Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   svchost.exe (https://www.trojaner-board.de/125456-svchost-exe.html)

Wolfizero 10.10.2012 13:16

svchost.exe
 
Hey,
seit ein paar Tagen bekomme ich vom Malewarebytes Anti-Malware Echtzeitscanner die Meldung, dass irgendein bösartiger Prozess von Svchost.exe ausgeht und gestoppt wurde. System-Scan schlägt nichts an, aber die Meldung kommt trotzdem gelegentlich. Meistens wenn ich surfe (Facebook, Youtube etc.).

Code:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wolfi :: PC-WOLFI [Administrator]

Schutz: Aktiviert

10.10.2012 12:23:23
mbam-log-2012-10-10 (12-23-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 635670
Laufzeit: 1 Stunde(n), 35 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und OTL

Code:

OTL logfile created on: 10.10.2012 14:03:58 - Run 3
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 44,18% Memory free
12,00 Gb Paging File | 8,68 Gb Available in Paging File | 72,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,73 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\Wolfi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll ()
MOD - D:\Steam\bin\libcef.dll ()
MOD - D:\Steam\bin\chromehtml.dll ()
MOD - D:\Steam\bin\avutil-51.dll ()
MOD - D:\Steam\bin\avformat-53.dll ()
MOD - D:\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 93 76 FE 44 F3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 13:45:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:36:02 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.10 10:36:02 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.10 10:36:02 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.10 10:36:02 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.10 10:36:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.10 10:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 10:30:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >


kira 10.10.2012 16:23

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:

  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
Lade dir von hier -> HijackThis herunter
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen"
► Vista und Win7 - Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Wolfizero 10.10.2012 18:48

Hey,
schon mal danke für deine Aufmerksamkeit :) Hier die verschiedenen Logs:

OTL.txt
Code:

OTL logfile created on: 10.10.2012 19:29:36 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 53,61% Memory free
12,00 Gb Paging File | 9,30 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,56 Gb Free Space | 14,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.09.07 23:58:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 11:48:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.04 15:42:36 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012.07.30 14:12:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfi\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 10:53:07 | 000,192,512 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.10.10 10:53:07 | 000,172,032 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.10.04 02:34:20 | 020,317,008 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012.10.04 02:34:18 | 000,902,480 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012.10.04 02:34:16 | 000,123,232 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012.10.04 02:34:14 | 000,190,816 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012.10.04 02:34:12 | 001,099,616 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012.09.07 23:58:21 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.10.09 15:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 23:58:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.25 01:29:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.22 10:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.22 10:54:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 09:25:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 09:25:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 93 76 FE 44 F3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.26 13:56:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 20:23:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 20:23:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 20:23:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 20:23:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 20:23:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 20:23:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 20:23:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 20:23:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 20:23:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 20:23:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 20:23:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 20:23:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 20:23:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 20:23:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 20:23:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[2012.09.12 19:13:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 19:13:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 19:13:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 19:13:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 18:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:39:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 10:36:02 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.10 10:36:02 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.10 10:36:02 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.10 10:36:02 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.10 10:36:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.10 10:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 10:30:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 23:50:22 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.09 15:46:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 15:46:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >

Extras.txt
Code:

OTL Extras logfile created on: 10.10.2012 19:29:36 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 53,61% Memory free
12,00 Gb Paging File | 9,30 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 221,96 Gb Free Space | 64,25% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 84,56 Gb Free Space | 14,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6B76D-9920-4099-8EB6-21BA098CE229}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0849B073-4931-4061-90FE-2FD5C01540A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13E75419-112E-467B-8332-58DDE22B9F08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ACF9A4E-A14E-44D4-A7B5-E43B60FBAD7F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2AE49884-A2B8-463F-A053-4500E93E061C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FD9B2BB-2ECA-46D9-8AF1-FEACE2E9E5A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A1110FC-7091-4C22-AB92-569614FFD916}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D4B17C0-F83C-4188-9BAB-886B619CD427}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61E458DA-A81B-4395-8776-176B482C1333}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F09D18F-EE6F-488D-903F-96B2B4CF246E}" = rport=138 | protocol=17 | dir=out | app=system |
"{71F2E870-4567-4D0D-BDDD-2D8A82C81295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74162BF3-E4F1-418B-89E4-3E2FFD6CD071}" = lport=445 | protocol=6 | dir=in | app=system |
"{8224D1B4-4F2E-4DA7-A720-C705D771EEBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86998370-E2F8-4754-9DC1-37260A552024}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8844FD62-688D-4EE1-9289-069D5DB713AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F63BAD5-9B40-4187-9F99-A6254BFF5EDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0F94210-213A-46EE-AC58-A84E6342386E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A927111E-BBD9-4745-BEDA-1E1F5172BCEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7B52D5-24B5-43CB-82DA-F02581764AC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B16D0FBF-93B6-4307-B1E7-953AFE60F47C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B26B1853-CEB0-4658-9498-8CC3C53FB851}" = lport=138 | protocol=17 | dir=in | app=system |
"{B56ADBD9-7CFA-4649-B907-2AD035A1E660}" = rport=139 | protocol=6 | dir=out | app=system |
"{B743C773-FB47-4C49-8101-82CB286F8379}" = lport=139 | protocol=6 | dir=in | app=system |
"{E19B6822-ACC1-4695-B0CB-E2735726EEDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F37A74F9-6412-4043-B785-D5C9DA128064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073C6D4-D07D-4875-BCFC-1DAD42AE97F1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{008A2CBA-9AA2-49D8-88C4-D20343E2A4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0144475A-ED98-483C-90D2-9802CDEC536C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{014D0055-E525-413E-AACA-72B790AF2199}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{01A45502-C2DA-4D55-9AA2-5AF6DD352218}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{03DC5774-FA5F-4A30-9AEC-A58749FEDA9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{04902E8E-A5DA-436B-801A-E01554EDD4FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{0492443C-76B0-442A-9A0E-8F2095A736CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{0723FC4A-5C6C-4993-8C06-379BDF53EFC5}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe |
"{09A571EC-D738-44C0-9E43-D73700E15AFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CA4D085-6580-4CBD-A438-C145A380D854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CF11F4C-FE1C-45AD-9C12-B8484B31D5E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{0E5A53B7-587B-4048-9F6F-4811FA36A887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10DD58DE-A86B-4D25-9400-53BE8C28A886}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{13494E73-480E-4252-B4E0-3EE4672C75A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{14514991-F02B-4136-8850-7379579FB4CB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe |
"{151FAD04-B0B7-43E2-97DC-63FF1C01EDC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{165A47E2-212C-4775-8F31-ED46F02084A2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{1828394B-395C-4205-AA6E-ACD9DF4B33DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{185CDE3C-B0E4-4167-A82F-599846D08986}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{19DD1F29-0551-4243-BA93-D59D353E2109}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{1C00C80A-5553-403F-BEB1-34AD6A7BBE90}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe |
"{1DA09E2A-68D2-4878-8499-7388E6CD72ED}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{228A7B55-180E-4FED-B4F6-12EE2CF176AD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe |
"{22C88470-0AB8-426F-89B9-75F8D95EEB28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{230448DC-0546-455D-AA3F-1191124A4C49}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{2465CB4C-16A9-42A8-9298-E9FD9D5E11FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28131CE5-0D16-409C-899F-D6C65C6112DF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{2B53C749-76C2-48C2-886F-95C4E7461138}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{2EE60D94-772D-4857-BF51-BF62B4E44F44}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat |
"{2FBC7262-8AE9-4647-82D8-BFEBAE915B7D}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{3002465A-8C4C-4BE3-988D-7E460B6824C1}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds.exe |
"{301400DB-DFC5-4744-835D-D49A9F6E9C99}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe |
"{30E306D4-BBF1-4AB2-8CA4-FD2F1E903ED9}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{3114460A-B081-44AC-B2BA-53F98233F3D1}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{31B5E2E0-BE99-4ED8-9544-287CD73B3D82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe |
"{322E1043-7E57-4A6E-9ABF-3F82D662C2F8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{3368A6F7-AA51-4630-BAC0-82D5ACB2ECDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe |
"{34521C0E-F87F-4DAB-BA84-84473DEC1446}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{35323261-D1C6-491B-A89F-C5374922C83E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{38F354C1-DB49-4247-BD0B-79E74A924465}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{3AB4C0F2-5479-44B0-A6C3-34EEBB8B76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{3C1074CC-2E66-4BC3-8F5D-1A723FC0C0DF}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{3E0762F4-1714-488A-8E13-4D6BC57AB1D3}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe |
"{3F9FD808-323A-4FE6-9EA8-1472A222FD63}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe |
"{4049FE4A-7B95-41CE-855A-5CD95010D9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{458DB30D-43AD-4A9A-A0E6-D62E561601D9}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe |
"{467B9D8D-9250-4E11-A99C-CC2004E478E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe |
"{46C75FC4-BCFE-43F4-B53A-4909A885C665}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat |
"{47194BFF-CFC4-4788-82F4-9E86A5642321}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{489EAF5F-5AFA-4EFB-A3B6-8AFD1D0D49D6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe |
"{4EDF9206-459E-4EA8-8AF2-A30A1CB666BA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5088EA3D-7B39-4BB3-B249-10F70DC05CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52D7960D-8A61-4CFE-B4C2-2FA8D9EEE55A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{53302656-749D-4640-91F0-220CF418E8A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5418367E-3DDA-41EC-A1C3-06BA4855C8F4}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{54D77DE2-9ED1-483B-B299-C95C1E092EA0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe |
"{551118C7-347F-4B19-9EE5-B53789103138}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{56DD69A2-8060-4CC1-BCEC-DBD356E02393}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{5710FBD7-4DD9-4BD0-AEE1-6CACF3C55A78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe |
"{58E0DC02-9BF4-4D3E-8DFD-E91DF75398FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{591FBEA6-7947-42ED-877D-776872DBB2E5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{5AFF78D3-9D26-4D9F-A659-AA8E8764F903}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{5B158C22-7E6C-43FE-8B35-E7E7D67B54D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5FDD8310-19F0-43E0-B08B-D6D888C91A4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{61085538-7391-433D-ACB9-8F6B842C5B92}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{6242742C-7143-4F7A-8C11-0266D6F9C9D8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe |
"{62462263-2621-4D13-9A08-885634B14FA6}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx10.exe |
"{649B5B54-2875-44C2-BADB-F96E5AC34CA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{656253DF-1549-4BB5-BE3D-DBBA20D69CAF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{657E23A9-D6F8-4974-AD52-00D39E2BE1E9}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe |
"{663F30FF-1FE3-4331-8D25-50143470AB32}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{695528CC-332D-4C9F-945E-5A8CA4C777D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{6AC0168C-544F-4D1A-B2EF-13DC2639EA36}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{6B6BA0DF-2065-432F-BBB9-0FF723A5EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6D0F725A-D005-425A-B96C-E9423204FB4C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{6D907B43-B5B8-4E02-9364-9D35AB13662D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{7097219D-066D-4CA2-BD81-1559AFA36F0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70C39E82-2FD3-494C-B953-4B5814DD1AFF}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{72AA1573-D1C5-4FB8-9EE5-78D3E6EBFAC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{73669CAD-DB95-4025-BFBC-BBC661F3DBF7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{7390DE9F-BB98-4831-8B0B-5E883EDFEA06}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{7406AD3B-DC0C-4499-A6FD-4FF7C594884A}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe |
"{74E6ED46-875A-4D86-85D3-C493DC0AA64B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{752EA565-B7BD-402C-B0E5-6C48B4F7F275}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{754C197F-A507-4D31-B687-7CB8539D27AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe |
"{77D451ED-1610-4625-937B-D1E0C81F5CB6}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx10.exe |
"{7A3EA388-2581-426A-B49D-4C9FEB2AEEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A514C5F-8D65-4820-A787-7042E3E3BAD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{7AE59DD1-FA6A-498A-9553-61B5926B97B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BD4CC07-EF5E-418C-A47A-2239A4465375}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{7C552102-9955-4F9D-9F6A-40CD051A36BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D2D7CF2-6690-4856-A338-B9CE348A5244}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FB3A6C3-E514-4EAE-AF54-29D9D041A269}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe |
"{80C00119-99A9-4881-9E81-79138C48FF94}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{8178E302-C9B8-43B4-955C-1B0F255907E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe |
"{81EB973D-4EA5-4A9F-B213-8CB4BC515286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{846B8D27-0403-4AC7-A1CE-6278758D7F61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{856EE23C-D5CB-4CF6-9389-1DBE8789D30B}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx9.exe |
"{86DFD388-851C-442D-9107-4552D37A1F2B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe |
"{86FECD19-515B-400D-8154-1A04C6256B5A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe |
"{87632627-E137-4501-B1FC-2DADC29F9BD3}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds_radeon.exe |
"{87D7D60B-ADE0-4ACE-AE12-19DB24A7BB43}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{89C936CD-7FC6-4C19-940B-1EF68E68E812}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7733BE-DC17-481F-BE76-158793944CDA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe |
"{8CC3178B-9FDA-49D5-85FC-E1AFDED7ED2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8D1EC934-7869-42C7-8201-835A094A2BAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{8E059A45-7144-4EEF-905D-43D00494509A}" = dir=in | app=c:\itunes\itunes.exe |
"{8E3DE856-1723-44B7-B527-3621E7A00777}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe |
"{8F1EF474-5083-49BD-A128-83E69C056C97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9126900F-488F-4F4F-B4B1-806C622F005D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{959F69B5-1F35-4916-B26E-56A10D9DE7E9}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe |
"{988FB616-9F87-41BC-82EB-D0C05C1A106A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{98E91137-6554-48AD-B976-12E6D0FFB055}" = protocol=6 | dir=out | app=system |
"{9AE1CFAB-59E7-4500-AC70-DAC491185837}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe |
"{9C845E0F-B314-4B0F-B5A2-5B4D9B112B5D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{9DEE38F8-50E1-481A-BC13-373B537AEFF8}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds.exe |
"{9E60A133-86C5-47F8-AAC0-039C1738C971}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{9EF6A113-796A-4EA9-97B0-EA08DE6FE984}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{9F7D7138-A40B-4927-9184-727A867F7384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A0831ECD-BBA7-4FCE-8D11-1422ABC12C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2EE8AAB-DD23-4503-9EC9-9CA3253B8274}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{A4B85B34-029D-4981-8EC4-D421FB17BEED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{A8E03B93-0C5A-4292-8416-DAB39BDD7E44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A928E70E-19BA-4DB1-959F-FFDC53AA98C7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{A9EAD30A-8048-4A88-95C4-9D65F04068FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AA4CDA7C-8DFE-448A-8C26-D3D5863B61FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{AA92C90A-9242-401D-B021-D6792DA66A50}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{AB9A8A1E-DBC7-4B7C-B3A4-7216836E3E20}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{B0D58702-0FBC-4CB2-8D1D-242BAF4F67C8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{B16D291E-C4AC-439C-BF6B-46BCB4326926}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{B4D23D31-5C55-4121-AC77-3274D2D760C8}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{B5890599-B10D-449B-835D-112D2E2E044E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B6638A1B-3D97-4213-9FB7-87D2666522D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe |
"{B6E1D826-F854-49B7-B7C3-0D251918BE4D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B938CE19-0290-4AAC-9ACF-8DDD3C058C83}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{B9CD2372-D64D-4565-8319-43C55064954A}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{BABD614B-5235-494A-A914-52CA0B2DDC79}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{BB057E1D-17A3-48B4-8937-35225DC89CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEF229ED-F949-415E-AC7D-2037FC309D2F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe |
"{C0E52C2B-851F-48CA-8E27-0404C3F2E96A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C0F3015E-1864-4787-84FD-62B69A9152FC}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{C1525E13-E6BC-40CA-8B26-8984181C0E9C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{C2EDDA48-55BE-4F83-8950-B3455270EA27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{C338194A-9308-4956-84FF-53514141415A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{C3A0E6B2-B64C-45BE-9C1E-2CA3D97662A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C3CAB425-35E5-4242-86D6-7FA972D062C6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe |
"{C5D49879-5960-441E-AEF7-4F1C10D0872D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5D7E97B-23A5-4893-BF94-854E50B09879}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C785F6BD-FD0D-4C26-9EA5-105759A4DB0F}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe |
"{CA5CD6C8-BD88-4448-8ABE-B8F0376E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CACED957-856B-40C5-BC37-815BF7C9B2F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{CC63FA32-4459-4E7A-8AC8-825982EF980D}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe |
"{CCB97EC8-81BD-4CE2-B984-F5C1B38241DE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{CDEC305F-3331-4E72-85CD-479E3222D8A0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe |
"{CE194D10-8E8B-400F-A75F-82CC6ADD8A58}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx9.exe |
"{CF096E76-0A5D-480C-AD99-06D1B9CD5D01}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D1770717-C192-49A6-9C32-30C3A717E456}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds_radeon.exe |
"{D19C0B65-35D9-438F-9436-1E08D5DF47C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5AB008C-11F5-4B30-9E09-0539C4CFAC82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D6D143EC-62F6-461B-B758-F7E2BDDFF50B}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe |
"{D794F617-945D-4CF2-AE46-52EF094A60D2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe |
"{D8963AED-F6B2-47CC-A6A0-114A1ABD7D05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{DB6C79A8-AEF3-476C-9676-9B94128531F3}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{DB907A39-CEE2-4867-86D3-3040155597DE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{DC0F6F22-345A-4B1B-9EFB-A018CE5B5838}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{DC8054DE-65BD-4C3D-8A69-B4021AA580CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{DDCC3543-4FFB-4204-BEEF-2257EC20BB67}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{DE8A9BF4-5329-4EC3-9204-276EBDB14F60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DEC6A77E-3069-4D44-AE36-656CE98F2F90}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{DF747036-D7C4-43F6-9882-AE9C5ABDE28A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{E1DF95DA-A0BD-4473-815E-34BE17543B86}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{E1E06B5E-B77E-4747-975D-064BEF071590}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{E3866EA7-414A-4690-90DB-C45385E98360}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{E3D03C56-980D-46D2-9598-FEAB3EBFA334}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E3E700EA-D83B-4730-AA84-9976134A2B7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{E4EDFF16-EC0D-4FA4-8D9A-F1D237DC21AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe |
"{EEBC9A66-2AC1-44FE-A2D2-541421148376}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe |
"{F0052071-863B-46BA-B072-18A8F73F0BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F031BE4A-79A0-48BE-A9FC-6959EDC04708}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe |
"{F08092E7-D90F-46AF-8DD6-21300F011EE9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F10CFF4F-9FCE-4C46-ABBD-2B2489CB05DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{F183DB4E-4D9E-4285-800B-7A253C700048}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe |
"{F2DA9BC0-1666-4C3F-8143-584EB08077A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe |
"{F314B65E-9767-49C0-ACB7-539A3E892FCE}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe |
"{F36AE389-6B10-4EC6-934F-376896E676F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{F4CA3172-5A14-403C-9872-A2B308A1DAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F4F71649-2C2F-49AE-9731-A36537D633AA}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe |
"{F6A6C0D8-6CF3-434C-83B1-68A43E5C5CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7097C52-5278-423A-A549-255856590281}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{F82DAE5F-23E9-44FA-8B13-36EF43938D23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F89F0A31-A311-46CB-950A-6487F7BD4D64}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{F8EFFE68-7AC5-448A-9C21-88ADE2F0D754}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{F9B6E1A6-498A-4141-AB01-CEDBA5048346}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{FA3ACE92-42D6-4735-A063-620CB003BCD7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{FCC0C9F7-8098-41FE-AF7D-2EC977079F00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{FEA202CE-6989-430F-8E18-85446F836D00}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe |
"{FF74942E-9AEA-4892-81E0-28351EE2AB0B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{FFC078D8-9FAF-4B7D-A533-4C843ECEBC28}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"TCP Query User{15F11C01-A3BF-4C43-A707-93F672BEBEF7}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{16CF19D8-C059-4E1B-BE18-F97590595ECE}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{1B13663D-A854-46B4-B212-506F20D00C93}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{338022F7-6BA1-4477-841F-DE6315750D02}D:\dawn of wa\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of wa\soulstorm.exe |
"TCP Query User{4FD0B6CF-DD5E-4ECF-BA63-5896B01ABC2D}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{6375CEB8-85AA-48AC-BD80-95C3883DB977}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{7FCF50CD-05E6-4DE3-A307-63D93CF008B8}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{8DF3D9BC-B84F-4111-A9CD-7F58B2DD1C53}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{A4E46F89-2A38-48FC-B01C-E6EC6A4764E5}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{A77BA938-FB58-43FF-B64F-FEAB9595E05D}D:\fallout 3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\fallout 3\fallout3ng.exe |
"TCP Query User{AF8787B6-5157-4A94-B57D-1FEC91921AF1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe |
"TCP Query User{BF207AA7-C5B5-4274-BED0-103B957B3B1E}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{D2B34067-6ECC-4CBA-8240-0797226603CA}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{D38E2CE7-D7E1-4963-A0DE-09174B0D940C}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{DCA5BD22-0F0B-43FF-85A8-3AE37FD68D27}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{E574B8CF-6611-4F24-9461-6848F115E762}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{FA94D70F-C45E-4988-8205-56A466AC9977}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{25F9137B-87E9-4B0F-AECB-E770DEE00555}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{2C690DDC-3C12-43BA-AA7B-7C279662835B}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{31A2DC65-7AE2-4F83-B30A-29C45864AC7F}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{3F468FFF-5F77-4074-BD17-6E120AA841A9}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{61492429-1879-4329-99AD-2264F6947E2D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{6ECDFC15-AB77-4CA7-9C5A-5F5E1A658EB2}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{77DACE47-2F73-4E45-9A97-53BC9D9B8C1F}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{8008B67E-3976-4E5F-AC46-9C057C88165E}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{8401A586-1E21-4FE9-95E8-7A9800086BDB}D:\dawn of wa\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of wa\soulstorm.exe |
"UDP Query User{9E405F8C-AB35-4288-93A5-722A2A5D2CA1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{AD5D6CA6-3755-4148-A69A-738FB72CF853}D:\fallout 3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\fallout 3\fallout3ng.exe |
"UDP Query User{CB365FE0-44B8-4DC3-B1BF-4F6F32F9E82E}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{E00A21EC-2355-482C-9417-ACD2B63BED44}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{EE0D233D-8022-4C2E-BB8D-B2A359E7BDFD}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{EEEF2CB4-46EB-4D44-8A34-11994BCCF84D}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F7459F8E-7D86-48E9-A4AE-60E87B89064B}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{F85DFF7E-4F96-41ED-A1D3-BBEE1F58258E}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb" = Dungeon Keeper 2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}" = ¹–ë‚̉S
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE5C9428-3DA7-4A0C-B5E0-16031B5DC030}_is1" = The Guild 2 - Renaissance
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Dungeon Keeper 2_is1" = Dungeon Keeper 2
"Earth 2160" = Earth 2160
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o.tel.o" = o.tel.o
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"Origin" = Origin
"Pharaoh Gold Bundle_is1" = Pharaoh Gold Bundle
"PunkBusterSvc" = PunkBuster Services
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 110800" = L.A. Noire
"Steam App 1840" = Source Filmmaker
"Steam App 18420" = Crazy Machines
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 204300" = Awesomenauts
"Steam App 21100" = F.E.A.R. 3
"Steam App 211120" = The Political Machine 2012
"Steam App 21170" = Gotham City Impostors
"Steam App 211740" = Thief 2
"Steam App 23400" = Imperium Romanum: Gold Edition
"Steam App 25890" = Hearts of Iron III
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 33460" = From Dust
"Steam App 41510" = Torchlight Demo
"Steam App 42910" = Magicka
"Steam App 42960" = Victoria II
"Steam App 47890" = The Sims(TM) 3
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 57400" = Batman: Arkham City™
"Steam App 57620" = Patrician IV: Steam Special Edition
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 57690" = Tropico 4
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73010" = Cities in Motion
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Thief - Deadly Shadows_is1" = Thief - Deadly Shadows
"TippKönigin Demo_is1" = TippKönigin Demo 5.5
"Two Worlds" = Two Worlds
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zeus and Poseidon_is1" = Zeus and Poseidon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 17:12:45 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 06.10.2012 11:30:14 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 06.10.2012 12:39:38 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.10.2012 06:51:20 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.10.2012 07:18:02 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 08.10.2012 03:27:23 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 05:23:31 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 15:31:07 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 16:07:54 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10.10.2012 10:35:24 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ OSession Events ]
Error - 12.03.2012 19:01:47 | Computer Name = PC-Wolfi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2604
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >

install.txt
Code:

7-Zip 9.20                18.05.2012               
Adobe AIR        Adobe Systems Incorporated        30.03.2012                3.2.0.2070
Adobe Community Help        Adobe Systems Incorporated.        30.03.2012                3.4.980
Adobe Download Assistant        Adobe Systems Incorporated        30.03.2012                1.0.6
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287
Adobe Flash Professional CS5.5        Adobe Systems Incorporated        30.03.2012        2,03GB        11.5
Adobe Reader X (10.1.4) - Deutsch        Adobe Systems Incorporated        15.08.2012        122MB        10.1.4
Adobe Shockwave Player 11.6        Adobe Systems, Inc.        29.02.2012                11.6.4.634
Alan Wake        Remedy Entertainment        20.07.2012               
ANNO 2070        Ubisoft        26.02.2012                1.0.0.0
Apple Application Support        Apple Inc.        31.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        31.03.2012        24,9MB        5.1.1.4
Apple Software Update        Apple Inc.        31.03.2012        2,38MB        2.1.3.127
Audacity 1.3.14 (Unicode)        Audacity Team        01.03.2012        40,4MB       
Avira Free Antivirus        Avira        12.09.2012        109MB        12.0.0.1199
Awesomenauts                07.08.2012               
Batman: Arkham City™        Rocksteady        17.06.2012               
Battlefield 3™        Electronic Arts        01.03.2012                1.0.0.0
Battlelog Web Plugins        EA Digital Illusions CE AB        01.07.2012                1.122.0
Bonjour        Apple Inc.        31.03.2012        2,04MB        3.0.0.10
CanoScan LiDE 70                11.04.2012               
CCleaner        Piriform        24.09.2012                3.23
Cheat Engine 6.1        Dark Byte        06.03.2012        23,5MB       
Cities in Motion                11.05.2012               
Civ3 Conquests v1.22 Full                14.06.2012               
Civilization III                14.06.2012               
Civilization III v1.21f                14.06.2012               
Civilization III: Conquests                14.06.2012               
Crazy Machines        Viva-Media        26.05.2012               
Creative Audio-Systemsteuerung        Creative Technology Limited        25.02.2012                2.00
Creative Software AutoUpdate        Creative Technology Limited        25.02.2012                1.40
Creative Sound Blaster Properties x64 Edition                25.02.2012               
Dawn of War - Soulstorm        THQ        03.06.2012                1.00.0000
Dead Island        Techland        02.03.2012               
Deus Ex: Human Revolution        Eidos Montreal        04.03.2012               
Diablo III        Blizzard Entertainment        11.07.2012                1.0.3.10485
Dual-Core Optimizer        AMD        18.06.2012        86,0KB        1.1.4.0169
Dungeon Keeper 2                25.02.2012               
Dungeon Keeper 2        GOG.com        16.05.2012               
DUNGEONS - Steam Special Edition        Realmforge Studios        30.05.2012               
DUNGEONS - The Dark Lord (Steam Special Edition)                30.05.2012               
Earth 2160        Zuxxez Entertainment AG        25.04.2012                1.37 En
Empire: Total War        The Creative Assembly        21.03.2012               
ESN Sonar        ESN Social Software AB        01.07.2012                0.70.4
F.E.A.R. 3        Day 1 Studios        20.07.2012               
Fable III                10.04.2012               
FIFA 12        Electronic Arts        06.06.2012                1.6.0.0
Fraps                14.04.2012               
From Dust                14.05.2012               
FTL version 1.01        Subset Games        18.09.2012        154MB        1.01
FUSSBALL MANAGER 12        Electronic Arts        22.03.2012        6,58GB        1.0.0.3
Gotham City Impostors                30.03.2012               
Hearts of Iron III        Paradox Interactive        26.02.2012               
Hitman 2: Silent Assassin        Eidos        24.05.2012               
Hitman: Blood Money        Eidos        16.05.2012               
HUAWEI DataCard Driver 4.05.00.00        Huawei technologies Co., Ltd.        08.05.2012                4.05.00.00
ICQ7M        ICQ        13.07.2012                7.8
ImgBurn        LIGHTNING UK!        15.07.2012                2.4.2.0
Imperium Romanum: Gold Edition        Haemimont Games        11.05.2012               
iTunes        Apple Inc.        31.03.2012        156MB        10.6.1.7
Java(TM) 6 Update 31 (64-bit)        Oracle        27.02.2012        91,8MB        6.0.310
Java(TM) 6 Update 35        Oracle        09.07.2012        95,6MB        6.0.350
L.A. Noire        Rockstar        28.06.2012               
LAME v3.99.3 (for Windows)                05.07.2012        1,52MB       
League of Legends        Riot Games        07.03.2012                1.02.0000
Logitech Webcam-Software        Logitech Inc.        10.07.2012                2.31
Magic: The Gathering - Duels of the Planeswalkers                05.05.2012               
Magicka        Arrowhead Game Studios AB        29.03.2012               
Malwarebytes Anti-Malware Version 1.65.0.1400        Malwarebytes Corporation        12.09.2012        19,3MB        1.65.0.1400
Mass Effect™ 3        Electronic Arts        04.06.2012                1.03.0.0
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.02.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.02.2012        2,93MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        02.03.2012        51,9MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        02.03.2012        10,6MB        4.0.30319
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        30.03.2012        31,3MB        3.5.92.0
Microsoft Games for Windows Marketplace        Microsoft Corporation        30.03.2012        6,03MB        3.5.50.0
Microsoft Office File Validation Add-In        Microsoft Corporation        13.05.2012        7,95MB        14.0.5130.5003
Microsoft Office Home and Student 2007        Microsoft Corporation        26.02.2012                12.0.6612.1000
Microsoft Office Live Add-in 1.5        Microsoft Corporation        11.05.2012        508KB        2.0.4024.1
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        10.08.2012        1,69MB        3.1.0000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        04.06.2012        2,38MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        11.04.2012        1,41MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        18.05.2012        1,46MB        9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        25.02.2012        596KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.04.2012        232KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        26.02.2012        594KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        01.03.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        25.02.2012        12,2MB        10.0.40219
Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        29.03.2012        7,48MB        3.1.10527.0
Microsoft XNA Framework Redistributable 4.0        Microsoft Corporation        02.03.2012        8,03MB        4.0.20823.0
Mobile Connection Manager        Mobile Connection Manager        08.05.2012               
MozBackup 1.5.1        Pavel Cvrcek        25.02.2012               
Mozilla Firefox 15.0 (x86 de)        Mozilla        29.08.2012        38,4MB        15.0
Mozilla Firefox 15.0.1 (x86 de)        Mozilla        08.09.2012        38,4MB        15.0.1
Mozilla Maintenance Service        Mozilla        08.09.2012        327KB        15.0.1
Mozilla Thunderbird 15.0.1 (x86 de)        Mozilla        13.09.2012        39,5MB        15.0.1
MSI Afterburner 2.1.0        MSI Co., LTD        25.02.2012                2.1.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        22.08.2012        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        22.08.2012        1,33MB        4.20.9876.0
NVIDIA 3D Vision Controller-Treiber 301.42        NVIDIA Corporation        21.06.2012                301.42
NVIDIA 3D Vision Treiber 301.42        NVIDIA Corporation        21.06.2012                301.42
NVIDIA Grafiktreiber 301.42        NVIDIA Corporation        21.06.2012                301.42
NVIDIA HD-Audiotreiber 1.3.16.0        NVIDIA Corporation        21.06.2012                1.3.16.0
NVIDIA PhysX-Systemsoftware 9.12.0213        NVIDIA Corporation        23.03.2012                9.12.0213
NVIDIA Update 1.8.15        NVIDIA Corporation        21.06.2012                1.8.15
o.tel.o        Huawei Technologies Co.,Ltd        08.05.2012                16.001.06.07.35
OpenAL                25.02.2012               
Origin        Electronic Arts, Inc.        29.02.2012                8.5.0.4549
Paint.NET v3.5.10        dotPDN LLC        25.02.2012        10,7MB        3.60.0
Pando Media Booster        Pando Networks Inc.        07.03.2012        5,46MB        2.6.0.6
Patch v4.15        RUNEFORGE Games Studios        22.05.2012        239MB       
Patrician IV: Steam Special Edition                02.03.2012               
Pharaoh Gold Bundle        GOG.com        05.08.2012               
Pinnacle VideoSpin        Pinnacle Systems        21.08.2012        191MB        2.0.0.669
Prince of Persia The Forgotten Sands™        Ubisoft        26.08.2012        4.094GB        1.0
PunkBuster Services        Even Balance, Inc.        01.03.2012                0.991
Recettear: An Item Shop's Tale                29.04.2012        616MB       
Red Faction: Armageddon        Volition        13.09.2012               
RESIDENT EVIL 5        CAPCOM CO., LTD.        26.04.2012        6,77GB        1.0.0.129
Rockstar Games Social Club        Rockstar Games        28.06.2012                1.0.6.1
RollerCoaster Tycoon 3 Platinum        Atari        11.04.2012                1.00.000
Saints Row: The Third        Volition        09.10.2012               
Sid Meier's Civilization V        Firaxis Games        16.03.2012               
SimCity 4 Deluxe                15.03.2012               
Snagit 10.0.2        TechSmith Corporation        01.03.2012        66,1MB        10.0.2
Source Filmmaker                02.10.2012               
SpeedFan (remove only)                25.02.2012               
Star Wars: The Old Republic        Electronic Arts, Inc.        02.03.2012        19,3GB        1.00
StarCraft II        Blizzard Entertainment        23.08.2012                1.5.2.22875
Steam        Valve Corporation        25.02.2012        35,4MB        1.0.0.0
SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil        eRightSoft        25.02.2012        51,4MB        v2012.build.50
Terraria                29.02.2012               
The Elder Scrolls V: Skyrim        Bethesda Game Studios        25.02.2012               
The Guild 2 - Renaissance        JoWooD        22.05.2012               
The Political Machine 2012                11.08.2012               
The Sims(TM) 3        Electronic Arts        27.02.2012               
Thief - Deadly Shadows        GOG.com        16.05.2012               
Thief 2                24.05.2012               
TippKönigin Demo 5.5        Giletech e.K.        02.08.2012               
Tom Clancy's Splinter Cell: Conviction        Ubisoft        20.07.2012               
Torchlight Demo        Runic Games, Inc.        18.05.2012               
Tropico 4                11.08.2012               
Two Worlds        Reality Pump        25.04.2012        2,13GB        1.7.0.0
Ubisoft Game Launcher        UBISOFT        26.02.2012                1.0.0.0
Victoria II        Paradox Interactive        10.04.2012               
VirtualCloneDrive        Elaborate Bytes        26.03.2012               
VLC media player 2.0.0        VideoLAN        25.02.2012                2.0.0
Warhammer 40,000 Space Marine        Relic        23.04.2012               
Windows Live Essentials        Microsoft Corporation        10.08.2012                16.4.3503.0728
Windows Media Encoder 9 Series                22.05.2012               
WinRAR 4.10 (64-Bit)        win.rar GmbH        25.02.2012                4.10.0
World of Warcraft        Blizzard Entertainment        22.09.2012                5.0.5.16057
Xvid Video Codec        Xvid Team        24.03.2012                1.3.2
Zeus and Poseidon        GOG.com        11.06.2012               
¹–ë‚̉S                04.07.2012


Wolfizero 10.10.2012 18:49

hijackthis.log
Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:16, on 10.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
D:\Steam\steam.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9596 bytes


kira 11.10.2012 08:35

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

3.
Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:

:OTL
MOD - [2012.10.10 10:53:07 | 000,192,512 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.10.10 10:53:07 | 000,172,032 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell - "" = AutoRun
O33 - MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]


4.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

5.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.

  • http://image.hijackthis.eu/upload/activex1.jpg
    .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Wolfizero 11.10.2012 14:28

hijack nach dem fix
Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:25:05, on 11.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Wolfi\Desktop\OTL.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9105 bytes

Otl fix log
Code:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from google.toolbar.linkdoctor.backup.keyword.URL
Prefs.js: "about:neterror?e=query&u=" removed from sweetim.toolbar.previous.keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03105047-954b-11e1-be79-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0310507c-954b-11e1-be79-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031050a7-954b-11e1-be79-001e101f04e4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abba-9932-11e1-96eb-001e101f2500}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0990abc0-9932-11e1-96eb-001e101f2500}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b539574-9606-11e1-9fed-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c362094-99a0-11e1-9dc2-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c3620a2-99a0-11e1-9dc2-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8deca32c-76d6-11e1-a2b3-001fd08ab3a1}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1664a64-984d-11e1-95e7-001e101fb681}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b5a7ea-99c1-11e1-a18c-001fd08ab3a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Wolfi\Desktop\cmd.bat deleted successfully.
C:\Users\Wolfi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Wolfi
->Temp folder emptied: 9874105402 bytes
->Temporary Internet Files folder emptied: 240753916 bytes
->Java cache emptied: 3972000 bytes
->FireFox cache emptied: 66126760 bytes
->Flash cache emptied: 149993 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 364778584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 3747484804 bytes
 
Total Files Cleaned = 13.670,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 10112012_114354

Files\Folders moved on Reboot...
C:\Users\Wolfi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Wolfi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

eset log
Code:

D:\Downloads\CheatEngine61.exe        Win32/Somoto application        cleaned by deleting - quarantined

Wolfizero 11.10.2012 14:29

otl.txt
Code:

OTL logfile created on: 11.10.2012 15:16:04 - Run 5
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 70,95% Memory free
12,00 Gb Paging File | 10,08 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 233,30 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 87,66 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 23:58:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 11:48:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 14:12:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfi\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 23:58:21 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.10.09 15:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.04 02:34:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 23:58:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.09 09:25:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 09:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 04:56:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.25 01:29:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.22 10:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.22 10:54:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 09:25:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 09:25:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 15 58 FD 97 A7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 13:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.25 00:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.16 16:16:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.25 16:25:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.26 00:38:18 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\tlymn0wr.default\extensions\FasterFox_Lite@BigRedBrent
[2012.09.14 11:09:46 | 000,001,632 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\tlymn0wr.default\searchplugins\firefox-add-ons.xml
[2012.09.07 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:58:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.11 13:38:29 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012.02.25 01:26:08 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.09.04 21:36:27 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLYMN0WR.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI
[2012.09.07 23:58:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 01:12:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 01:12:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 01:12:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 01:12:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 01:12:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB607F-B364-4818-A562-3B56328C8DD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 12:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.11 12:01:41 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.11 12:01:41 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.11 12:01:29 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.11 12:01:29 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.11 12:01:29 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.11 11:43:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.10 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.10.10 19:41:51 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.10.10 19:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.10 19:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.10 12:24:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 12:24:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 12:24:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 12:24:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 12:24:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 12:24:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 12:24:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 12:24:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 12:24:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 12:24:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 12:24:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 12:24:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 12:24:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 12:24:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 12:24:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 12:24:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 12:24:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 12:24:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 12:24:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 12:24:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 12:24:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 12:24:39 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 12:24:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 12:24:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 12:24:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.09 13:59:35 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012.10.09 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.10.09 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\Adobe
[2012.09.26 13:56:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 20:23:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 20:23:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 20:23:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 20:23:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 20:23:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 20:23:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 20:23:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 20:23:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 20:23:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 20:23:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 20:23:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 20:23:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 20:23:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 20:23:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 20:23:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.18 11:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[2012.09.12 19:13:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 19:13:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 19:13:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 19:13:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 14:45:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 12:07:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 12:07:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 12:04:29 | 001,612,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.11 12:04:29 | 000,696,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.11 12:04:29 | 000,652,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.11 12:04:29 | 000,148,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.11 12:04:29 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.11 12:01:21 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.11 12:01:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.11 12:01:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.11 12:01:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.11 12:01:19 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.11 12:01:19 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.11 12:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 11:59:56 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 11:59:18 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.11 11:59:18 | 000,061,088 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.11 11:59:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.10.10 19:41:51 | 000,002,975 | ---- | M] () -- C:\Users\Wolfi\Desktop\HiJackThis.lnk
[2012.10.10 19:39:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.09 15:46:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 15:46:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 14:27:59 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | M] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.09.12 14:57:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:41:51 | 000,002,975 | ---- | C] () -- C:\Users\Wolfi\Desktop\HiJackThis.lnk
[2012.10.10 19:39:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.09 14:27:59 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Saints Row The Third.url
[2012.10.02 23:21:46 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Source Filmmaker.url
[2012.09.18 11:57:48 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012.09.13 18:09:57 | 000,000,201 | ---- | C] () -- C:\Users\Wolfi\Desktop\Red Faction Armageddon.url
[2012.08.02 06:13:15 | 000,003,676 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\Sys2657a.DLL
[2012.06.11 12:30:08 | 000,000,244 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.24 00:36:20 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.24 00:36:20 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.15 06:22:18 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 06:56:25 | 001,589,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.01 04:41:52 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.01 04:41:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.25 17:40:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.25 17:39:13 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.25 01:28:43 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.02.25 01:28:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.25 01:28:23 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.03 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.10.08 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.techniclauncher
[2012.04.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2012.08.10 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2012.04.11 14:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2012.03.30 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.27 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2012.07.16 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ImgBurn
[2012.05.12 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2012.05.30 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2012.04.11 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2012.04.13 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2012.03.08 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LolClient
[2012.08.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2012.05.18 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\runic games
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Telefónica
[2012.05.03 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TGCMLog
[2012.06.23 13:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2012.02.25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thunderbird
[2012.08.02 06:41:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TippKönigin Demo
[2012.08.21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2012.02.26 18:51:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2012.09.30 17:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.02.25 15:45:19 | 000,097,089 | ---- | C] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx
[2009.03.06 02:54:38 | 000,097,089 | ---- | M] ()(C:\Users\Wolfi\Documents\?? ???????.docx) -- C:\Users\Wolfi\Documents\На главную.docx

< End of report >

und extra.txt
Code:

OTL Extras logfile created on: 11.10.2012 15:16:04 - Run 5
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wolfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 70,95% Memory free
12,00 Gb Paging File | 10,08 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345,48 Gb Total Space | 233,30 Gb Free Space | 67,53% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 87,66 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
 
Computer Name: PC-WOLFI | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Adobe Flash CS\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6B76D-9920-4099-8EB6-21BA098CE229}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0849B073-4931-4061-90FE-2FD5C01540A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13E75419-112E-467B-8332-58DDE22B9F08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ACF9A4E-A14E-44D4-A7B5-E43B60FBAD7F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2AE49884-A2B8-463F-A053-4500E93E061C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FD9B2BB-2ECA-46D9-8AF1-FEACE2E9E5A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A1110FC-7091-4C22-AB92-569614FFD916}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D4B17C0-F83C-4188-9BAB-886B619CD427}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61E458DA-A81B-4395-8776-176B482C1333}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F09D18F-EE6F-488D-903F-96B2B4CF246E}" = rport=138 | protocol=17 | dir=out | app=system |
"{71F2E870-4567-4D0D-BDDD-2D8A82C81295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74162BF3-E4F1-418B-89E4-3E2FFD6CD071}" = lport=445 | protocol=6 | dir=in | app=system |
"{8224D1B4-4F2E-4DA7-A720-C705D771EEBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86998370-E2F8-4754-9DC1-37260A552024}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8844FD62-688D-4EE1-9289-069D5DB713AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F63BAD5-9B40-4187-9F99-A6254BFF5EDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0F94210-213A-46EE-AC58-A84E6342386E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A927111E-BBD9-4745-BEDA-1E1F5172BCEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7B52D5-24B5-43CB-82DA-F02581764AC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B16D0FBF-93B6-4307-B1E7-953AFE60F47C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B26B1853-CEB0-4658-9498-8CC3C53FB851}" = lport=138 | protocol=17 | dir=in | app=system |
"{B56ADBD9-7CFA-4649-B907-2AD035A1E660}" = rport=139 | protocol=6 | dir=out | app=system |
"{B743C773-FB47-4C49-8101-82CB286F8379}" = lport=139 | protocol=6 | dir=in | app=system |
"{E19B6822-ACC1-4695-B0CB-E2735726EEDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F37A74F9-6412-4043-B785-D5C9DA128064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073C6D4-D07D-4875-BCFC-1DAD42AE97F1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{008A2CBA-9AA2-49D8-88C4-D20343E2A4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0144475A-ED98-483C-90D2-9802CDEC536C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{014D0055-E525-413E-AACA-72B790AF2199}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{01A45502-C2DA-4D55-9AA2-5AF6DD352218}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{03DC5774-FA5F-4A30-9AEC-A58749FEDA9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{04902E8E-A5DA-436B-801A-E01554EDD4FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{0492443C-76B0-442A-9A0E-8F2095A736CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{0723FC4A-5C6C-4993-8C06-379BDF53EFC5}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe |
"{09A571EC-D738-44C0-9E43-D73700E15AFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CA4D085-6580-4CBD-A438-C145A380D854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CF11F4C-FE1C-45AD-9C12-B8484B31D5E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{0E5A53B7-587B-4048-9F6F-4811FA36A887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10DD58DE-A86B-4D25-9400-53BE8C28A886}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{13494E73-480E-4252-B4E0-3EE4672C75A6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{14514991-F02B-4136-8850-7379579FB4CB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe |
"{151FAD04-B0B7-43E2-97DC-63FF1C01EDC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{165A47E2-212C-4775-8F31-ED46F02084A2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{1828394B-395C-4205-AA6E-ACD9DF4B33DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{185CDE3C-B0E4-4167-A82F-599846D08986}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{19DD1F29-0551-4243-BA93-D59D353E2109}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{1C00C80A-5553-403F-BEB1-34AD6A7BBE90}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe |
"{1DA09E2A-68D2-4878-8499-7388E6CD72ED}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{228A7B55-180E-4FED-B4F6-12EE2CF176AD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe |
"{22C88470-0AB8-426F-89B9-75F8D95EEB28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{230448DC-0546-455D-AA3F-1191124A4C49}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{2465CB4C-16A9-42A8-9298-E9FD9D5E11FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28131CE5-0D16-409C-899F-D6C65C6112DF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{2B53C749-76C2-48C2-886F-95C4E7461138}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{2EE60D94-772D-4857-BF51-BF62B4E44F44}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat |
"{2FBC7262-8AE9-4647-82D8-BFEBAE915B7D}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{3002465A-8C4C-4BE3-988D-7E460B6824C1}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds.exe |
"{301400DB-DFC5-4744-835D-D49A9F6E9C99}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe |
"{30E306D4-BBF1-4AB2-8CA4-FD2F1E903ED9}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{3114460A-B081-44AC-B2BA-53F98233F3D1}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{31B5E2E0-BE99-4ED8-9544-287CD73B3D82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe |
"{322E1043-7E57-4A6E-9ABF-3F82D662C2F8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{3368A6F7-AA51-4630-BAC0-82D5ACB2ECDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fablelauncher.exe |
"{34521C0E-F87F-4DAB-BA84-84473DEC1446}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{35323261-D1C6-491B-A89F-C5374922C83E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{38F354C1-DB49-4247-BD0B-79E74A924465}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{3AB4C0F2-5479-44B0-A6C3-34EEBB8B76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{3C1074CC-2E66-4BC3-8F5D-1A723FC0C0DF}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{3E0762F4-1714-488A-8E13-4D6BC57AB1D3}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe |
"{3F9FD808-323A-4FE6-9EA8-1472A222FD63}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe |
"{4049FE4A-7B95-41CE-855A-5CD95010D9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{458DB30D-43AD-4A9A-A0E6-D62E561601D9}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe |
"{467B9D8D-9250-4E11-A99C-CC2004E478E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe |
"{46C75FC4-BCFE-43F4-B53A-4909A885C665}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\runlauncher.bat |
"{47194BFF-CFC4-4788-82F4-9E86A5642321}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{489EAF5F-5AFA-4EFB-A3B6-8AFD1D0D49D6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe |
"{4EDF9206-459E-4EA8-8AF2-A30A1CB666BA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5088EA3D-7B39-4BB3-B249-10F70DC05CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52D7960D-8A61-4CFE-B4C2-2FA8D9EEE55A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{53302656-749D-4640-91F0-220CF418E8A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5418367E-3DDA-41EC-A1C3-06BA4855C8F4}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{54D77DE2-9ED1-483B-B299-C95C1E092EA0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\patrician iv\patrician4.exe |
"{551118C7-347F-4B19-9EE5-B53789103138}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{56DD69A2-8060-4CC1-BCEC-DBD356E02393}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{5710FBD7-4DD9-4BD0-AEE1-6CACF3C55A78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe |
"{58E0DC02-9BF4-4D3E-8DFD-E91DF75398FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{591FBEA6-7947-42ED-877D-776872DBB2E5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{5AFF78D3-9D26-4D9F-A659-AA8E8764F903}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{5B158C22-7E6C-43FE-8B35-E7E7D67B54D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5FDD8310-19F0-43E0-B08B-D6D888C91A4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{61085538-7391-433D-ACB9-8F6B842C5B92}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\uplaybrowser.exe |
"{6242742C-7143-4F7A-8C11-0266D6F9C9D8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe |
"{62462263-2621-4D13-9A08-885634B14FA6}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx10.exe |
"{649B5B54-2875-44C2-BADB-F96E5AC34CA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{656253DF-1549-4BB5-BE3D-DBBA20D69CAF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{657E23A9-D6F8-4974-AD52-00D39E2BE1E9}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe |
"{663F30FF-1FE3-4331-8D25-50143470AB32}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{695528CC-332D-4C9F-945E-5A8CA4C777D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{6AC0168C-544F-4D1A-B2EF-13DC2639EA36}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{6B6BA0DF-2065-432F-BBB9-0FF723A5EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6D0F725A-D005-425A-B96C-E9423204FB4C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{6D907B43-B5B8-4E02-9364-9D35AB13662D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{7097219D-066D-4CA2-BD81-1559AFA36F0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70C39E82-2FD3-494C-B953-4B5814DD1AFF}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{72AA1573-D1C5-4FB8-9EE5-78D3E6EBFAC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{73669CAD-DB95-4025-BFBC-BBC661F3DBF7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{7390DE9F-BB98-4831-8B0B-5E883EDFEA06}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{7406AD3B-DC0C-4499-A6FD-4FF7C594884A}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe |
"{74E6ED46-875A-4D86-85D3-C493DC0AA64B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{752EA565-B7BD-402C-B0E5-6C48B4F7F275}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the political machine 2012\polmachine2012.exe |
"{754C197F-A507-4D31-B687-7CB8539D27AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe |
"{77D451ED-1610-4625-937B-D1E0C81F5CB6}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx10.exe |
"{7A3EA388-2581-426A-B49D-4C9FEB2AEEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A514C5F-8D65-4820-A787-7042E3E3BAD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{7AE59DD1-FA6A-498A-9553-61B5926B97B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BD4CC07-EF5E-418C-A47A-2239A4465375}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{7C552102-9955-4F9D-9F6A-40CD051A36BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D2D7CF2-6690-4856-A338-B9CE348A5244}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FB3A6C3-E514-4EAE-AF54-29D9D041A269}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe |
"{80C00119-99A9-4881-9E81-79138C48FF94}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{8178E302-C9B8-43B4-955C-1B0F255907E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe |
"{81EB973D-4EA5-4A9F-B213-8CB4BC515286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{846B8D27-0403-4AC7-A1CE-6278758D7F61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{856EE23C-D5CB-4CF6-9389-1DBE8789D30B}" = protocol=17 | dir=in | app=d:\resident evil 5\re5dx9.exe |
"{86DFD388-851C-442D-9107-4552D37A1F2B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe |
"{86FECD19-515B-400D-8154-1A04C6256B5A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cities in motion\cities in motion.exe |
"{87632627-E137-4501-B1FC-2DADC29F9BD3}" = protocol=17 | dir=in | app=d:\two worlds\twoworlds_radeon.exe |
"{87D7D60B-ADE0-4ACE-AE12-19DB24A7BB43}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{89C936CD-7FC6-4C19-940B-1EF68E68E812}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7733BE-DC17-481F-BE76-158793944CDA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe |
"{8CC3178B-9FDA-49D5-85FC-E1AFDED7ED2A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8D1EC934-7869-42C7-8201-835A094A2BAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{8E059A45-7144-4EEF-905D-43D00494509A}" = dir=in | app=c:\itunes\itunes.exe |
"{8E3DE856-1723-44B7-B527-3621E7A00777}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe |
"{8F1EF474-5083-49BD-A128-83E69C056C97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9126900F-488F-4F4F-B4B1-806C622F005D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{959F69B5-1F35-4916-B26E-56A10D9DE7E9}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe |
"{988FB616-9F87-41BC-82EB-D0C05C1A106A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{98E91137-6554-48AD-B976-12E6D0FFB055}" = protocol=6 | dir=out | app=system |
"{9AE1CFAB-59E7-4500-AC70-DAC491185837}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii\diablo iii.exe |
"{9C845E0F-B314-4B0F-B5A2-5B4D9B112B5D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{9DEE38F8-50E1-481A-BC13-373B537AEFF8}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds.exe |
"{9E60A133-86C5-47F8-AAC0-039C1738C971}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"{9EF6A113-796A-4EA9-97B0-EA08DE6FE984}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe |
"{9F7D7138-A40B-4927-9184-727A867F7384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A0831ECD-BBA7-4FCE-8D11-1422ABC12C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2EE8AAB-DD23-4503-9EC9-9CA3253B8274}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{A4B85B34-029D-4981-8EC4-D421FB17BEED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{A8E03B93-0C5A-4292-8416-DAB39BDD7E44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A928E70E-19BA-4DB1-959F-FFDC53AA98C7}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gamesettings.exe |
"{A9EAD30A-8048-4A88-95C4-9D65F04068FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AA4CDA7C-8DFE-448A-8C26-D3D5863B61FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{AA92C90A-9242-401D-B021-D6792DA66A50}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{AB9A8A1E-DBC7-4B7C-B3A4-7216836E3E20}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{B0D58702-0FBC-4CB2-8D1D-242BAF4F67C8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{B16D291E-C4AC-439C-BF6B-46BCB4326926}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{B4D23D31-5C55-4121-AC77-3274D2D760C8}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{B5890599-B10D-449B-835D-112D2E2E044E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B6638A1B-3D97-4213-9FB7-87D2666522D6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\impostors.exe |
"{B6E1D826-F854-49B7-B7C3-0D251918BE4D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B938CE19-0290-4AAC-9ACF-8DDD3C058C83}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{B9CD2372-D64D-4565-8319-43C55064954A}" = protocol=17 | dir=in | app=d:\icq\icq7m\icq.exe |
"{BABD614B-5235-494A-A914-52CA0B2DDC79}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{BB057E1D-17A3-48B4-8937-35225DC89CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEF229ED-F949-415E-AC7D-2037FC309D2F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\thief_2\thief2.exe |
"{C0E52C2B-851F-48CA-8E27-0404C3F2E96A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C0F3015E-1864-4787-84FD-62B69A9152FC}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{C1525E13-E6BC-40CA-8B26-8984181C0E9C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{C2EDDA48-55BE-4F83-8950-B3455270EA27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{C338194A-9308-4956-84FF-53514141415A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{C3A0E6B2-B64C-45BE-9C1E-2CA3D97662A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C3CAB425-35E5-4242-86D6-7FA972D062C6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight\torchlight.exe |
"{C5D49879-5960-441E-AEF7-4F1C10D0872D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5D7E97B-23A5-4893-BF94-854E50B09879}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C785F6BD-FD0D-4C26-9EA5-105759A4DB0F}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\rm.exe |
"{CA5CD6C8-BD88-4448-8ABE-B8F0376E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CACED957-856B-40C5-BC37-815BF7C9B2F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{CC63FA32-4459-4E7A-8AC8-825982EF980D}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia the forgotten sands\gu.exe |
"{CCB97EC8-81BD-4CE2-B984-F5C1B38241DE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{CDEC305F-3331-4E72-85CD-479E3222D8A0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\configure.exe |
"{CE194D10-8E8B-400F-A75F-82CC6ADD8A58}" = protocol=6 | dir=in | app=d:\resident evil 5\re5dx9.exe |
"{CF096E76-0A5D-480C-AD99-06D1B9CD5D01}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D1770717-C192-49A6-9C32-30C3A717E456}" = protocol=6 | dir=in | app=d:\two worlds\twoworlds_radeon.exe |
"{D19C0B65-35D9-438F-9436-1E08D5DF47C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5AB008C-11F5-4B30-9E09-0539C4CFAC82}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D6D143EC-62F6-461B-B758-F7E2BDDFF50B}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\videospin.exe |
"{D794F617-945D-4CF2-AE46-52EF094A60D2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\victoria 2\victoria2.exe |
"{D8963AED-F6B2-47CC-A6A0-114A1ABD7D05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{DB6C79A8-AEF3-476C-9676-9B94128531F3}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{DB907A39-CEE2-4867-86D3-3040155597DE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{DC0F6F22-345A-4B1B-9EFB-A018CE5B5838}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{DC8054DE-65BD-4C3D-8A69-B4021AA580CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{DDCC3543-4FFB-4204-BEEF-2257EC20BB67}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{DE8A9BF4-5329-4EC3-9204-276EBDB14F60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DEC6A77E-3069-4D44-AE36-656CE98F2F90}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{DF747036-D7C4-43F6-9882-AE9C5ABDE28A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{E1DF95DA-A0BD-4473-815E-34BE17543B86}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{E1E06B5E-B77E-4747-975D-064BEF071590}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{E3866EA7-414A-4690-90DB-C45385E98360}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{E3D03C56-980D-46D2-9598-FEAB3EBFA334}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E3E700EA-D83B-4730-AA84-9976134A2B7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{E4EDFF16-EC0D-4FA4-8D9A-F1D237DC21AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gotham city impostors\engine.exe |
"{EEBC9A66-2AC1-44FE-A2D2-541421148376}" = protocol=6 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe |
"{F0052071-863B-46BA-B072-18A8F73F0BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F031BE4A-79A0-48BE-A9FC-6959EDC04708}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe |
"{F08092E7-D90F-46AF-8DD6-21300F011EE9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F10CFF4F-9FCE-4C46-ABBD-2B2489CB05DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{F183DB4E-4D9E-4285-800B-7A253C700048}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crazy machines\crazymachines.exe |
"{F2DA9BC0-1666-4C3F-8143-584EB08077A7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\from dust\from_dust.exe |
"{F314B65E-9767-49C0-ACB7-539A3E892FCE}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe |
"{F36AE389-6B10-4EC6-934F-376896E676F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{F4CA3172-5A14-403C-9872-A2B308A1DAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F4F71649-2C2F-49AE-9731-A36537D633AA}" = protocol=17 | dir=in | app=d:\pinnacle\videospin\programs\umi.exe |
"{F6A6C0D8-6CF3-434C-83B1-68A43E5C5CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7097C52-5278-423A-A549-255856590281}" = protocol=6 | dir=in | app=d:\icq\icq7m\icq.exe |
"{F82DAE5F-23E9-44FA-8B13-36EF43938D23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F89F0A31-A311-46CB-950A-6487F7BD4D64}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{F8EFFE68-7AC5-448A-9C21-88ADE2F0D754}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{F9B6E1A6-498A-4141-AB01-CEDBA5048346}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{FA3ACE92-42D6-4735-A063-620CB003BCD7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{FCC0C9F7-8098-41FE-AF7D-2EC977079F00}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{FEA202CE-6989-430F-8E18-85446F836D00}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\imperium romanum\imperium romanum.exe |
"{FF74942E-9AEA-4892-81E0-28351EE2AB0B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{FFC078D8-9FAF-4B7D-A533-4C843ECEBC28}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"TCP Query User{15F11C01-A3BF-4C43-A707-93F672BEBEF7}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{16CF19D8-C059-4E1B-BE18-F97590595ECE}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{1B13663D-A854-46B4-B212-506F20D00C93}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{338022F7-6BA1-4477-841F-DE6315750D02}D:\dawn of wa\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of wa\soulstorm.exe |
"TCP Query User{4FD0B6CF-DD5E-4ECF-BA63-5896B01ABC2D}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{6375CEB8-85AA-48AC-BD80-95C3883DB977}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{7FCF50CD-05E6-4DE3-A307-63D93CF008B8}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{8DF3D9BC-B84F-4111-A9CD-7F58B2DD1C53}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{A4E46F89-2A38-48FC-B01C-E6EC6A4764E5}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{A77BA938-FB58-43FF-B64F-FEAB9595E05D}D:\fallout 3\fallout3ng.exe" = protocol=6 | dir=in | app=d:\fallout 3\fallout3ng.exe |
"TCP Query User{AF8787B6-5157-4A94-B57D-1FEC91921AF1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe |
"TCP Query User{BF207AA7-C5B5-4274-BED0-103B957B3B1E}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{D2B34067-6ECC-4CBA-8240-0797226603CA}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{D38E2CE7-D7E1-4963-A0DE-09174B0D940C}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{DCA5BD22-0F0B-43FF-85A8-3AE37FD68D27}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{E574B8CF-6611-4F24-9461-6848F115E762}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{FA94D70F-C45E-4988-8205-56A466AC9977}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{25F9137B-87E9-4B0F-AECB-E770DEE00555}D:\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{2C690DDC-3C12-43BA-AA7B-7C279662835B}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{31A2DC65-7AE2-4F83-B30A-29C45864AC7F}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{3F468FFF-5F77-4074-BD17-6E120AA841A9}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{61492429-1879-4329-99AD-2264F6947E2D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{6ECDFC15-AB77-4CA7-9C5A-5F5E1A658EB2}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{77DACE47-2F73-4E45-9A97-53BC9D9B8C1F}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{8008B67E-3976-4E5F-AC46-9C057C88165E}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{8401A586-1E21-4FE9-95E8-7A9800086BDB}D:\dawn of wa\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of wa\soulstorm.exe |
"UDP Query User{9E405F8C-AB35-4288-93A5-722A2A5D2CA1}D:\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{AD5D6CA6-3755-4148-A69A-738FB72CF853}D:\fallout 3\fallout3ng.exe" = protocol=17 | dir=in | app=d:\fallout 3\fallout3ng.exe |
"UDP Query User{CB365FE0-44B8-4DC3-B1BF-4F6F32F9E82E}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{E00A21EC-2355-482C-9417-ACD2B63BED44}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{EE0D233D-8022-4C2E-BB8D-B2A359E7BDFD}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{EEEF2CB4-46EB-4D44-8A34-11994BCCF84D}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F7459F8E-7D86-48E9-A4AE-60E87B89064B}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{F85DFF7E-4F96-41ED-A1D3-BBEE1F58258E}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb" = Dungeon Keeper 2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}" = ¹–ë‚̉S
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE5C9428-3DA7-4A0C-B5E0-16031B5DC030}_is1" = The Guild 2 - Renaissance
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Dungeon Keeper 2_is1" = Dungeon Keeper 2
"Earth 2160" = Earth 2160
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o.tel.o" = o.tel.o
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"Origin" = Origin
"Pharaoh Gold Bundle_is1" = Pharaoh Gold Bundle
"PunkBusterSvc" = PunkBuster Services
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 110800" = L.A. Noire
"Steam App 1840" = Source Filmmaker
"Steam App 18420" = Crazy Machines
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 204300" = Awesomenauts
"Steam App 21100" = F.E.A.R. 3
"Steam App 211120" = The Political Machine 2012
"Steam App 21170" = Gotham City Impostors
"Steam App 211740" = Thief 2
"Steam App 23400" = Imperium Romanum: Gold Edition
"Steam App 25890" = Hearts of Iron III
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 33460" = From Dust
"Steam App 41510" = Torchlight Demo
"Steam App 42910" = Magicka
"Steam App 42960" = Victoria II
"Steam App 47890" = The Sims(TM) 3
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 57400" = Batman: Arkham City™
"Steam App 57620" = Patrician IV: Steam Special Edition
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 57690" = Tropico 4
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73010" = Cities in Motion
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Thief - Deadly Shadows_is1" = Thief - Deadly Shadows
"TippKönigin Demo_is1" = TippKönigin Demo 5.5
"Two Worlds" = Two Worlds
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zeus and Poseidon_is1" = Zeus and Poseidon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2012 11:30:14 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 06.10.2012 12:39:38 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.10.2012 06:51:20 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.10.2012 07:18:02 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 08.10.2012 03:27:23 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 05:23:31 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 15:31:07 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.10.2012 16:07:54 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10.10.2012 10:35:24 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10.10.2012 11:57:42 | Computer Name = PC-Wolfi | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ OSession Events ]
Error - 12.03.2012 19:01:47 | Computer Name = PC-Wolfi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2604
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.06.2012 08:45:52 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.06.2012 10:11:07 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 20.06.2012 07:42:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.06.2012 09:58:37 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.06.2012 11:24:53 | Computer Name = PC-Wolfi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >


kira 12.10.2012 06:47

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Wolfizero 12.10.2012 12:31

Zitat:

Zitat von kira (Beitrag 936389)
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Ich wollte erstmal ein wenig laufen lassen und ausprobieren, mal nen Tag warten und schauen, ob was passiert. Scheint aber alles stabil und ohne Probleme zu laufen. Dankeschön :huepp:

kira 12.10.2012 14:49

** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:

CCleaner
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen;)) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen;)
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute:)

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131