121-EC1419B6C33D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{141CDC0D-25ED-4465-B9A2-5081A3541075}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe | "{14E7EA8E-EAB7-4B75-A64D-6DC46B6FFE82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{150DDEB9-7DBB-4527-9D26-A9ED8B905247}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{1593C7B6-0106-4EC4-B31D-E7AA57B78F73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{164C4E47-6FD9-4C42-9D5E-8C7042839782}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{164FE90D-73BB-4C95-9123-E132F56DE4AD}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe | "{1712AB36-DA9D-43D0-8A72-76CB718BAA27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{17BB54B6-887D-4A9D-9D18-2617E964E98A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{1888AB9E-19C2-43EC-B857-FEBCCEAB0EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe | "{18D8DE57-F464-427D-9477-D8D61F4942E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{1A917D5E-8146-458F-8DF8-6B8B15F452F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | "{1B7221DF-FEE7-4DE7-BD60-FA2CBD939000}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | "{1BD7B623-D5DF-4240-A3A6-4679D3C48BD7}" = dir=out | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{1BDB0691-51D4-4502-B0B4-7127CE393629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{1C209ED9-4275-4190-84F4-BEB0911B625C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | "{1C890F70-88BF-4CC5-90C7-0876B998B1AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{1E6507AA-0DFB-491C-A557-E3AC8401EF15}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe | "{1ED31DE8-E8E3-4283-B8AB-4BDFD06E3EAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{219E2E7A-C2FF-48AE-A0CD-B8486800BD67}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe | "{22F226AC-7CAA-4A70-A1BB-0E2593F0AF45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe | "{23FA060C-C421-47E8-A29D-DB4E28E2E9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{27251798-0761-42C8-8390-ED37C3CDC8FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{27C2AA02-979D-40C7-A998-D8B88B9E8AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe | "{29EBAC88-A5AF-4B4B-BE20-905590270885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A28412B-7473-4CC2-B605-40E2B4204991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe | "{2A2B39AA-4E89-4BB0-BCBC-DA16DB162026}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{2AC9DF9F-6DC9-4CE9-9291-8949F087D3AE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2ACDACF4-F219-4CBB-A038-1F3DCE73E237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | "{2CB80525-0947-43E4-9A40-81B1C1910F0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe | "{2D99E0AE-5DDE-4835-BC34-32F35CC247ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | "{2F33FA62-F41D-4BCA-9A46-7F6214471426}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe | "{2FAD90F3-580F-4F6A-B636-A125653B9EAC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3060B90D-D667-463A-ADE6-A07BDD40278C}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{30DF4119-4EB3-41D1-AE80-2114757C44EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{316AE8BE-2152-4198-BDE0-CD59725650DE}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | "{32671100-BFB0-49F9-B6F9-C1EFAE4115F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{3373A350-9F4E-4CFC-8804-87C2AC5C9CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{34610804-991F-4C3E-B23B-FED8BF1973B3}" = dir=in | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe | "{355C5BB7-EC98-4006-B626-25454721524D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{36F682D9-25E8-4BE4-AEE5-AEDB2DE0442B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{37136F2B-2037-441E-BA54-1D169789B3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{391EEC7F-C63D-4C88-90AB-A77702AE5D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe | "{3A1C45DC-6486-4EAD-BE19-14267627B805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{3A31BB95-6394-4414-9578-EBE973EB150E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | "{3A847941-7FC4-45AE-A4B0-EA552A60B82D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe | "{3B5931A7-F0B7-41F8-91D9-72883878BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3B73D5F8-B18C-434A-82FF-AD45B23F73DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | "{3C032F4B-655A-4A9A-BD03-60D730DB52D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{3C2CD206-5BFD-4A5B-B4C2-1484D1236816}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{3D0E8693-37D2-4796-9B57-D423ABAFA74D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe | "{3D810912-FC51-4F7B-98ED-0553A2CE225D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3F585BC1-BB00-41F6-8A07-FD5E401C4E3E}" = dir=in | app=c:\program files (x86)\kalypso media\port royale 3\portroyale3.exe | "{4003D9B2-938A-41F4-9B4E-0659A00673CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{405EA4E4-DA51-4237-BC21-E5FFC0C74088}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | "{42F3C16B-1961-4788-A07D-EF60A8940A38}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat | "{43047640-C09E-43C9-A9F3-200799D0E4BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{43472933-6F8A-4CDA-BE66-8D6679CD1C30}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | "{44D88226-BA0D-49BA-BE66-4CC4533F59A3}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe | "{45B886E1-CFA9-4A9F-A71E-F303B884A0F9}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe | "{45F29B69-AD57-4913-9172-B295D509F33F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{471982BB-CACB-4823-B574-6D4C6A188701}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{476F5E53-3376-4B71-80D1-3C1D90B1F559}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{48C03F16-7EA5-4A71-A5A2-99BE17AAFA30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat | "{4923689B-E19C-4E81-ABCB-7BC1B19422D8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4961B935-6CFF-4C45-A8EA-79ADA9A4E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{4AB68D1C-CC19-4712-A851-74FC7B206CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{4C489DC8-03CB-4AFF-9CC9-C728F0425591}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "{4C973D36-F89E-48B1-A1F7-F9C0417995CF}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe | "{4D2C3CCD-FB74-4FE6-B459-E9FC98C8473B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe | "{4D632E11-E404-4512-BB92-4FBBAECA3D41}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe | "{4E460486-E7B9-4391-8376-8A7B8599C60A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52F4DAB4-401D-4C9A-9F37-9AE83CD789A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{53367FC4-887C-4955-B11E-4919D370681F}" = protocol=17 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe | "{55B77324-0262-4CCA-8F12-9F3DABDDB655}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | "{56B05415-504B-4231-8EC1-E2F1B79D2955}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{5ADC8666-2B8F-4FF7-A80A-1D0ECA7557D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5B41B688-1863-47EB-B628-800F9E992709}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe | "{5F982D77-288C-46C3-B15F-DD77E9638AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{615B5D12-90FC-4187-AFDD-F2035C424523}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe | "{62B538B3-63D6-493B-AC76-917996B595E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63590C2E-B45B-4B45-9E45-6E84ED50D856}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe | "{635BB72D-AD80-4873-8000-7FBEA8981DAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{688816DF-8BDC-4DAC-90A8-DCD0310E8A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | "{6972E647-D906-45C9-AFF5-52AB9064B635}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{6D333D5F-5AF7-4666-BB95-4C17DBF13A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | "{6DBEB15B-B7A5-4147-B38C-B07D855D076C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | "{6DC66949-95DA-4F69-9566-CDA40D52053B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6E0B9818-653E-4817-BD6A-C73712396091}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | "{6EE0607B-EB92-44B4-8F5D-284C002A81FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{70935B4B-7045-4190-9F64-B34963AE9587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{717FA88B-1371-4887-BE5B-F71DBD841F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{728E6038-57C1-4793-8D94-C8A318FA92D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe | "{74A285F2-B178-4A39-9D08-BD9186A7D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | "{75810FC5-7FE6-431A-A62E-3871BEC0D31D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | "{75ED039A-8806-4018-B40D-F127783123A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{761F2DCE-4978-45C8-931F-A5613DD462BA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{761F8662-42FB-4257-9819-1AB7AC7F3D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{77CD4E3B-FA46-4DB2-B9E0-5BE7F3445EAE}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | "{79C08357-682A-4B9B-B7B8-CBA77BD0CE8A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe | "{7A184AFE-4F31-4D46-847D-C0D7614A339E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | "{7A7229CB-1493-46B7-90B1-AF6B0F3B6A30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7AAF2A73-F880-49DA-AD53-3B7B1C2E22BC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{7ABA8879-E537-4D10-8C7A-47F65CB95A60}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe | "{7B29C6E5-32D3-4063-810B-4B8E5ACB48C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7E818D6E-3796-4897-AC12-B3CE2DFEA16E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{809A0939-5F91-4BB3-AFF5-769CB4055A00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{80BE146A-CEF2-4B32-B413-316C4ED3FB8B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{813A7159-7047-4F45-9FED-151ABAC63C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{81E9DE97-B87A-4F04-BB17-CC5BD3A8DBC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{825E8ADC-3D39-4801-8732-4422B2ED5B46}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{831317EC-567D-4816-9626-B87FD10321A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{831DC34C-B378-48D8-A7CB-3CCB9D051996}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{838C207A-9479-40C5-BF48-BAC6D120A8FB}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{86A0C8D3-9153-42A3-A6A7-88127DEBBD14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{8789D27E-3E2F-4386-B9FF-32D23117E6EA}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe | "{8862F014-E49A-4729-BF77-C8619803E33C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe | "{89AF12D7-BC60-4453-9824-FB9C8896FB85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{8A3D87CB-5FD1-4956-8788-211AB854ACCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | "{8AA34C69-4F02-447A-948D-2C8BA38CD01D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C6629E1-F745-4115-B3E6-7409A5254A90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{931EE64C-E8F3-4C98-972E-F4DF7A7592DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{940D3F3C-9418-493B-905A-48718AF27148}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{95B6E9A8-43A6-465A-BA1F-2E5E0258901A}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{95E12FE0-04EC-46D7-A24B-DFC6EAA986BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{96EA3626-2D09-4BE4-8C54-D0D72180935F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{97C0E2DA-F4F5-405B-B95E-7975CE5FFEAC}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe | "{97C86014-CE45-4900-BA93-FA7D75E03715}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe | "{981D9147-4799-4FD7-B4C4-51851A27444A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat | "{99C41CC2-6B76-44ED-A52C-B0CAC4DD2A71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{9AF7EB69-B437-49AC-991A-79BF19D74A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{9E660286-E229-4973-90E7-2B560C083622}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe | "{A1A11357-2EC2-4D66-B809-4C533C6FD58C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A21FFCF0-1396-4A5E-B1BA-F66DAF4F31EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{A2731423-30E4-4FF7-8AB4-6E689512C273}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "{A293111A-2AFC-4EF2-9E58-36BC651F3317}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2DFCFA8-F8CC-47C6-B897-6C59A8BB771B}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe | "{A35ED826-0627-41C5-995E-E8EA575988CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A3BB10F3-1F93-4000-8E13-FC776054C107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{A3C2203C-F31A-43E8-BC2A-CBC9842042F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | "{A6029BA6-CBAD-4AEA-B203-B49D2FE71460}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A6926B6E-A976-4E12-84C9-2D26AC39A8F9}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{A75A9622-4045-4BBF-BB55-80C1A10191E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe | "{A954F3D6-506A-407B-830E-627239187971}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{AA673FD2-6297-4614-8A5D-56D825BBB82A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{AB15EC6C-7123-434E-AC48-B2ECAD36038B}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{AEF87C11-4FA6-4B82-8BE4-6DD77439E481}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | "{AF398751-F3D2-4F50-B693-7CB88F99EC6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{AF621AA8-E119-4822-B798-621D0E730C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AF64518B-DD17-4271-8B81-B7E0A8F64D44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AFC21CE0-506F-4C7E-A314-BE80A82C884D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe | "{AFCE65D1-19E2-47EB-9287-696A74BD9D04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{B3981839-C97E-411B-AEF4-2177056A103E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B4DB546D-1692-4A6C-903F-ABFA1FD2EB0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\portroyale3.exe | "{B5B6327B-B87D-4D36-85E1-2CBCB15F1A65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe | "{B6E3D35F-D9E6-47A5-B58D-8DD76DEEE044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8EF3ED1-93F1-4EBB-84D1-2D4EC9E20F4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9183AD3-940B-49BE-96F2-381FC4A62836}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe | "{B936A981-BDBC-4780-A4FC-3CEBDB35CC9C}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe | "{B991BF38-D609-448A-9074-E44A29B6C79A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | "{BA6654FF-448C-4A4D-BDBC-A8B15D0A58B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{BB8D3DFB-BC0B-4787-A6D9-452FE296A9DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | "{BBA4506A-78A5-4913-836B-7260D281FF70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BBDE134F-21C4-4823-B60F-EF1F1C8A8C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{BC173678-1E9A-4F73-95EE-C0579A4360A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{BC6DB606-D16E-4BCF-8E36-E77801A8F1D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{BEB2D249-7A34-4AF0-9340-29693F25983E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | "{BF879B39-AD64-4C32-9C4F-BF3F7E2D8415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | "{BFF439AA-AFA9-4F19-B450-68EA10EAFA29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C1234128-62BA-4B34-8F47-6035829F3011}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | "{C1D68001-E69E-4AE6-906C-FF9AD7BD3D61}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | "{C620627F-D63A-440B-89A1-722CD0BD10BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{C676D494-D493-4319-AF6D-7D3A10E85A0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C6E39A19-2B15-4EB2-BBFB-4E4A540B9E26}" = dir=in | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CB01C104-6AE2-4236-B872-E3B4681FB142}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{CBECF99C-0BEE-4B1A-A378-BBE58895A64C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CE20EAA4-FBD1-4D05-A2A4-F0F53A080186}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe | "{CE3CA614-FB2C-413F-BD30-98D11D647202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{CE90D3FB-EFE2-4D7C-B0F0-2ABD43A93176}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{CFDCA182-E586-4B5A-B164-CA054ED4CD88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{D26FF957-AE43-4C74-B887-4767F8451EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe | "{D29EF0AD-9241-4E4B-8A80-125E48642F28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | "{D323CE74-60C0-4EE0-9456-5EC503C90367}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe | "{D46969FA-1FB8-42DD-B4A8-C5A1882D633B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | "{D620F3D0-C926-453D-99ED-A545D8A8C022}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D67C0D63-C9B1-4170-8204-4A90CA3BFD4F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D93DCCB4-2079-48B5-92E7-9C176B6BFB4D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe | "{D95788F1-FF67-4826-8D4D-B3D732EDD6AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{D9A961A9-4D22-4269-BDA7-A2837A8B64DA}" = protocol=6 | dir=out | app=system | "{DA5DF1DC-B08D-4508-8B61-3A2BF3F68B3B}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe | "{DB9E9803-A32D-4378-9668-F714B6CB2997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{DBC9C2D7-940B-4ECD-B752-02A6B513DE7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{DBD1FD71-FC4A-45F5-8655-9B89573F8F11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{DBEE98A7-F1B4-43B2-8622-23F71AED79FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | "{DC825FB0-15A8-4E7C-AE3E-8DBA7DD2F4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe | "{DD06856D-CB43-422F-82A7-5C107F10D446}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{DDD2704F-6E13-408D-8C9C-2B48AE00605F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "{DDDF5673-BF4E-4303-B16D-948069D2145A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{DFCD464A-A4F2-4345-9670-6207EA2A84B5}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{E040034B-F196-457D-A343-31569849F05F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{E13B089E-352B-4D93-B92A-ACF199382029}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{E17D2E29-1D7E-4722-B4CC-BE868403ED73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | "{E240FB7F-8A77-4B9C-9B95-E127717188E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{E31C178A-3D3D-43ED-9A79-ACD01ED01ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{E464EAC7-AD8A-4DA8-B2BF-BA2EF81FB5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{E4663410-483C-4585-A3C5-294579128617}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | "{E5F105ED-DF90-432C-9B9C-152C9391C425}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{E8C08C8D-196F-4B50-A578-5B0DAE83B171}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{E8F3A4B0-B554-4823-9B18-3E4227E8AAE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | "{EAEAFA43-B303-4CAC-A801-30E1C2D26F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{EC1A5427-A442-4385-B85E-839E524A74CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECFB9F36-5221-40B6-AB09-79535255FDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{ED05D442-C672-4FCC-AB1E-5B8DE9E4CFA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{EF519410-0F02-479C-84AB-FFC3B79A1826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{F14C2D0D-023F-4B98-87F2-38ABAD11A582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe | "{F286D02C-CB44-4EF2-A286-FB3451931131}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{F31831E3-0ADB-4EF9-9635-DD000023A72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{F3D491CA-6699-48B2-8A1D-9405E3AAED0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{F49783DE-00C0-4ED0-B923-A7593C4B46CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | "{F4CF2523-8AA5-491B-AA88-056AF3F03569}" = protocol=6 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe | "{F4ECE582-4506-4FCD-B6F5-39197285F60C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe | "{F6124DAA-AE49-44B2-98D4-56048AD68285}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{F6445840-2C68-41CD-A1BA-9AE19711E40F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{F73C549C-F32F-447F-A775-BD5CB4C19EC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{F7505251-2AAA-4AAF-8019-79B897A1FAA5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F7E314B3-7BDC-4A62-93EE-3727D5629704}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "{F93A4B25-D5B3-4481-9C30-0A32FC5159DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{FA3B318E-DEC1-4787-B42D-C7CA1CECD611}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{FA401A7C-1105-410C-B68E-B363E4607811}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe | "{FB090C11-2BC9-43D1-9D02-84F56155BE9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{FC278A29-A879-48B6-A4E4-8370D13B25E2}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "{FC565523-C3C5-4668-8ED9-8B3D15B10CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe | "{FE4DECAE-F6BD-4395-99FD-1ADF9B0B54F6}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | "{FF0D9EC2-1642-4988-BD8F-38C1B81B2EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | "{FF4AC1FC-C051-4D63-9A3E-22DB474904A1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | "{FF4D97F9-C97D-4B26-BA49-778A8BC74960}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "TCP Query User{000D9CA1-50F4-42F0-9704-93C695A0C7A4}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{0DAE883B-52B0-4507-9E60-7E6B0B1B31C3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{0FD6E3E2-C617-4AA9-999D-EF2DA8E12DF9}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | "TCP Query User{3019FBB9-DE2B-4335-9860-F0C01266E227}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | "TCP Query User{304FC0F1-D61F-4E9F-88B4-02FBFBAEDE58}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{3439DE0D-71F8-44DC-892F-C9772E63B973}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{3B3C0A6F-08A5-4C53-80CD-6C7E538B9E10}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe | "TCP Query User{3BA549E6-DD8B-4180-9FA5-3B28579C6410}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{3CF9F3E0-261F-4C26-B042-D6AD5535437E}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | "TCP Query User{3F66CD30-CEDB-421F-AC15-0817CE767024}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe | "TCP Query User{40032EBF-2649-4F28-B812-EAFE7D1F47C7}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe | "TCP Query User{4F8C9926-A06C-40F8-8A1C-F2A0CF8C8983}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe | "TCP Query User{5B19A9C7-D3C6-4172-AC15-D1B3DA4D14D9}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe | "TCP Query User{5B59C28C-2072-45F3-8268-B7B0A44718E6}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "TCP Query User{63D95FBB-4170-43D0-8C02-43E5FFC410F1}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{69223C06-CB8F-4099-A8ED-4200584D1EDE}C:\ruby\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby\bin\ruby.exe | "TCP Query User{7E1EA468-146A-492F-89A1-352E35DD3606}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe | "TCP Query User{832921BC-E7EB-494D-93D3-12CE1E92C345}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe | "TCP Query User{882CF7C5-4BC5-4FDA-8295-AF5E9FF6C549}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{8979AB65-0EC5-46A8-999D-6A181E84B99B}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | "TCP Query User{8DA3B70A-5F35-4296-9F07-E1075C43AA03}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "TCP Query User{8F10B101-6831-4B5C-B401-1D066099D02E}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{942FFE9E-1944-4805-8A76-0900DA76B229}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{9D3ED476-2725-4F85-9694-122CE5EF0CF7}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "TCP Query User{A15DF8CC-6D25-425C-90AA-45A335C5828C}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "TCP Query User{A49CC675-0EB8-4E5B-A2F4-442E4821377A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{A58ECADF-2AA8-44C4-976E-505CA3B71963}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{B14A4824-A0E2-4DBD-8436-16B1FFD6E08F}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe | "TCP Query User{B1E898D1-D4D3-4A91-BB50-20B8F70DAFC9}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe | "TCP Query User{B1FC11DD-1993-466B-A2EA-BB50665F0F0E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B540861D-ED74-4C89-9B7F-8CCA5D8E3FAB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{BFA87DB6-AF59-4442-83BA-7CB596088DA9}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | "TCP Query User{C1F042D0-649C-41B1-873E-FF02A5C11C17}C:\program files (x86)\songbird\songbird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\songbird\songbird.exe | "TCP Query User{C87621CC-31D4-49A0-A7F5-CD4EF2FEB475}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe | "TCP Query User{D402CD40-CA2E-4453-926C-A38DF1021C5D}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | "TCP Query User{E99C5246-4F3D-4F50-82AC-1C59DA35F0F9}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "TCP Query User{ED93032C-4AEF-4850-81C1-37F0EEBCB775}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{EE5C55F2-32F8-4D8D-B551-AFBB8E6C01AD}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe | "TCP Query User{F40CD599-028C-4824-82E7-11B6372C2348}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "UDP Query User{085C8C6F-D791-4E8D-AA75-31E97920F53E}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{0A960B60-B5D5-40FC-A04D-C6A2C7CD762F}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{18D8AB71-8AD4-4BE3-B602-BD5B0CBEC596}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{1C868784-E21D-4D8C-A0DA-9C1370D5AC81}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "UDP Query User{2B2C17A5-0435-4740-A8A6-56239A70E979}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "UDP Query User{3264D148-00FB-467C-98D9-55766283EAB1}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe | "UDP Query User{384E24B0-3C74-42FC-892F-69FA07E015C6}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe | "UDP Query User{3DD9DBA4-2B74-4E75-AE2D-34531712D980}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | "UDP Query User{4043920A-600C-4468-9DA6-E79FA320B2B8}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe | "UDP Query User{40DA1DD9-E312-4741-8CD4-47BACFB053AE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4307064A-6D85-46A1-8CA5-6403B0B69D8A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4C78812C-7D18-4BD4-B277-85F8C0A4DEC6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{5B25499A-25CE-45A4-BE22-EF17046EBE15}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{5BC1F0C0-EF59-4361-937C-29F8A32281D2}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe | "UDP Query User{62028CCA-6228-450C-856A-F89371CBA1C7}C:\program files (x86)\songbird\songbird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\songbird\songbird.exe | "UDP Query User{67FAA403-A522-4E69-A49E-6226BB5B4874}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe | "UDP Query User{7079FFCB-BC7E-43DC-A12C-23DB8F7204C4}C:\ruby\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby\bin\ruby.exe | "UDP Query User{86A83B15-46FD-4799-BB39-8AAE15F4391A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{898ED02E-E04B-43ED-AB34-795FC80A86A5}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "UDP Query User{8FB4F0F5-6B8E-4619-A511-74236F02ED55}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{9F49B3B8-894C-47A1-A00C-ABD45251A32A}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe | "UDP Query User{A149E5DB-B4DF-4FEE-B7C2-C63D4A2C32DD}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{A7D193C6-08D5-4F91-9473-55A455ADA7CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{AA23AE06-0396-406E-9F69-D79AD5BE2B1F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{AB0DC069-042D-41DB-B60D-B6985F34A4D3}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe | "UDP Query User{B8E9AAC8-21B1-4B7C-AC0B-97CE4B807C52}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe | "UDP Query User{BA48FA34-1182-42C0-956F-2DBA6E50D5A6}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | "UDP Query User{BA66B97C-A93A-4B7C-857A-34AF9D748F6A}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | "UDP Query User{C0178890-7F72-4FD5-B64C-40F97760ABCA}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "UDP Query User{C9B6733F-F770-495C-B0A8-48E7FA6B61BC}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | "UDP Query User{CABB1D7F-1287-4828-9F42-87EE438FDE89}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | "UDP Query User{CC31FB8D-670E-4F5C-AEDF-D20523994351}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "UDP Query User{D84BEDCC-AA3D-400D-8062-C9D5469191D2}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe | "UDP Query User{D86DDAE0-08A5-414C-9F08-954D9EBDB152}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{E65B0E4D-8946-4585-AB39-9910C70FCD1C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{E927AC7D-4EA0-4015-9889-AFFEC858C7CD}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | "UDP Query User{EA185ACA-CC31-48B0-8920-E9C70E1B6E02}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "UDP Query User{F0518E07-8581-4B23-99EF-7277A50B4C40}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe | "UDP Query User{F09D5FA8-88D3-4AE4-9F10-78D637D0D425}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding "{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "R for Windows 2.13.0_is1" = R for Windows 2.13.0 "sp6" = Logitech SetPoint 6.30 "TeamSpeak 3 Client" = TeamSpeak 3 Client "UDK-1a471f6e-c50d-494a-a882-bedeb3d55b0d" = Renegade X Black Dawn "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}" = Mass Effect "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{281EBDB4-E1DC-48AD-AA21-1F18BC22C49E}" = Brother HL-2140 "{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{2C87389F-F0B3-4F7B-BCDD-96E3571AECD4}" = Zinio Tablet Reader "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken DELUXE 2012 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25 "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3 "{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf "{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}" = GO Contact Sync Mod "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B02A7816-AA3D-4BCB-9FEC-3ED4D5CC6E5C}" = Royal Skat "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{C3A3F865-CB15-4218-89CF-B23DA3FD1E42}_is1" = A Stroke Of Fate. Operation Valkyrie "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{DB451A33-A351-4936-83E2-08B424445766}" = Qw Update "{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3BF6182-0310-49C2-A926-8A75516337F3}_is1" = Pole Position 2012 Version 1.0 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E8828ACA-EB7B-4412-856D-E79318840919}" = MusicBee "{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™ "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F66CEEED-256F-4DD6-9AD9-50ECF89CB286}" = ncid.Net 2.7.21 "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2 "Adobe AIR" = Adobe AIR "Alan Wake_is1" = Alan Wake "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ArtMoney PRO_is1" = ArtMoney PRO v7.38 "Captain Morgane1.0" = Captain Morgane "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "Downloader" = Downloader "eMule" = eMule "ESN Sonar-0.70.4" = ESN Sonar "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Gabriel Knight - Sins of the Fathers_is1" = Gabriel Knight - Sins of the Fathers "Gabriel Knight 2 - The Beast Within_is1" = Gabriel Knight 2 - The Beast Within "Gabriel Knight 3 - Blood of the Sacred, Blood of~B6A61117_is1" = Gabriel Knight 3 - Blood of the Sacred, Blood of the Damned "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "Google Calendar Sync" = Google Calendar Sync "HackerEvolutionDuality" = Hacker Evolution Duality(remove only) "Haunted_is1" = Haunted "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "JDownloader" = JDownloader "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16 "Law and Order - Legacies" = Law and Order - Legacies "Lost Chronicles of Zerzura_is1" = Lost Chronicles of Zerzura "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Miranda IM" = Miranda IM 0.9.48 "MKVToolNix" = MKVToolNix 5.3.0 "Mozart, Das letzte Geheimnis…_is1" = MOZART de 1.0 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49b "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1 "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1 "Notepad++" = Notepad++ "Office14.SingleImage" = Microsoft Office Professional 2010 "OpenAL" = OpenAL "Origin" = Origin "pcsx2-r3878" = PCSX2 - Playstation 2 Emulator "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Puzzle Agent 2" = Puzzle Agent 2 "Rockstar Games Social Club" = Rockstar Games Social Club "Sniper Elite V2_is1" = Sniper Elite V2 "Songbird-release-2160" = Songbird 1.10.1 (Build 2160) "Steam App 10080" = Quantum of Solace "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 107100" = Bastion "Steam App 11440" = DiRT "Steam App 12750" = GRID "Steam App 17470" = Dead Space "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 20540" = Company of Heroes: Tales of Valor "Steam App 207270" = DiRT Showdown Demo "Steam App 20930" = The Witcher 2: Bonus Content "Steam App 21780" = Driver: Parallel Lines "Steam App 22330" = The Elder Scrolls IV: Oblivion "Steam App 22885" = Dragon Age: Origins - Ultimate - Prima Official Strategy Guide "Steam App 22896" = Tropico 4: Prima Official Strategy Guide "Steam App 28050" = Deus Ex: Human Revolution "Steam App 32370" = Star Wars: Knights of the Old Republic "Steam App 33440" = Driver San Francisco "Steam App 33460" = From Dust "Steam App 35140" = Batman: Arkham Asylum GOTY Edition "Steam App 39160" = Dungeon Siege III "Steam App 42640" = Blur "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 46500" = Syberia "Steam App 46510" = Syberia 2 "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 48000" = LIMBO "Steam App 48240" = Anno 2070 "Steam App 55110" = Red Faction: Armageddon "Steam App 57400" = Batman: Arkham City™ "Steam App 57690" = Tropico 4 "Steam App 6860" = Hitman: Blood Money "Steam App 71390" = Virtua Tennis 4 "Steam App 7210" = Runaway: A Road Adventure "Steam App 7220" = Runaway: The Dream of the Turtle "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 7940" = Call of Duty 4: Modern Warfare "Steam App 8930" = Sid Meier's Civilization V "Tatort London 2" = Tatort London 2 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Rockin' Dead" = The Rockin' Dead "The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition "TVgenial" = TVgenial 4.10 "TwonkyManager" = TwonkyManager "uTorrent" = µTorrent "Video Strip Poker Supreme" = Video Strip Poker Supreme "VLC media player" = VLC media player 2.0.1 "webmmf" = WebM Media Foundation Components "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.11 "xp-AntiSpy" = xp-AntiSpy 3.97-11 "Yesterday (de)" = Der Fall John Yesterday (Deutsch) "Zinio Reader" = Zinio Reader "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194 "Dropbox" = Dropbox "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Hier die beiden Logs. wobei die von eset wohl nicht so ganz den Erwartungen entsprechen dürfte... Code: Code: Code: |
Zitat:
ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen |
Verdammt, hatte Chrome noch als Admin gestartet, da es aber da nicht ging hab ich den IE benutzt und dann vergessen, den als Admin zu starten. Naja, beim zweiten Mal hats jetzt geklappt. Ist der Trainer wirklich gefährlich? Ich ging davon aus, dass das ein Gamehack wie tausend andere ist. Code: |
Trainer sind idR ein unnötiges Risiko, hab schon oft infizierte Dinger gesehen. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? |
Scheint alles zu laufen, habe nach dem Wiederherstellen keine Probleme mehr gehabt, Icons sind auch alle da. |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
OTL Logfile: Code: OTL logfile created on: 10.06.2012 09:50:48 - Run 2 |
Zitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten! Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!! Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten |
So, Datei ist hochgeladen. Beim Neustart nach dem Fix wurde die kdbsync.exe vermisst, die von OTL verschoben wurde. Scheint mit den Grafiktreibern zusammenzuhängen, war die tatsächlich infiziert? Streamingportale benutze ich keine, zumindest schon ein paar Jahre nicht mehr und auf meinem aktuellen System noch nie. Ich danke schonmal herzlich für Deine Mühe, es ist gut zu wissen, dass da draußen Menschen sind, die einem helfen, wenn man in der Scheiße sitzt ;) |
Sry ich hatte micht mit meinem Baustein verklickt, der Fix sollte ganz normal über OTL und nicht über OTLPE laufen :headbang: Zitat:
Zudem seh ich hier weder die kompette Fehlermeldung noch das komplette Log vom Fix :confused: |
OTL hab ich benutzt, Schwein gehabt... Ich dachte, die Logdatei wäre in der hochgeladenen ZIP mit dabei gewesen. Code: ========== OTL ========== |
Das mag sein, dass das Log dabei ist, ich habs aber lieber ewnn man das Log direkt im Beitrag sieht! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Code: |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Combofix Logfile: Code: ComboFix 12-06-10.01 - *** 10.06.2012 22:49:22.1.4 - x64 |
Hm, CF hat die keepass2.exe gelöscht, warum weiß ich nicht. Wird wohl ein flasse positive sein, notfalls KP2 neu installieren Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. |
GMER Logfile: Code: GMER 1.0.15.15641 - hxxp://www.gmer.netOSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0QuickScan mit aswMBR hat nicht geklappt, ist wie von Dir beschrieben abgestürzt. Code: |
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Code: |
Ok, sieht ja gut aus, fehlt nur noch das SASW Log |
Code: |
Zitat:
Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme? |
Über die verschiedenen Methoden zur Cookieverwaltung mach ich mir mal Gedanken, danke für den Tipp. Ansonsten scheint momentan alles zu laufen. Daher auch dafür nochmal vielen Dank. Was mich noch interessieren würde, ist, wo der Trojaner eigentlich herkam. Wurde der tatsächlich über Windows-Update verteilt? Ich kann mich nicht erinnern, sonst irgendwas ausgeführt zu haben und Anhänge in Emails öffne ich ohnehin nur dann, wenn ich 100%ig sicher bin, dass es ungefährlich ist. Und innerhalb der letzten Woche habe ich gar keine Anhänge geöffnet. |
Wenn du keinen sch... Mailanhang geöffnet hast kann ich das nicht nachvollziehen. Bisher hatte man bei der harmlosen Ransomware, also Erpresserschädlinge die nicht verschlüsselt/zerstört haben, Lücken in den Browserplugins in dringenden Tatverdacht, also sowas wie JavaRuntime, AdobeReader-Browserplugin, Flashplayer Wegen der Verschlüsselung: Obige Hinweise beachten Da sind mittlerweile 8 Tools, musst du ausprobieren. Mit der locked-Variante sollte man gute Chancen mit dem decrypthelper von Matthias haben Man darf aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt Für die Zukunft unbedingt mal das Backup-Konzept überdenken! Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html Abgesehen davon wären wir aber durch Entfern bitte noch nichts aus der Quarantäne, die schädlichen Dateien, Ordner etc die wir gelöscht haben, liegen noch als Sicherheitskopie in diversen Ordner wie Qoobox oder _OTL/MovedFiles - die werden evtl. noch für eine Entschlüsselung benötigt Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
Kam denn letzte Woche ein offizielles Win7-Update? Eigentlich ist doch heute erst Patchday, oder habe ich das falsch im Kopf? Und wann taucht eigentlich die RansomNote auf? Die hab hab ich nämlich nie gesehen. Wie auch immer, ist jetzt alles auf dem neuesten Stand, alle locked-Dateien sind per DecryptHelper wieder entschlüsselt und der PC läuft rund. Also nochmal vielen Dank für Deine Hilfe! |
Na da haste nochmal Glück gehabt, dass du nur die locked Variante hattest :) |
In der Tat |
Wie gesagt, denk mal in Zukunft an ein besseres Backupkonzept Ich weise hier nochmal drauf hin => http://www.trojaner-board.de/115678-...tml#post844876 Zitat:
|
Prinzipiell mach mich meine Backups auch auf sonst nicht aktive externe Platten, nur mit der Regelmäßigkeit hapert es... |
Na, dann ist es ja "fast" perfekt :D |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:04 Uhr. |
Copyright ©2000-2025, Trojaner-Board
