Ergebnis 1 bis 2 von 2

Thema: Diablo 3 Acc gehackt, Keylogger Trojaner?

  1. #1
    Einsteiger
    Registriert seit
    31.05.2012
    Beiträge
    1

    Diablo 3 Acc gehackt, Keylogger Trojaner?

    Hallo erstmal, bin neu hier und kenne mich auch im allgemeinen nicht super gut mit PC-Software aus. Darum bitte ich um Eure Hilfe.
    Habe versucht alle Punkte abzuarbeiten. Vielen Dank im Voraus.

    2. Zum Problem:

    Dies ist die letzte Antwort unseres Kundensupports:
    Hallo,

    auf Grund deiner Meldung haben wir deinen Account überprüft und konnten bestätigen, das dein Battle.net Account kompromittiert, also umgangssprachlich gehackt, wurde.

    ==========> BATTLE.NET ACCOUNT
    ---> Was genau ist geschehen?
    - Dein Computer wurde scheinbar durch einen Keylogger, Trojaner oder Virus infiziert. Dieser Vorfall kann ebenso durch einen Besuch einer Phishing Webseite verursacht worden sein oder auch durch die Antwort auf eine Phishing E-Mail
    Das Problem ist wie im Titel schon gennant, mein Diablo 3 Account gehackt wurde und ich weiß natürlich nicht wie, wieso, weshalb, warum?


    Der Account wurde wohl in der heutigen Nacht angegriffen. An Hardware habe ich seit gestern nichts geändert, ebenso keine neue Software
    (außer Hijackthis, OTL, alle von Euch vorgeschlagenen Programme) installiert.

    3. Zum System:
    Auf meinem System (Windows 7, 64 Bit) läuft von Dell vorinstalliert McAfee, welcher nach Scans natürlich nichts ergeben hat.
    Firewall von McAfee ist aktiviert. Filesharing Programme nutze ich nicht.

    4. Hijackthis
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:27:18, on 31.05.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Hama\Common\RaUI.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Downloads\HiJackThis204(1).exe
    C:\Windows\SysWOW64\DllHost.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507040427.dll
    O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files (x86)\Hama\Common\RaUI.exe
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mein Username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 12302 bytes
    4. OTL
    Code:
    OTL logfile created on: 31.05.2012 11:02:28 - Run 1
    OTL by OldTimer - Version 3.2.44.0     Folder = C:\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    7,98 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 75,35% Memory free
    15,96 Gb Paging File | 13,47 Gb Available in Paging File | 84,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1849,73 Gb Total Space | 822,94 Gb Free Space | 44,49% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive J: | 1397,26 Gb Total Space | 93,17 Gb Free Space | 6,67% Space Free | Partition Type: NTFS
     
    Computer Name: xxxOTL Extras logfile created on: 31.05.2012 11:02:28 - Run 1
    OTL by OldTimer - Version 3.2.44.0     Folder = C:\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    7,98 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 75,35% Memory free
    15,96 Gb Paging File | 13,47 Gb Available in Paging File | 84,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1849,73 Gb Total Space | 822,94 Gb Free Space | 44,49% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive J: | 1397,26 Gb Total Space | 93,17 Gb Free Space | 6,67% Space Free | Partition Type: NTFS
     
    Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{095F8DDA-C3BF-457E-B927-B76500EDC4AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{0985609A-2ED3-4B13-89F5-F6A9004E70B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{0FD8E025-676C-4ABA-BFFC-2D2A7CF6856E}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{1391309B-698D-4B21-9A84-49BFB980F7F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{175E9320-4C51-4D04-9DF4-2FA94C7EEA17}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{1BD97897-45EB-4879-BB71-90822EDD2338}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
    "{1D26247A-E7BC-4DD1-9249-C3862C288CBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{39D83077-751D-4AEA-9518-627035778EF5}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{5C254867-37A6-460B-8578-6BB9CAAAD918}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{65402D69-E9D1-4919-9884-80C451E3554C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{69262453-C31E-4B4D-BC4F-C3117DFEECDD}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
    "{6B42E824-605C-4E28-92AE-C11DD57D64E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{73CFF405-813B-4D68-9CB6-8674915F0CE1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{79CC9C8A-4088-45C3-9725-A1B169EA2090}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{7D4AE174-F94B-4736-B57F-210420D74873}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{7F10492E-0907-4282-ABEF-AD1156DCE0B7}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{9297054D-A9B7-43F4-BD73-8337E961CBE8}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
    "{970D2AD3-5AD9-4E5E-95EF-2B9EB53940B5}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{99605ED1-58E8-4E2B-8809-70A92930A6FF}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{9D953912-B7E3-4004-A930-7ED31D863CA9}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{A606F42D-9AC9-4450-A8E7-4B56CBB42F64}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{A8EA5FC9-535D-4FA9-8E63-1BED685629E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{A951554C-708D-4815-A7BF-491B67EC6517}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{B6A06B11-42D9-4F2A-81CA-AA073DDDB9B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BEC8CEE7-AC0B-4A7D-91A7-3622D32DA86E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{CB459301-E125-414B-806C-587D328C3064}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{CF862B5F-5479-4341-8FE8-BEAEBECD85C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D129B351-BD97-4D24-BE3D-F4BB11DCEDF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D1A2B75B-58C8-40D4-8B75-E3492F1291D1}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{D8AB3ABE-87A6-4516-830E-91EB2EAB253E}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
    "{EA31AF9F-86CB-4B66-8F5F-845F6CFEC531}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F13540E1-46E8-48AD-B559-548FAFF0B916}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{F1EA70F4-8081-4212-B3DB-98A7743DF20C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{FEFCAB2F-0B16-4CBC-8C9A-895066F0E39C}" = rport=138 | protocol=17 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{005E1098-2D01-4176-AB27-E352B1F78F8B}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | 
    "{0B4F034F-EF7B-4667-A90E-B6E16F357B9B}" = protocol=17 | dir=in | app=c:\games\diablo iii\diablo iii.exe | 
    "{0DA98CCD-E429-4322-87F0-28160EF16F45}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
    "{0F5C0720-9558-4CF0-84C9-83C164BCFA85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{13CF3D2D-E4C2-4223-AE36-AB0B310E536A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
    "{1703DFDD-DCAF-4202-ACF6-45F8E84DBF9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
    "{1A65BA2B-952A-4862-93AB-5343DF555925}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{1C65D50F-9DFB-4F77-81E7-CC595D09B804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{1ECC231D-518D-42BB-BCF6-BA5C3A8C3212}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{22B259D0-1154-456D-9D8D-BC7386F6578A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{239DA2F6-C88D-4900-AC70-1E320A4F2B7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{267988B8-6FCE-42F5-B836-C1A18DCE50A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    "{28826182-92C4-495E-BA47-10D95C142FD8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{2E9D0BFE-1BB8-427E-897E-98969C29ABBF}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
    "{3206CB4A-3F73-48C1-95F2-F4CDAE8A244F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{34CB18B5-8406-4396-85EB-8A5CEA087848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{3AACECD5-0178-401E-86CC-B70E419A43CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{3BEB550E-81EA-4E43-B9AE-1FD1B521D0FC}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | 
    "{3D888CAD-3EC1-4E98-8742-FE9F0C5DDD91}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{465CA5D0-DC8B-40FF-AE51-1A49B485E3A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{472A2E41-CE5F-43E6-8DD5-F35CC5947E5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{49F48181-66D1-4E0E-B06A-F182F5B4576D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{4F649AF7-D98C-40BD-8EDA-00DE4D01465B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{513F2E67-D6B1-43C8-8BE8-1A45A8161423}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    "{524660DF-85E3-4094-8F7F-C8DFCE29C71E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
    "{55AF99C3-4F3B-47B8-92DA-612AC3F52AD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{5673864D-A9F2-4F78-83A8-9DF9E046A363}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
    "{65EC8EA6-0738-475E-81B9-ABC74DA0633D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    "{662D9D46-05E0-4830-9A17-86F4062DE099}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | 
    "{67D8FE47-6D9B-4DF8-884B-968BC564D4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xearor\day of defeat\hl.exe | 
    "{71B7C138-4955-4179-A82E-BA77E78E847E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
    "{79E50EFD-0DF0-4F80-BCF6-0A85A01D4AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
    "{7A94D2BC-DEE8-45D9-83BC-A249153167C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{81BF0732-B5D3-45F2-94EC-2CDC553B9B43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{840F8A11-AA7D-456D-9C7A-0704839BF13D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xearor\day of defeat\hl.exe | 
    "{850282AD-F0B8-45CF-8189-AB2CF7312113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{852FDFE7-0870-47C3-9265-8C4B47AE4063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{881DB41B-B003-4EFF-8775-98DD9920A76D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    "{8CF64051-426E-4040-A396-99EABD8CDAD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9506F0E7-2A78-419F-8927-3E049E692E74}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{9AEA5F0F-6F08-4BF1-AF18-0353B7FCE0CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9C190E56-F793-4086-A027-5163ABA1E1CA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    "{A066B4F2-4747-4B19-A8D5-4E55D6D8844A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    "{A29FF808-0654-4BDF-9850-EECFA4C4F293}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{A5604C5F-36F7-4466-A191-66C103D1CEF8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{A7F920E7-92FA-49B8-AF22-D44C5896ECF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
    "{A8D32A95-DC78-4982-9DC8-05007B1CD8D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
    "{AA2826AE-0F0C-4563-A42E-52AD5B885BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{AB9804F6-B2D7-4E2D-AD3A-9CC4CF1D9B8C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{AD66F996-E0B1-40BE-A986-18C1566C3ED9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{B51E58C1-FE16-477F-8D7F-6539A210C570}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{B79D5B87-A16A-4158-A02E-6FA51C3BFDB7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
    "{BFD3FF7B-FE70-4443-9293-77C725C22CF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C919D2E9-5200-4509-B58F-3E8629DC7D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
    "{C9FC6F8F-084C-4F49-9A73-E70258D7F314}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{CB1BE6B5-82F6-4D89-8A4F-C2B9D582BACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{CB2DBE77-3C88-4D2D-BF15-27B0B6D4BB31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
    "{D51F19AF-5129-4738-B1DD-76F168461385}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D716BA0B-DB3A-4120-AF3D-E9B5678C747C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{DF81BAB8-A6D4-4BD9-BF13-19C88C6EF3D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{E2322AE0-8EC6-4096-A9C2-43B00918A3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{E2E77F39-01D4-409D-917F-C0589598FBB0}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    "{E4622F64-FE55-4A1B-B829-BA9932F419AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{E7A8A838-0644-412D-89D4-C7261184B215}" = protocol=6 | dir=out | app=system | 
    "{EC16757B-D867-4099-B98B-F7D1E5FB99E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{EDAD6566-7064-417C-8B12-2FB40C8B2DB3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{EE235261-47D7-47AC-ACE8-74AF9E123F69}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{F605FA55-C38E-4307-AE03-D5B2521C8652}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{F84A055A-AC2D-44F7-84E0-440843CFF89E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    "{FFADC61C-1A51-4388-ACA3-8256BC9E160A}" = protocol=6 | dir=in | app=c:\games\diablo iii\diablo iii.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.10 (64-Bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
    "{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-001
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
    "{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
    "{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
    "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
    "{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
    "{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AudioCS" = Creative Audio-Systemsteuerung
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diablo III" = Diablo III
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
    "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "IsoBuster_is1" = IsoBuster 2.8.5
    "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee SecurityCenter
    "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "Steam App 10500" = Empire: Total War
    "Steam App 30" = Day of Defeat
    "Steam App 42910" = Magicka
    "Steam App 65800" = Dungeon Defenders
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "ZinioReader4" = Zinio Reader 4
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 07.05.2012 07:50:20 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 07:50:20 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9032
     
    Error - 07.05.2012 07:50:20 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9032
     
    Error - 07.05.2012 07:50:21 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 07:50:21 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10031
     
    Error - 07.05.2012 07:50:21 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
     
    Error - 07.05.2012 11:44:38 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 11:44:38 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 14066953
     
    Error - 07.05.2012 11:44:38 | Computer Name = xxx-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 14066953
     
    Error - 07.05.2012 20:50:03 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
    Description = 
     
    [ System Events ]
    Error - 24.05.2012 12:43:43 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 25.05.2012 04:29:10 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 25.05.2012 11:11:44 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 26.05.2012 11:21:00 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 27.05.2012 09:04:29 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 27.05.2012 09:56:05 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 28.05.2012 08:39:48 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 28.05.2012 15:36:24 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 30.05.2012 05:56:01 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 30.05.2012 19:02:07 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
    Description = 
     
     
    < End of report >
    -PC | User Name: xxx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.05.31 11:01:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
    PRC - [2012.05.03 18:19:08 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012.02.02 12:01:08 | 002,668,864 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2012.01.02 23:25:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010.09.13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2006.08.04 10:58:34 | 000,610,304 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.05.03 18:19:07 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012.02.22 16:21:24 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010.01.12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009.12.29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
    MOD - [2009.08.26 06:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - [2012.03.22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
    SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011.04.20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011.03.08 18:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
    SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
    SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV - [2012.05.03 18:19:08 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.02.17 20:52:44 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012.01.02 23:25:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011.10.24 22:17:26 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011.10.24 22:08:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2011.10.24 22:08:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011.09.05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010.11.25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010.11.25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010.09.13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012.02.07 14:58:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011.10.25 05:45:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.10.25 05:45:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011.04.20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011.04.20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
    DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010.11.17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010.09.22 05:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010.09.14 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010.06.08 14:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010.02.27 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009.07.27 08:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
    DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8
    IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.08 02:48:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.03 18:19:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2011.10.30 14:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
    [2012.05.27 15:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ufb2re6r.default\extensions
    [2012.04.24 11:44:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ufb2re6r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.05.27 15:21:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ufb2re6r.default\extensions\ich@maltegoetz.de
    [2012.05.03 18:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.03.27 21:48:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012.01.06 15:46:53 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UFB2RE6R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012.02.17 22:17:18 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UFB2RE6R.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
    [2012.05.03 18:19:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120507040427.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507040427.dll (McAfee, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{698239AF-5ABC-4E3D-BC69-A196232BF3C0}: DhcpNameServer = 192.168.5.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83823B5B-02E7-4CBC-B520-039679CFB844}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF000D52-4498-4C84-9762-984ED0FB2A29}: DhcpNameServer = 192.168.5.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0617FFC-EC3A-48F8-91E8-E98AE57982E1}: DhcpNameServer = 192.168.5.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{b9f9e1c8-50fb-11e1-b8c6-180373d833d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9f9e1c8-50fb-11e1-b8c6-180373d833d8}\Shell\AutoRun\command - "" = I:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.05.31 09:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012.05.24 23:07:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\LolClient2
    [2012.05.21 11:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012.05.21 11:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012.05.21 11:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012.05.16 01:11:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Diablo III
    [2012.05.16 00:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012.05.16 00:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012.05.16 00:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012.05.16 00:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012.05.10 09:53:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Windows Live
    [2012.05.10 09:53:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{DE5EE6D6-445B-45ED-8E38-CD118D64A64C}
    [2012.05.10 09:53:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
    [2012.05.10 09:53:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Windows Live Writer
    [2012.05.09 00:08:59 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2012.05.09 00:08:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012.05.09 00:08:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012.05.09 00:08:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012.05.07 19:20:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\gif
    [2012.05.03 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012.05.03 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012.05.01 12:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012.05.01 12:22:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012.05.01 12:22:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012.05.01 12:22:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012.05.01 12:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.05.31 10:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.05.31 09:44:50 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.05.31 09:44:50 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.05.31 09:41:41 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.05.31 09:41:41 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.05.31 09:41:41 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.05.31 09:41:41 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.05.31 09:41:41 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.05.31 09:37:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.05.31 09:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.05.31 09:37:23 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
    [2012.05.29 22:36:51 | 000,013,041 | ---- | M] () -- C:\Users\xxx\Desktop\69198-313290615419436-217652838316548-732878-1517798634-n.jpg
    [2012.05.23 19:13:13 | 000,003,453 | ---- | M] () -- C:\Users\xxx\Desktop\2000pkt 23.05.oc
    [2012.05.21 10:09:25 | 000,044,755 | ---- | M] () -- C:\Users\xxx\Desktop\proxtube_gesperrte_youtube_videos_schauen-1.4.2-fx.xpi
    [2012.05.16 01:09:47 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012.05.09 18:27:21 | 000,003,645 | ---- | M] () -- C:\Users\xxx\Desktop\2000 pkt test.oc
    [2012.05.09 03:23:49 | 000,319,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.05.08 03:01:24 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.05.07 19:07:55 | 000,175,865 | ---- | M] () -- C:\Users\xxx\Desktop\capone friends.png
    [2012.05.06 16:09:00 | 000,204,032 | ---- | M] () -- C:\Users\xxx\Desktop\ISA 240.pdf
    [2012.05.06 02:08:46 | 000,782,223 | ---- | M] () -- C:\Users\xxx\Desktop\PENTAKILL.jpg
    [2012.05.03 11:58:44 | 000,003,502 | ---- | M] () -- C:\Users\xxx\Desktop\LSG 2000 Hochelfen.oc
    [2012.05.03 10:36:22 | 000,003,489 | ---- | M] () -- C:\Users\xxx\Desktop\high elf 2000 03.05.2012.oc
    [2012.05.03 10:36:01 | 000,003,489 | ---- | M] () -- C:\Users\xxx\Documents\high elf 2000 03.05.2012.oc
    [2012.05.01 12:22:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012.05.01 12:22:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012.05.01 12:22:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012.05.01 12:22:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.05.29 22:36:50 | 000,013,041 | ---- | C] () -- C:\Users\\Desktop\69198-313290615419436-217652838316548-732878-1517798634-n.jpg
    [2012.05.27 15:20:41 | 000,044,755 | ---- | C] () -- C:\Users\\Desktop\proxtube_gesperrte_youtube_videos_schauen-1.4.2-fx.xpi
    [2012.05.23 19:13:13 | 000,003,453 | ---- | C] () -- C:\Users\\Desktop\2000pkt 23.05.oc
    [2012.05.18 14:03:29 | 005,701,632 | ---- | C] () -- C:\Users\\Desktop\DSC00465.JPG
    [2012.05.16 00:54:22 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012.05.09 18:27:21 | 000,003,645 | ---- | C] () -- C:\Users\Desktop\2000 pkt test.oc
    [2012.05.07 19:07:55 | 000,175,865 | ---- | C] () -- C:\Users\r\Desktop\capone friends.png
    [2012.05.06 16:09:00 | 000,204,032 | ---- | C] () -- C:\Users\j\Desktop\ISA 240.pdf
    [2012.05.06 02:08:46 | 000,782,223 | ---- | C] () -- C:\Users\r\Desktop\PENTAKILL.jpg
    [2012.05.03 11:58:44 | 000,003,502 | ---- | C] () -- C:\Users\\Desktop\LSG 2000 Hochelfen.oc
    [2012.05.03 10:36:22 | 000,003,489 | ---- | C] () -- C:\Users\\Desktop\high elf 2000 03.05.2012.oc
    [2012.05.03 10:36:01 | 000,003,489 | ---- | C] () -- C:\Users\\Documents\high elf 2000 03.05.2012.oc
    [2012.02.21 22:06:27 | 000,040,960 | ---- | C] () -- C:\Windows\vsnpstd.exe
    [2012.02.21 22:06:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dsnpstd.dll
    [2012.02.21 22:06:26 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
    [2012.02.21 22:06:22 | 000,301,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd.sys
    [2012.02.21 22:06:21 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd.dll
    [2012.02.21 22:06:21 | 000,040,960 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd.dll
    [2012.02.21 22:06:21 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd.dll
    [2012.02.21 22:06:19 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
    [2012.02.01 23:45:57 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012.01.03 19:49:55 | 000,007,666 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
    [2011.10.31 10:58:09 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\AegisI5.exe
    [2011.10.31 10:58:09 | 000,290,918 | ---- | C] () -- C:\Windows\SysWow64\Install7x.dll
    [2011.10.31 10:58:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt73.bin
    [2011.10.30 15:14:21 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011.10.30 15:14:19 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011.10.25 05:34:53 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011.10.24 22:41:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.10.24 22:17:46 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011.10.24 22:17:46 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011.10.24 22:17:46 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011.10.24 22:08:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011.10.24 22:08:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011.10.24 22:08:37 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
    [2011.10.24 22:08:37 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
    [2011.10.24 22:08:37 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
    [2011.10.24 22:08:37 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
    [2011.10.24 22:08:37 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
    [2011.10.24 22:08:37 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
    [2011.10.24 22:08:37 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
    [2011.10.24 22:08:37 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
    [2011.10.24 22:08:37 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
    [2011.10.24 22:08:37 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
    [2011.10.24 22:08:37 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
    [2011.10.24 22:08:37 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
    [2011.10.24 22:08:37 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
    [2011.10.24 22:08:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
    [2011.10.24 22:08:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
    [2011.04.19 23:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011.02.11 12:22:50 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
     
    ========== LOP Check ==========
     
    [2012.02.07 15:02:04 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools Pro
    [2012.04.24 11:44:54 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoft
    [2012.04.24 11:44:39 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011.10.30 14:24:47 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Fingertapps
    [2011.10.30 22:11:25 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\LolClient
    [2012.05.24 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\LolClient2
    [2011.10.30 14:40:37 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Origin
    [2012.05.17 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\SoftGrid Client
    [2012.02.13 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\The Creative Assembly
    [2011.11.24 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\TP
    [2012.02.04 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Tropico 3
    [2011.11.01 10:55:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\wargaming.net
    [2012.05.10 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Windows Live Writer
    [2012.04.05 21:04:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    OTL EXTRAS
    Code:
    OTL Extras logfile created on: 31.05.2012 11:02:28 - Run 1
    OTL by OldTimer - Version 3.2.44.0     Folder = C:\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    7,98 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 75,35% Memory free
    15,96 Gb Paging File | 13,47 Gb Available in Paging File | 84,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1849,73 Gb Total Space | 822,94 Gb Free Space | 44,49% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive J: | 1397,26 Gb Total Space | 93,17 Gb Free Space | 6,67% Space Free | Partition Type: NTFS
     
    Computer Name: xxxPC | User Name: xxx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{095F8DDA-C3BF-457E-B927-B76500EDC4AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{0985609A-2ED3-4B13-89F5-F6A9004E70B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{0FD8E025-676C-4ABA-BFFC-2D2A7CF6856E}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{1391309B-698D-4B21-9A84-49BFB980F7F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{175E9320-4C51-4D04-9DF4-2FA94C7EEA17}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{1BD97897-45EB-4879-BB71-90822EDD2338}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
    "{1D26247A-E7BC-4DD1-9249-C3862C288CBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{39D83077-751D-4AEA-9518-627035778EF5}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{5C254867-37A6-460B-8578-6BB9CAAAD918}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{65402D69-E9D1-4919-9884-80C451E3554C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{69262453-C31E-4B4D-BC4F-C3117DFEECDD}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
    "{6B42E824-605C-4E28-92AE-C11DD57D64E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{73CFF405-813B-4D68-9CB6-8674915F0CE1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{79CC9C8A-4088-45C3-9725-A1B169EA2090}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{7D4AE174-F94B-4736-B57F-210420D74873}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{7F10492E-0907-4282-ABEF-AD1156DCE0B7}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{9297054D-A9B7-43F4-BD73-8337E961CBE8}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
    "{970D2AD3-5AD9-4E5E-95EF-2B9EB53940B5}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{99605ED1-58E8-4E2B-8809-70A92930A6FF}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{9D953912-B7E3-4004-A930-7ED31D863CA9}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{A606F42D-9AC9-4450-A8E7-4B56CBB42F64}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{A8EA5FC9-535D-4FA9-8E63-1BED685629E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{A951554C-708D-4815-A7BF-491B67EC6517}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{B6A06B11-42D9-4F2A-81CA-AA073DDDB9B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BEC8CEE7-AC0B-4A7D-91A7-3622D32DA86E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{CB459301-E125-414B-806C-587D328C3064}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
    "{CF862B5F-5479-4341-8FE8-BEAEBECD85C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D129B351-BD97-4D24-BE3D-F4BB11DCEDF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D1A2B75B-58C8-40D4-8B75-E3492F1291D1}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{D8AB3ABE-87A6-4516-830E-91EB2EAB253E}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
    "{EA31AF9F-86CB-4B66-8F5F-845F6CFEC531}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F13540E1-46E8-48AD-B559-548FAFF0B916}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{F1EA70F4-8081-4212-B3DB-98A7743DF20C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{FEFCAB2F-0B16-4CBC-8C9A-895066F0E39C}" = rport=138 | protocol=17 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{005E1098-2D01-4176-AB27-E352B1F78F8B}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | 
    "{0B4F034F-EF7B-4667-A90E-B6E16F357B9B}" = protocol=17 | dir=in | app=c:\games\diablo iii\diablo iii.exe | 
    "{0DA98CCD-E429-4322-87F0-28160EF16F45}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
    "{0F5C0720-9558-4CF0-84C9-83C164BCFA85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{13CF3D2D-E4C2-4223-AE36-AB0B310E536A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
    "{1703DFDD-DCAF-4202-ACF6-45F8E84DBF9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
    "{1A65BA2B-952A-4862-93AB-5343DF555925}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{1C65D50F-9DFB-4F77-81E7-CC595D09B804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{1ECC231D-518D-42BB-BCF6-BA5C3A8C3212}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{22B259D0-1154-456D-9D8D-BC7386F6578A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{239DA2F6-C88D-4900-AC70-1E320A4F2B7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{267988B8-6FCE-42F5-B836-C1A18DCE50A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    "{28826182-92C4-495E-BA47-10D95C142FD8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{2E9D0BFE-1BB8-427E-897E-98969C29ABBF}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
    "{3206CB4A-3F73-48C1-95F2-F4CDAE8A244F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{34CB18B5-8406-4396-85EB-8A5CEA087848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{3AACECD5-0178-401E-86CC-B70E419A43CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{3BEB550E-81EA-4E43-B9AE-1FD1B521D0FC}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | 
    "{3D888CAD-3EC1-4E98-8742-FE9F0C5DDD91}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{465CA5D0-DC8B-40FF-AE51-1A49B485E3A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{472A2E41-CE5F-43E6-8DD5-F35CC5947E5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{49F48181-66D1-4E0E-B06A-F182F5B4576D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{4F649AF7-D98C-40BD-8EDA-00DE4D01465B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{513F2E67-D6B1-43C8-8BE8-1A45A8161423}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    "{524660DF-85E3-4094-8F7F-C8DFCE29C71E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
    "{55AF99C3-4F3B-47B8-92DA-612AC3F52AD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{5673864D-A9F2-4F78-83A8-9DF9E046A363}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
    "{65EC8EA6-0738-475E-81B9-ABC74DA0633D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    "{662D9D46-05E0-4830-9A17-86F4062DE099}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | 
    "{67D8FE47-6D9B-4DF8-884B-968BC564D4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xearor\day of defeat\hl.exe | 
    "{71B7C138-4955-4179-A82E-BA77E78E847E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
    "{79E50EFD-0DF0-4F80-BCF6-0A85A01D4AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
    "{7A94D2BC-DEE8-45D9-83BC-A249153167C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{81BF0732-B5D3-45F2-94EC-2CDC553B9B43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{840F8A11-AA7D-456D-9C7A-0704839BF13D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xearor\day of defeat\hl.exe | 
    "{850282AD-F0B8-45CF-8189-AB2CF7312113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{852FDFE7-0870-47C3-9265-8C4B47AE4063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{881DB41B-B003-4EFF-8775-98DD9920A76D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    "{8CF64051-426E-4040-A396-99EABD8CDAD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9506F0E7-2A78-419F-8927-3E049E692E74}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{9AEA5F0F-6F08-4BF1-AF18-0353B7FCE0CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9C190E56-F793-4086-A027-5163ABA1E1CA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    "{A066B4F2-4747-4B19-A8D5-4E55D6D8844A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    "{A29FF808-0654-4BDF-9850-EECFA4C4F293}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{A5604C5F-36F7-4466-A191-66C103D1CEF8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{A7F920E7-92FA-49B8-AF22-D44C5896ECF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
    "{A8D32A95-DC78-4982-9DC8-05007B1CD8D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
    "{AA2826AE-0F0C-4563-A42E-52AD5B885BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{AB9804F6-B2D7-4E2D-AD3A-9CC4CF1D9B8C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{AD66F996-E0B1-40BE-A986-18C1566C3ED9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{B51E58C1-FE16-477F-8D7F-6539A210C570}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{B79D5B87-A16A-4158-A02E-6FA51C3BFDB7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
    "{BFD3FF7B-FE70-4443-9293-77C725C22CF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C919D2E9-5200-4509-B58F-3E8629DC7D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
    "{C9FC6F8F-084C-4F49-9A73-E70258D7F314}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{CB1BE6B5-82F6-4D89-8A4F-C2B9D582BACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{CB2DBE77-3C88-4D2D-BF15-27B0B6D4BB31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
    "{D51F19AF-5129-4738-B1DD-76F168461385}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D716BA0B-DB3A-4120-AF3D-E9B5678C747C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{DF81BAB8-A6D4-4BD9-BF13-19C88C6EF3D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{E2322AE0-8EC6-4096-A9C2-43B00918A3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    "{E2E77F39-01D4-409D-917F-C0589598FBB0}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    "{E4622F64-FE55-4A1B-B829-BA9932F419AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{E7A8A838-0644-412D-89D4-C7261184B215}" = protocol=6 | dir=out | app=system | 
    "{EC16757B-D867-4099-B98B-F7D1E5FB99E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{EDAD6566-7064-417C-8B12-2FB40C8B2DB3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{EE235261-47D7-47AC-ACE8-74AF9E123F69}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
    "{F605FA55-C38E-4307-AE03-D5B2521C8652}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{F84A055A-AC2D-44F7-84E0-440843CFF89E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    "{FFADC61C-1A51-4388-ACA3-8256BC9E160A}" = protocol=6 | dir=in | app=c:\games\diablo iii\diablo iii.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.10 (64-Bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
    "{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-001
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
    "{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
    "{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
    "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
    "{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
    "{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AudioCS" = Creative Audio-Systemsteuerung
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diablo III" = Diablo III
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
    "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "IsoBuster_is1" = IsoBuster 2.8.5
    "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee SecurityCenter
    "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "Steam App 10500" = Empire: Total War
    "Steam App 30" = Day of Defeat
    "Steam App 42910" = Magicka
    "Steam App 65800" = Dungeon Defenders
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "ZinioReader4" = Zinio Reader 4
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 07.05.2012 07:50:20 | Computer Name =  | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 07:50:20 | Computer Name = r-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9032
     
    Error - 07.05.2012 07:50:20 | Computer Name = r-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9032
     
    Error - 07.05.2012 07:50:21 | Computer Name = -PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 07:50:21 | Computer Name = -PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextSchduledEvent 10031
     
    Error - 07.05.2012 07:50:21 | Computer Name = -PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextSchduledSPRetry 10031
     
    Error - 07.05.2012 11:44:38 | Computer Name = -PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second
     
    Error - 07.05.2012 11:44:38 | Computer Name = C | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 14066953
     
    Error - 07.05.2012 11:44:38 | Computer Name = -PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 14066953
     
    Error - 07.05.2012 20:50:03 | Computer Name = PC | Source = WinMgmt | ID = 10
    Description = 
     
    [ System Events ]
    Error - 24.05.2012 12:43:43 | Computer Name = PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 25.05.2012 04:29:10 | Computer Name = PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 25.05.2012 11:11:44 | Computer Name = PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 26.05.2012 11:21:00 | Computer Name =  | Source = DCOM | ID = 10010
    Description = 
     
    Error - 27.05.2012 09:04:29 | Computer Name =  | Source = DCOM | ID = 10010
    Description = 
     
    Error - 27.05.2012 09:56:05 | Computer Name = PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 28.05.2012 08:39:48 | Computer Name = PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 28.05.2012 15:36:24 | Computer Name = r-PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 30.05.2012 05:56:01 | Computer Name = -PC | Source = DCOM | ID = 10010
    Description = 
     
    Error - 30.05.2012 19:02:07 | Computer Name = -PC | Source = DCOM | ID = 10010
    Description = 
     
     
    < End of report >
    5. Rootkit Scan
    Code:
    Sophos Anti-Rootkit Version 1.5.20  (c) 2009 Sophos Plc
    Started logging on 31.05.2012 at 11:15:16
    User "xxx" on computer "xxx-PC"
    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    Info:	Starting registry scan.
    Info:	Starting disk scan of C: (NTFS).
    Hidden:	file C:\Program Files (x86)\Common Files\Nero\BDCore10\BD_NeAudio2.ax
    Hidden:	file C:\Program Files (x86)\Nero\SyncUP\Nero.BDGraphic\NeBDGraphic.ax
    Hidden:	file C:\Program Files (x86)\Nero\SyncUP\Nero.DiscNavDvd\DiscNavDvd.ax
    Hidden:	file C:\Program Files (x86)\Nero\SyncUP\SMC\NeAudio2.ax
    Hidden:	file C:\Program Files (x86)\Nero\SyncUP\SMC\NeroVMRModules.dll
    Hidden:	file C:\Spiele\Alt\Portal\Portal incl. Addon Prelude v. 1.15 German\Portal.incl.Addon.German.Setup.exe
    Hidden:	file C:\Spiele\Alt\Mirror's Edge\MirrorsEdge.exe
    Hidden:	file C:\Spiele\Alt\Crayon.Physics.Deluxe.v1.0.r51.2009.dellopos\Crayon Physics Deluxe v1.0 r51 (2009)(ENG)\setup\crayon_release51.exe
    Hidden:	file C:\Spiele\Alt\Heroes of Might & Magic 6\Heroes of Might & Magic 6 Patch 1.1\Crack 1.1\Might & Magic Heroes VI.exe
    Hidden:	file C:\Spiele\Alt\Mirrors.Edge-RELOADED\MirrorsEdge.exe
    Hidden:	file C:\Spiele\Alt\Might.and.Magic.Clash.of.Heroes.v1.0.0.2.multi8.cracked.READ.NFO-THETA\Might.and.Magic.Clash.of.Heroes.v1.0.0.2.multi8.cracked.READ.NFO-THETA\Might & Magic - Clash of Heroes.exe
    Hidden:	file C:\Spiele\Anno 2070\Anno.2070.CrackOnly-RELOADED\Anno.2070.CrackOnly-RELOADED\Crack\Anno5.exe
    Hidden:	file C:\Spiele\Anno 2070\AD2070_Setup\Files\TargetDir\solidcore32.dll
    Hidden:	file C:\Spiele\Batman Arkham City\Batman Crack\Binaries\Win32\PhysXExtensions.dll
    Hidden:	file C:\Spiele\Batman Arkham City\batman2\Binaries\Win32\PhysXExtensions.dll
    Hidden:	file C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
    Hidden:	file C:\Program Files\WinRAR\Default.SFX
    Hidden:	file C:\Downloads\empire neu\ETW_with_update2\Empire_Total_War_Update_2\update.exe
    Hidden:	file C:\Downloads\empire\Empire_Total_War_Update_2\update.exe
    Hidden:	file C:\Program Files (x86)\iTunes\iTunes.Resources\iTunes.dll
    Hidden:	file C:\Games\Empire Total War\update.exe
    Hidden:	file C:\Users\xxx\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
    Hidden:	file C:\Users\xxx\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    Hidden:	file C:\Downloads\jxpiinstall.exe
    Hidden:	file C:\Downloads\OTL.exe
    Stopped logging on 31.05.2012 at 12:05:15
    6. HJTscanlist
    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.1.7601]
     
     
    C:
    
      31.05.2012 11:08     C:\Downloads --------- 196608   
      31.05.2012 11:08     C:\Program Files (x86) --------- 20480   
           C:\pagefile.sys ---------    
           C:\hiberfil.sys ---------    
      29.05.2012 04:27     C:\System Volume Information --------- 20480   
      21.05.2012 11:45     C:\Program Files --------- 8192   
      16.05.2012 01:09     C:\Games --------- 4096   
      16.05.2012 01:09     C:\ProgramData --------- 8192   
      29.03.2012 21:02     C:\Training --------- 0   
      29.03.2012 20:58     C:\Filme --------- 0   
      29.03.2012 20:50     C:\Spiele --------- 0   
      29.03.2012 17:52     C:\Musik --------- 0   
      21.02.2012 22:06     C:\Windows --------- 32768   
      30.10.2011 15:16     C:\dell --------- 0   
      30.10.2011 14:24     C:\$Recycle.Bin --------- 0   
      30.10.2011 14:20     C:\Users --------- 4096   
      30.10.2011 14:20     C:\Programme --------- 0   
      30.10.2011 14:20     C:\Dokumente und Einstellungen --------- 0   
      25.10.2011 05:47     C:\dell.sdr --------- 26433   
      25.10.2011 05:34     C:\Drivers --------- 0   
      24.10.2011 22:33     C:\Apps --------- 0   
      24.10.2011 22:11     C:\Intel --------- 0   
      14.07.2009 07:08     C:\Documents and Settings --------- 0   
      14.07.2009 05:20     C:\PerfLogs --------- 0   
    ----------------------------------------
    
     
    C:\Windows
    
      31.05.2012 09:41     C:\Windows\WindowsUpdate.log --------- 2001545   
      31.05.2012 09:37     C:\Windows\setupact.log --------- 63576   
      31.05.2012 09:37     C:\Windows\bootstat.dat --------- 67584   
      20.05.2012 20:52     C:\Windows\PFRO.log --------- 69690   
      18.05.2012 16:36     C:\Windows\KB893803v2.log --------- 2668   
      21.02.2012 22:09     C:\Windows\win.ini --------- 692   
      17.02.2012 20:52     C:\Windows\DirectX.log --------- 374154   
      01.02.2012 23:45     C:\Windows\NeroDigital.ini --------- 47   
      04.01.2012 13:08     C:\Windows\RPSETUP.EXE.LOG --------- 37410   
      30.10.2011 22:15     C:\Windows\msxml4-KB973688-enu.LOG --------- 296584   
      30.10.2011 22:15     C:\Windows\msxml4-KB954430-enu.LOG --------- 296878   
      25.10.2011 05:47     C:\Windows\csup.txt --------- 12   
      25.10.2011 05:45     C:\Windows\explorer.exe --------- 2871808   
      24.10.2011 22:56     C:\Windows\DtcInstall.log --------- 4059   
      24.10.2011 22:41     C:\Windows\ativpsrm.bin --------- 0   
      24.10.2011 22:24     C:\Windows\p¢? --------- 20   
      24.10.2011 22:17     C:\Windows\ctfile.rfc --------- 1733   
      24.10.2011 20:50     C:\Windows\TSSysprep.log --------- 3652   
      06.04.2011 00:46     C:\Windows\atiogl.xml --------- 32200   
      21.11.2010 05:25     C:\Windows\twain_32.dll --------- 51200   
      21.11.2010 05:24     C:\Windows\bfsvc.exe --------- 71168   
      21.11.2010 05:24     C:\Windows\splwow64.exe --------- 67072   
      10.11.2010 03:28     C:\Windows\WLXPGSS.SCR --------- 301936   
      23.06.2010 20:44     C:\Windows\WMPrfDeu.prx --------- 33820   
      30.11.2009 18:29     C:\Windows\THXCfg_SP_APOIM.ini --------- 1264   
      30.11.2009 18:29     C:\Windows\THXCfg_HP_APOIM.ini --------- 1247   
      30.11.2009 18:29     C:\Windows\THXCfg_APOIM.ini --------- 1247   
      27.07.2009 08:51     C:\Windows\CfgHPSp.ini --------- 1436   
      27.07.2009 08:51     C:\Windows\CfgHPHp.ini --------- 932   
      27.07.2009 08:51     C:\Windows\CfgHPRLI.ini --------- 453   
      27.07.2009 08:51     C:\Windows\CfgHPRMi.ini --------- 453   
      27.07.2009 08:51     C:\Windows\CfgHPDI.ini --------- 453   
      27.07.2009 08:51     C:\Windows\CfgHPDO.ini --------- 932   
      27.07.2009 08:51     C:\Windows\CfgHPFMi.ini --------- 453   
      27.07.2009 08:51     C:\Windows\Cfg05RMi.ini --------- 453   
      27.07.2009 08:51     C:\Windows\Cfg05RLI.ini --------- 453   
      27.07.2009 08:51     C:\Windows\Cfg05Hp.ini --------- 930   
      27.07.2009 08:51     C:\Windows\Cfg05Sp.ini --------- 1434   
      27.07.2009 08:51     C:\Windows\Cfg05DO.ini --------- 932   
      27.07.2009 08:51     C:\Windows\Cfg05DI.ini --------- 453   
      27.07.2009 08:51     C:\Windows\Cfg04Sp.ini --------- 1434   
      27.07.2009 08:51     C:\Windows\Cfg04RMi.ini --------- 453   
      27.07.2009 08:51     C:\Windows\Cfg05FMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg04Hp.ini --------- 930   
      27.07.2009 08:50     C:\Windows\Cfg04RLI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg04FMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg04DO.ini --------- 932   
      27.07.2009 08:50     C:\Windows\Cfg04DI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg03Sp.ini --------- 1091   
      27.07.2009 08:50     C:\Windows\Cfg03RMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg03Hp.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg03RLI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg03FMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg03DO.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg03DI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg02Sp.ini --------- 1091   
      27.07.2009 08:50     C:\Windows\Cfg02RMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg02RLI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg02Hp.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg02FMi.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg02DO.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg02DI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg01Sp.ini --------- 1000   
      27.07.2009 08:50     C:\Windows\Cfg01Mic.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg01LI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg01DO.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg01Hp.ini --------- 725   
      27.07.2009 08:50     C:\Windows\Cfg01DI.ini --------- 453   
      27.07.2009 08:50     C:\Windows\Cfg01APR.ini --------- 818   
      27.07.2009 08:50     C:\Windows\t3RDefE.exe --------- 8704   
      27.07.2009 08:50     C:\Windows\SB1049.reg --------- 992   
      27.07.2009 08:50     C:\Windows\SB1042.reg --------- 1396   
      27.07.2009 08:50     C:\Windows\SB0820.reg --------- 1702   
      27.07.2009 08:50     C:\Windows\SB1040.reg --------- 992   
      27.07.2009 08:50     C:\Windows\SB0710.reg --------- 1910   
      14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
      14.07.2009 06:51     C:\Windows\setuperr.log --------- 0   
      14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
      14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
      14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
      14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
      14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
      14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
      14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
      14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
      14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
      10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
      10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
      10.06.2009 23:08     C:\Windows\system.ini --------- 219   
      10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
      10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
      10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
      10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
      19.08.2005 17:51     C:\Windows\filespec7x --------- 138   
      23.02.2004 16:19     C:\Windows\usnpstd.exe --------- 20480   
      31.12.2003 18:39     C:\Windows\vsnpstd.exe --------- 40960   
      17.01.2003 18:35     C:\Windows\snpstd.src --------- 13023   
      17.01.2003 18:34     C:\Windows\snpstd.ini --------- 15541   
      03.07.2002 12:44     C:\Windows\amcap.exe --------- 53248   
      11.05.2000 02:00     C:\Windows\Updreg.EXE --------- 90112   
    ----------------------------------------
    
     
    C:\Windows\System
    
    ----------------------------------------
    
     
    C:\Windows\System32
    
     31.05.2012 11:08     C:\Windows\system32\catroot --------- 4096  
     31.05.2012 11:08     C:\Windows\system32\DriverStore --------- 4096  
     31.05.2012 09:44     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 21072  
     31.05.2012 09:44     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 21072  
     31.05.2012 09:41     C:\Windows\system32\perfh009.dat --------- 652390  
     31.05.2012 09:41     C:\Windows\system32\perfc009.dat --------- 121064  
     31.05.2012 09:41     C:\Windows\system32\perfh007.dat --------- 697072  
     31.05.2012 09:41     C:\Windows\system32\perfc007.dat --------- 148110  
     31.05.2012 09:41     C:\Windows\system32\PerfStringBackup.INI --------- 1614036  
     31.05.2012 01:02     C:\Windows\system32\config --------- 16384  
     26.05.2012 15:50     C:\Windows\system32\catroot2 --------- 20480  
     09.05.2012 03:23     C:\Windows\system32\FNTCACHE.DAT --------- 319144  
     31.05.2012 11:08     C:\Windows\system32\drivers --------- 65536  
     09.05.2012 03:06     C:\Windows\system32\MRT.exe --------- 57848688  
     01.05.2012 12:22     C:\Windows\system32\Tasks --------- 4096  
     27.04.2012 11:47     C:\Windows\system32\DRVSTORE --------- 0  
     15.04.2012 19:53     C:\Windows\system32\migration --------- 4096  
     31.03.2012 08:05     C:\Windows\system32\ntoskrnl.exe --------- 5559664  
     31.03.2012 05:10     C:\Windows\system32\win32k.sys --------- 3146240  
     20.03.2012 13:11     C:\Windows\system32\mfevtps.exe --------- 162192  
     03.03.2012 08:35     C:\Windows\system32\DWrite.dll --------- 1544704  
     01.03.2012 08:38     C:\Windows\system32\wintrust.dll --------- 220672  
     01.03.2012 08:33     C:\Windows\system32\imagehlp.dll --------- 81408  
     01.03.2012 08:28     C:\Windows\system32\wmi.dll --------- 5120  
     28.02.2012 09:34     C:\Windows\system32\mshtml.dll --------- 17790976  
     28.02.2012 09:02     C:\Windows\system32\ieframe.dll --------- 10888704  
     28.02.2012 08:56     C:\Windows\system32\jscript9.dll --------- 2311168  
     28.02.2012 08:50     C:\Windows\system32\urlmon.dll --------- 1345536  
     28.02.2012 08:49     C:\Windows\system32\wininet.dll --------- 1390080  
     28.02.2012 08:48     C:\Windows\system32\inetcpl.cpl --------- 1493504  
     28.02.2012 08:48     C:\Windows\system32\url.dll --------- 237056  
     28.02.2012 08:47     C:\Windows\system32\jsproxy.dll --------- 85504  
     28.02.2012 08:45     C:\Windows\system32\jscript.dll --------- 818688  
     28.02.2012 08:43     C:\Windows\system32\mshtmled.dll --------- 96256  
     28.02.2012 08:43     C:\Windows\system32\iertutil.dll --------- 2144256  
     28.02.2012 08:42     C:\Windows\system32\mshtml.tlb --------- 2382848  
     28.02.2012 08:39     C:\Windows\system32\ieui.dll --------- 248320  
     17.02.2012 08:38     C:\Windows\system32\rdpcore.dll --------- 1031680  
     15.02.2012 11:01     C:\Windows\system32\usbaaplrc.dll --------- 4547944  
     07.02.2012 15:32     C:\Windows\system32\steam_api.dll --------- 64000  
     25.01.2012 08:38     C:\Windows\system32\rdpwsx.dll --------- 77312  
     25.01.2012 08:38     C:\Windows\system32\rdpcorekmts.dll --------- 149504  
     25.01.2012 08:33     C:\Windows\system32\rdrmemptylst.exe --------- 9216  
     21.01.2012 22:15     C:\Windows\system32\LogFiles --------- 4096  
     04.01.2012 12:44     C:\Windows\system32\shell32.dll --------- 14172672  
     04.01.2012 12:44     C:\Windows\system32\ntshrui.dll --------- 509952  
     04.01.2012 11:44     C:\Windows\system32\NDF --------- 4096  
     30.12.2011 08:26     C:\Windows\system32\timedate.cpl --------- 515584  
     22.12.2011 19:30     C:\Windows\system32\de-DE --------- 327680  
     16.12.2011 10:46     C:\Windows\system32\msvcrt.dll --------- 634880  
     19.11.2011 16:58     C:\Windows\system32\packager.dll --------- 77312  
     17.11.2011 08:41     C:\Windows\system32\ntdll.dll --------- 1731920  
     17.11.2011 08:35     C:\Windows\system32\webio.dll --------- 395776  
     17.11.2011 08:35     C:\Windows\system32\sspisrv.dll --------- 29184  
     17.11.2011 08:35     C:\Windows\system32\sspicli.dll --------- 136192  
     17.11.2011 08:35     C:\Windows\system32\secur32.dll --------- 28160  
     17.11.2011 08:35     C:\Windows\system32\schannel.dll --------- 340992  
     17.11.2011 08:35     C:\Windows\system32\lsasrv.dll --------- 1447936  
     17.11.2011 08:33     C:\Windows\system32\lsass.exe --------- 31232  
     05.11.2011 07:32     C:\Windows\system32\tzres.dll --------- 2048  
     01.11.2011 20:02     C:\Windows\system32\wdi --------- 4096  
     30.10.2011 16:19     C:\Windows\system32\license.rtf --------- 159772  
     30.10.2011 15:16     C:\Windows\system32\oem --------- 4096  
     30.10.2011 14:38     C:\Windows\system32\Macromed --------- 0  
     26.10.2011 07:25     C:\Windows\system32\quartz.dll --------- 1572864  
     26.10.2011 07:25     C:\Windows\system32\qdvd.dll --------- 366592  
     26.10.2011 07:21     C:\Windows\system32\csrsrv.dll --------- 43520  
     25.10.2011 05:46     C:\Windows\system32\Boot --------- 0  
     25.10.2011 05:45     C:\Windows\system32\prevhost.exe --------- 31232  
     25.10.2011 05:45     C:\Windows\system32\msscntrs.dll --------- 75264  
     25.10.2011 05:45     C:\Windows\system32\mssph.dll --------- 491520  
     25.10.2011 05:45     C:\Windows\system32\SearchFilterHost.exe --------- 113664  
     25.10.2011 05:45     C:\Windows\system32\tquery.dll --------- 2315776  
     25.10.2011 05:45     C:\Windows\system32\mssphtb.dll --------- 288256  
     25.10.2011 05:45     C:\Windows\system32\mssrch.dll --------- 2223616  
     25.10.2011 05:45     C:\Windows\system32\mssvp.dll --------- 778752  
     25.10.2011 05:45     C:\Windows\system32\SearchIndexer.exe --------- 591872  
     25.10.2011 05:45     C:\Windows\system32\SearchProtocolHost.exe --------- 249856  
     25.10.2011 05:45     C:\Windows\system32\XpsGdiConverter.dll --------- 476160  
     25.10.2011 05:45     C:\Windows\system32\inetcomm.dll --------- 976896  
     25.10.2011 05:45     C:\Windows\system32\mfc42.dll --------- 1395712  
     25.10.2011 05:45     C:\Windows\system32\mfc42u.dll --------- 1359872  
     25.10.2011 05:45     C:\Windows\system32\umpnpmgr.dll --------- 404480  
     25.10.2011 05:45     C:\Windows\system32\atmfd.dll --------- 367616  
     25.10.2011 05:45     C:\Windows\system32\fontsub.dll --------- 100864  
     25.10.2011 05:45     C:\Windows\system32\atmlib.dll --------- 46080  
     25.10.2011 05:45     C:\Windows\system32\d3d10_1.dll --------- 197120  
     25.10.2011 05:45     C:\Windows\system32\FntCache.dll --------- 1139200  
     25.10.2011 05:45     C:\Windows\system32\d2d1.dll --------- 902656  
     25.10.2011 05:45     C:\Windows\system32\kerberos.dll --------- 715776  
     25.10.2011 05:45     C:\Windows\system32\ntvdm64.dll --------- 16384  
     25.10.2011 05:45     C:\Windows\system32\wow64win.dll --------- 362496  
     25.10.2011 05:45     C:\Windows\system32\wow64cpu.dll --------- 13312  
     25.10.2011 05:45     C:\Windows\system32\wow64.dll --------- 243200  
     25.10.2011 05:45     C:\Windows\system32\winsrv.dll --------- 214528  
     25.10.2011 05:45     C:\Windows\system32\KernelBase.dll --------- 421888  
     25.10.2011 05:45     C:\Windows\system32\kernel32.dll --------- 1162752  
     25.10.2011 05:45     C:\Windows\system32\conhost.exe --------- 338432  
     25.10.2011 05:45     C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072  
     25.10.2011 05:45     C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096  
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
     31.05.2012 11:09     C:\Windows\Prefetch\CMD.EXE-0BD30981.pf --------- 8090  
     31.05.2012 11:09     C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf --------- 15606  
     31.05.2012 11:08     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf --------- 16838  
     31.05.2012 11:08     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf --------- 22760  
     31.05.2012 11:08     C:\Windows\Prefetch\WINRAR.EXE-BA8CDB31.pf --------- 55092  
     31.05.2012 11:08     C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf --------- 181534  
     31.05.2012 11:08     C:\Windows\Prefetch\DTSOFTBUSINST64.EXE-C9527722.pf --------- 32112  
     31.05.2012 11:08     C:\Windows\Prefetch\DRVINST.EXE-39D9EAC7.pf --------- 71912  
     31.05.2012 11:08     C:\Windows\Prefetch\RUNDLL32.EXE-0D53616E.pf --------- 10348  
     31.05.2012 11:08     C:\Windows\Prefetch\AU_.EXE-005F3AFB.pf --------- 61254  
     31.05.2012 11:08     C:\Windows\Prefetch\DLLHOST.EXE-851C5C91.pf --------- 22438  
     31.05.2012 11:08     C:\Windows\Prefetch\REGSVR32.EXE-03D3FB87.pf --------- 40310  
     31.05.2012 11:08     C:\Windows\Prefetch\REGSVR32.EXE-B31EC963.pf --------- 41148  
     31.05.2012 11:07     C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf --------- 459286  
     31.05.2012 11:07     C:\Windows\Prefetch\UNINST.EXE-0B47F281.pf --------- 27256  
     31.05.2012 11:07     C:\Windows\Prefetch\DLLHOST.EXE-D9DCD0F3.pf --------- 28824  
     31.05.2012 11:04     C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf --------- 217666  
     31.05.2012 11:01     C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf --------- 221894  
     31.05.2012 11:01     C:\Windows\Prefetch\OTL.EXE-EEF20A1A.pf --------- 43474  
     31.05.2012 11:01     C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf --------- 42360  
     31.05.2012 10:48     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1822542  
     31.05.2012 10:48     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 382462  
     31.05.2012 10:48     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 4826329  
     31.05.2012 10:48     C:\Windows\Prefetch\AgRobust.db --------- 209080  
     31.05.2012 10:47     C:\Windows\Prefetch\MCODS.EXE-2005F4F8.pf --------- 213288  
     31.05.2012 10:27     C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf --------- 25376  
     31.05.2012 10:27     C:\Windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf --------- 21518  
     31.05.2012 10:27     C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf --------- 22090  
     31.05.2012 10:27     C:\Windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf --------- 48242  
     31.05.2012 10:25     C:\Windows\Prefetch\HIJACKTHIS204(1).EXE-DC443C31.pf --------- 36494  
     31.05.2012 10:16     C:\Windows\Prefetch\ITUNES.EXE-3ADE145E.pf --------- 217440  
     31.05.2012 10:15     C:\Windows\Prefetch\MDCRASHREPORTTOOL.EXE-5B711F61.pf --------- 51216  
     31.05.2012 10:15     C:\Windows\Prefetch\APPLEMOBILEBACKUP.EXE-5A3FF7FD.pf --------- 50372  
     31.05.2012 10:15     C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-D37241ED.pf --------- 41466  
     31.05.2012 10:15     C:\Windows\Prefetch\SYNCSERVER.EXE-CC074549.pf --------- 58276  
     31.05.2012 10:15     C:\Windows\Prefetch\ATH.EXE-EA0D6A86.pf --------- 45836  
     31.05.2012 10:15     C:\Windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf --------- 24676  
     31.05.2012 10:13     C:\Windows\Prefetch\MCUPDATE.EXE-7584575A.pf --------- 62552  
     31.05.2012 10:09     C:\Windows\Prefetch\DISTNOTED.EXE-BA71F399.pf --------- 22362  
     31.05.2012 10:09     C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-D36FFDFF.pf --------- 49230  
     31.05.2012 10:09     C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-4F1A260C.pf --------- 63030  
     31.05.2012 10:00     C:\Windows\Prefetch\SDCLT.EXE-94EAE077.pf --------- 4056  
     31.05.2012 09:52     C:\Windows\Prefetch\DLLHOST.EXE-D49D3641.pf --------- 23212  
     31.05.2012 09:50     C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf --------- 12470  
     31.05.2012 09:48     C:\Windows\Prefetch\AGENT.EXE-196AAF28.pf --------- 45246  
     31.05.2012 09:48     C:\Windows\Prefetch\DIABLO III.EXE-B300AA81.pf --------- 213476  
     31.05.2012 09:48     C:\Windows\Prefetch\BLIZZARD LAUNCHER.EXE-4AA14117.pf --------- 86206  
     31.05.2012 09:48     C:\Windows\Prefetch\DIABLO III LAUNCHER.EXE-127D94CB.pf --------- 47652  
     31.05.2012 09:48     C:\Windows\Prefetch\BLIZZARD LAUNCHER.EXE-290514EE.pf --------- 24592  
     31.05.2012 09:48     C:\Windows\Prefetch\AGENT.EXE-60E61D9D.pf --------- 37806  
     31.05.2012 09:44     C:\Windows\Prefetch\UPDATER.EXE-A8C477C0.pf --------- 19764  
     31.05.2012 09:44     C:\Windows\Prefetch\SKYPE.EXE-A716A034.pf --------- 191212  
     31.05.2012 09:42     C:\Windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf --------- 37866  
     31.05.2012 09:42     C:\Windows\Prefetch\MCSMTFWK.EXE-74FB5724.pf --------- 86450  
     31.05.2012 09:42     C:\Windows\Prefetch\MCOCROLLBACK.EXE-859500FC.pf --------- 55030  
     31.05.2012 09:42     C:\Windows\Prefetch\MCUICNT.EXE-724FFEE9.pf --------- 117508  
     31.05.2012 09:42     C:\Windows\Prefetch\MCINSTRU.EXE-2A42CDBC.pf --------- 29012  
     31.05.2012 09:42     C:\Windows\Prefetch\JAVA.EXE-2AB52D6A.pf --------- 21432  
     31.05.2012 09:41     C:\Windows\Prefetch\MCHOST.EXE-DF335CC7.pf --------- 151670  
     31.05.2012 09:41     C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf --------- 42278  
     31.05.2012 09:39     C:\Windows\Prefetch\WMPNETWK.EXE-F6E20E14.pf --------- 85780  
     31.05.2012 09:39     C:\Windows\Prefetch\SPPSVC.EXE-96070FE0.pf --------- 12018  
     31.05.2012 09:39     C:\Windows\Prefetch\NASVC.EXE-71531C34.pf --------- 25336  
     31.05.2012 09:39     C:\Windows\Prefetch\IASTORDATAMGRSVC.EXE-C93872B4.pf --------- 123464  
     31.05.2012 09:39     C:\Windows\Prefetch\ROXWATCH12OEM.EXE-D592B6FE.pf --------- 47438  
     31.05.2012 09:39     C:\Windows\Prefetch\MSCORSVW.EXE-16B291C4.pf --------- 13846  
     31.05.2012 09:39     C:\Windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf --------- 14642  
     31.05.2012 09:38     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-6B605020.pf --------- 78936  
     31.05.2012 09:38     C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-AB1765B5.pf --------- 65380  
     31.05.2012 09:38     C:\Windows\Prefetch\ReadyBoot --------- 0  
     31.05.2012 01:02     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  
     31.05.2012 01:02     C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf --------- 17774  
     31.05.2012 01:02     C:\Windows\Prefetch\CLI.EXE-7167FFDF.pf --------- 9398  
     31.05.2012 00:50     C:\Windows\Prefetch\MCHLP32.EXE-BDF7A1DB.pf --------- 59742  
     31.05.2012 00:50     C:\Windows\Prefetch\MCSYNC.EXE-9D7C7E1C.pf --------- 66400  
     31.05.2012 00:50     C:\Windows\Prefetch\MCINFO.EXE-6C8252E7.pf --------- 110424  
     31.05.2012 00:44     C:\Windows\Prefetch\FIREFOX.EXE-359C61A4.pf --------- 370822  
     30.05.2012 22:01     C:\Windows\Prefetch\WORLDOFTANKS.EXE-9AEC4D17.pf --------- 141114  
     30.05.2012 22:01     C:\Windows\Prefetch\WOTLAUNCHER.EXE-64AD3F8D.pf --------- 114632  
     30.05.2012 21:47     C:\Windows\Prefetch\SNDVOL.EXE-425BC49B.pf --------- 26854  
     30.05.2012 21:47     C:\Windows\Prefetch\PMB.EXE-B9083A8E.pf --------- 77032  
     30.05.2012 21:06     C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-32BFDC17.pf --------- 272280  
     30.05.2012 20:13     C:\Windows\Prefetch\LOLCLIENT.EXE-FD3706B2.pf --------- 194844  
     30.05.2012 20:13     C:\Windows\Prefetch\LOLLAUNCHER.EXE-0A71A40D.pf --------- 68074  
     30.05.2012 20:13     C:\Windows\Prefetch\RADS_USER_KERNEL.EXE-8E5A2848.pf --------- 41096  
     30.05.2012 20:13     C:\Windows\Prefetch\LOL.LAUNCHER.EXE-C26B2E58.pf --------- 20358  
     30.05.2012 20:03     C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf --------- 15190  
     30.05.2012 19:55     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3800139121-2929270241-2113174229-1000.db --------- 965029  
     30.05.2012 19:55     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3800139121-2929270241-2113174229-1000.db --------- 3323813  
     30.05.2012 19:54     C:\Windows\Prefetch\MCSVRCNT.EXE-4914669B.pf --------- 47154  
     30.05.2012 19:54     C:\Windows\Prefetch\MCINSUPD.EXE-616C7579.pf --------- 15848  
     30.05.2012 19:54     C:\Windows\Prefetch\HWUPDCHK.EXE-D91D03E3.pf --------- 50424  
     30.05.2012 19:54     C:\Windows\Prefetch\MCUPDMGR.EXE-80D5DADE.pf --------- 287650  
     30.05.2012 19:54     C:\Windows\Prefetch\MCVSMAP.EXE-F42DC9ED.pf --------- 32176  
     30.05.2012 19:25     C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf --------- 17646  
     30.05.2012 19:25     C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf --------- 24564  
     30.05.2012 19:24     C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf --------- 51840  
     30.05.2012 19:18     C:\Windows\Prefetch\SVCHOST.EXE-67EC2DA7.pf --------- 16906  
     30.05.2012 19:17     C:\Windows\Prefetch\DEFRAG.EXE-3D9E8D72.pf --------- 3480  
     30.05.2012 19:14     C:\Windows\Prefetch\Layout.ini --------- 634122  
     30.05.2012 17:49     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf --------- 264252  
     30.05.2012 17:41     C:\Windows\Prefetch\WSQMCONS.EXE-4048402C.pf --------- 22590  
     30.05.2012 17:40     C:\Windows\Prefetch\HELPPANE.EXE-2CB7BD18.pf --------- 77352  
     30.05.2012 17:38     C:\Windows\Prefetch\RUNDLL32.EXE-39B6501E.pf --------- 22008  
     30.05.2012 17:38     C:\Windows\Prefetch\MMLOADDRV.EXE-DBFE6C25.pf --------- 32650  
     30.05.2012 11:56     C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf --------- 54416  
     30.05.2012 10:15     C:\Windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf --------- 35472  
     30.05.2012 10:06     C:\Windows\Prefetch\AgCx_SC1.db --------- 676956  
     30.05.2012 10:05     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 20262  
     30.05.2012 05:08     C:\Windows\Prefetch\MCSMTFWK.EXE-D14D7D61.pf --------- 97428  
     30.05.2012 05:08     C:\Windows\Prefetch\MCUICNT.EXE-43D768AA.pf --------- 120258  
     30.05.2012 03:48     C:\Windows\Prefetch\MCAGENT.EXE-E4C61513.pf --------- 148254  
     30.05.2012 03:29     C:\Windows\Prefetch\RUNDLL32.EXE-6FD72002.pf --------- 151988  
     30.05.2012 03:23     C:\Windows\Prefetch\MCSVRCNT.EXE-ECC2405E.pf --------- 47126  
     30.05.2012 03:23     C:\Windows\Prefetch\MCINFO.EXE-640DD0DA.pf --------- 148526  
     30.05.2012 03:11     C:\Windows\Prefetch\VLC.EXE-5F2E6616.pf --------- 143682  
     29.05.2012 10:42     C:\Windows\Prefetch\POWERCFG.EXE-954C9186.pf --------- 11758  
     29.05.2012 04:27     C:\Windows\Prefetch\PING.EXE-4A8A6853.pf --------- 15656  
     29.05.2012 04:27     C:\Windows\Prefetch\SDIAGNHOST.EXE-B3171AA1.pf --------- 128028  
     29.05.2012 04:27     C:\Windows\Prefetch\W32TM.EXE-C4E0F88E.pf --------- 15374  
     29.05.2012 04:27     C:\Windows\Prefetch\CSC.EXE-0E09149C.pf --------- 47742  
     29.05.2012 04:27     C:\Windows\Prefetch\CVTRES.EXE-F4BA0E72.pf --------- 12574  
     26.05.2012 15:51     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2769450  
     15.03.2012 12:05     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3800139121-2929270241-2113174229-1000.snp.db --------- 2065737  
     30.10.2011 14:20     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
     31.05.2012 10:27     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1110  
     31.05.2012 09:37     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1106  
     31.05.2012 09:37     C:\Windows\Tasks\SA.DAT --------- 6  
     05.04.2012 21:04     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
    ----------------------------------------
    
     
    C:\Windows\Temp
    
     30.05.2012 17:55     C:\Windows\Temp\fwtsqmfile08.sqm --------- 608  
     29.05.2012 08:41     C:\Windows\Temp\fwtsqmfile07.sqm --------- 608  
     28.05.2012 21:35     C:\Windows\Temp\fwtsqmfile06.sqm --------- 608  
     27.05.2012 21:02     C:\Windows\Temp\fwtsqmfile05.sqm --------- 608  
     27.05.2012 15:08     C:\Windows\Temp\fwtsqmfile04.sqm --------- 608  
     27.05.2012 06:29     C:\Windows\Temp\fwtsqmfile03.sqm --------- 608  
     26.05.2012 15:51     C:\Windows\Temp\fwtsqmfile02.sqm --------- 608  
     25.05.2012 17:11     C:\Windows\Temp\fwtsqmfile01.sqm --------- 608  
     25.05.2012 14:15     C:\Windows\Temp\mcafee_M9cSjhutuHYr3nj --------- 2048  
     25.05.2012 10:29     C:\Windows\Temp\fwtsqmfile00.sqm --------- 608  
     24.05.2012 18:39     C:\Windows\Temp\fwtsqmfile19.sqm --------- 608  
     24.05.2012 12:22     C:\Windows\Temp\fwtsqmfile18.sqm --------- 608  
     24.05.2012 04:26     C:\Windows\Temp\fwtsqmfile17.sqm --------- 608  
     22.05.2012 14:48     C:\Windows\Temp\CRF001 --------- 4096  
     22.05.2012 06:33     C:\Windows\Temp\fwtsqmfile16.sqm --------- 608  
     22.05.2012 00:13     C:\Windows\Temp\CRF000 --------- 4096  
     21.05.2012 21:15     C:\Windows\Temp\fwtsqmfile15.sqm --------- 608  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120521_114640943.html --------- 95226  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120521_114640943-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-MSP0.txt --------- 334242  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120521_114640943-MSI_vc_red.msi.txt --------- 370284  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.30319 --------- 0  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20120521_114633548.html --------- 100626  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20120521_114633548-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319-MSP0.txt --------- 309614  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20120521_114633548-MSI_vc_red.msi.txt --------- 345986  
     21.05.2012 11:46     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.30319 --------- 0  
     21.05.2012 11:46     C:\Windows\Temp\Silverlight0.log --------- 3292  
     21.05.2012 11:46     C:\Windows\Temp\SilverlightMSI.log --------- 2803900  
     20.05.2012 21:15     C:\Windows\Temp\fwtsqmfile14.sqm --------- 608  
     17.05.2012 17:23     C:\Windows\Temp\fwtsqmfile13.sqm --------- 608  
     10.05.2012 19:01     C:\Windows\Temp\fwtsqmfile12.sqm --------- 608  
     09.05.2012 20:44     C:\Windows\Temp\fwtsqmfile11.sqm --------- 608  
     09.05.2012 05:24     C:\Windows\Temp\fwtsqmfile10.sqm --------- 608  
     09.05.2012 03:06     C:\Windows\Temp\KB2656405_20120509_030415665.html --------- 58476  
     09.05.2012 03:06     C:\Windows\Temp\KB2656405_20120509_030415665-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 22037898  
     09.05.2012 03:04     C:\Windows\Temp\KB2656405_10.0.30319 --------- 0  
     09.05.2012 03:04     C:\Windows\Temp\dd_clwireg.txt --------- 33726  
     09.05.2012 03:04     C:\Windows\Temp\KB2604121_20120509_030126802.html --------- 58208  
     09.05.2012 03:04     C:\Windows\Temp\KB2604121_20120509_030126802-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 21030692  
     09.05.2012 03:01     C:\Windows\Temp\KB2604121_10.0.30319 --------- 0  
     08.05.2012 21:11     C:\Windows\Temp\fwtsqmfile09.sqm --------- 608  
     08.05.2012 03:01     C:\Windows\Temp\dd_vcredistUI2040.txt --------- 220750  
     08.05.2012 03:01     C:\Windows\Temp\dd_vcredistMSI2040.txt --------- 437928  
     08.05.2012 03:01     C:\Windows\Temp\mavcperf-setup.log --------- 7630  
     04.05.2012 02:32     C:\Windows\Temp\mcafee_YBHctJgcKJqg9JT --------- 2048  
     12.04.2012 10:33     C:\Windows\Temp\KB2656368_20120412_103146810.html --------- 58894  
     12.04.2012 10:33     C:\Windows\Temp\KB2656368_20120412_103146810-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 19574866  
     12.04.2012 10:31     C:\Windows\Temp\KB2656368_10.0.30319 --------- 0  
     05.04.2012 23:09     C:\Windows\Temp\mcafee_8RmyiJwHl6mRUG3 --------- 2048  
     13.03.2012 10:21     C:\Windows\Temp\KB2600217_20120313_091836113.html --------- 61740  
     13.03.2012 10:21     C:\Windows\Temp\KB2600217_20120313_091836113-Microsoft .NET Framework 4 Extended-MSP1.txt --------- 4482228  
     13.03.2012 10:21     C:\Windows\Temp\ASPNETSetup_00003.log --------- 2702  
     13.03.2012 10:21     C:\Windows\Temp\ASPNETSetup_00002.log --------- 4436  
     13.03.2012 10:21     C:\Windows\Temp\RGIB04B.tmp --------- 10682  
     13.03.2012 10:21     C:\Windows\Temp\RGIB04B.tmp-tmp --------- 9248  
     13.03.2012 10:21     C:\Windows\Temp\dd_wcf_CA_smci_20120313_082119_960.txt --------- 4558  
     13.03.2012 10:21     C:\Windows\Temp\dd_wcf_CA_smci_20120313_082115_982.txt --------- 5592  
     13.03.2012 10:21     C:\Windows\Temp\KB2600217_20120313_091836113-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 15016002  
     13.03.2012 10:18     C:\Windows\Temp\KB2600217_10.0.30319 --------- 0  
     07.03.2012 01:37     C:\Windows\Temp\SDIAG_90ef34f1-7bf7-4adb-8377-e8fca06edc6a --------- 8192  
     07.03.2012 01:37     C:\Windows\Temp\SDIAG_f6b396a4-b45d-44ad-bab7-7b97cfbd98b6 --------- 8192  
     19.02.2012 20:37     C:\Windows\Temp\mcafee_zhEYHDiDKBs9Ah5 --------- 0  
     15.02.2012 20:18     C:\Windows\Temp\KB2633870_20120215_191657938.html --------- 59304  
     15.02.2012 20:18     C:\Windows\Temp\KB2633870_20120215_191657938-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 14077028  
     15.02.2012 20:16     C:\Windows\Temp\KB2633870_10.0.30319 --------- 0  
     11.01.2012 15:34     C:\Windows\Temp\KB2656351_20120111_143238733.html --------- 62402  
     11.01.2012 15:34     C:\Windows\Temp\KB2656351_20120111_143238733-Microsoft .NET Framework 4 Extended-MSP1.txt --------- 4210158  
     11.01.2012 15:34     C:\Windows\Temp\ASPNETSetup_00001.log --------- 2702  
     11.01.2012 15:34     C:\Windows\Temp\ASPNETSetup_00000.log --------- 4436  
     11.01.2012 15:34     C:\Windows\Temp\RGI8A1A.tmp-tmp --------- 9248  
     11.01.2012 15:34     C:\Windows\Temp\RGI8A1A.tmp --------- 10682  
     11.01.2012 15:34     C:\Windows\Temp\dd_wcf_CA_smci_20120111_133411_834.txt --------- 4558  
     11.01.2012 15:34     C:\Windows\Temp\dd_wcf_CA_smci_20120111_133409_962.txt --------- 5592  
     11.01.2012 15:33     C:\Windows\Temp\KB2656351_20120111_143238733-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 13237834  
     11.01.2012 15:32     C:\Windows\Temp\KB2656351_10.0.30319 --------- 0  
     27.12.2011 09:51     C:\Windows\Temp\mcafee_yZ1CBpEY7z4qygQ --------- 2048  
     26.11.2011 16:52     C:\Windows\Temp\mcafee_GobtjdOXEBv4ity --------- 2048  
     31.10.2011 15:12     C:\Windows\Temp\mcafee_mJkhw3LgEDlB30z --------- 2048  
     30.10.2011 22:15     C:\Windows\Temp\KB2572078_20111030_211326686.html --------- 55630  
     30.10.2011 22:15     C:\Windows\Temp\KB2572078_20111030_211326686-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 12389858  
     30.10.2011 22:13     C:\Windows\Temp\KB2572078_10.0.30319 --------- 0  
     24.10.2011 22:44     C:\Windows\Temp\SEP4BFD.tmp --------- 0  
     11.02.2011 12:17     C:\Windows\Temp\FXSAPIDebugLogFile.txt --------- 0  
     11.02.2011 12:17     C:\Windows\Temp\FXSTIFFDebugLogFile.txt --------- 0  
     11.02.2011 12:16     C:\Windows\Temp\TS_6FBF.tmp --------- 196608  
     11.02.2011 12:16     C:\Windows\Temp\TS_6B98.tmp --------- 720896  
     11.02.2011 12:16     C:\Windows\Temp\TS_69C2.tmp --------- 262144  
     11.02.2011 12:16     C:\Windows\Temp\TS_65D9.tmp --------- 458752  
     11.02.2011 12:16     C:\Windows\Temp\TS_64AF.tmp --------- 196608  
     11.02.2011 12:16     C:\Windows\Temp\TS_6134.tmp --------- 196608  
     11.02.2011 12:16     C:\Windows\Temp\TS_5BD4.tmp --------- 458752  
     11.02.2011 12:16     C:\Windows\Temp\TS_5952.tmp --------- 262144  
     11.02.2011 12:15     C:\Windows\Temp\DMIDE26.tmp --------- 0  
    ----------------------------------------
    
     
    C:\Users\xxx\AppData\Local\Temp
    
     31.05.2012 11:08     C:\Users\\AppData\Local\Temp\WPDNSE --------- 0  
     31.05.2012 11:07     C:\Users\\AppData\Local\Temp\~nsu.tmp --------- 0  
     31.05.2012 10:16     C:\Users\\AppData\Local\Temp\plugtmp-41 --------- 0  
     31.05.2012 09:42     C:\Users\\AppData\Local\Temp\jusched.log --------- 348415  
     27.05.2012 15:23     C:\Users\\AppData\Local\Temp\plugtmp-40 --------- 0  
     27.05.2012 03:23     C:\Users\\AppData\Local\Temp\hsperfdata_ --------- 0  
     25.05.2012 01:12     C:\Users\\AppData\Local\Temp\Blizzard --------- 0  
     25.05.2012 01:09     C:\Users\\AppData\Local\Temp\plugtmp-39 --------- 0  
     23.05.2012 09:54     C:\Users\\AppData\Local\Temp\plugtmp-38 --------- 0  
     21.05.2012 21:15     C:\Users\\AppData\Local\Temp\plugtmp-37 --------- 0  
     21.05.2012 09:24     C:\Users\\AppData\Local\Temp\plugtmp-36 --------- 0  
     20.05.2012 20:52     C:\Users\\AppData\Local\Temp\Origin --------- 0  
     18.05.2012 16:36     C:\Users\\AppData\Local\Temp\nskE92C.tmp --------- 0  
     18.05.2012 16:36     C:\Users\\AppData\Local\Temp\nszDDA7.tmp --------- 0  
     18.05.2012 16:36     C:\Users\\AppData\Local\Temp\nskDA3E.tmp --------- 0  
     18.05.2012 13:59     C:\Users\\AppData\Local\Temp\nero.connectortmp --------- 0  
     16.05.2012 09:51     C:\Users\\AppData\Local\Temp\plugtmp-35 --------- 0  
     16.05.2012 00:54     C:\Users\\AppData\Local\Temp\dd_vcredistUI3024.txt --------- 11230  
     16.05.2012 00:54     C:\Users\\AppData\Local\Temp\dd_vcredistMSI3024.txt --------- 369130  
     16.05.2012 00:53     C:\Users\\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile --------- 0  
     15.05.2012 12:48     C:\Users\\AppData\Local\Temp\mozilla-media-cache --------- 0  
     10.05.2012 09:54     C:\Users\\AppData\Local\Temp\05100954-0000155c-l4r5xrdq3k --------- 0  
     08.05.2012 22:13     C:\Users\\AppData\Local\Temp\plugtmp-34 --------- 0  
     07.05.2012 19:43     C:\Users\\AppData\Local\Temp\wls7973.tmp --------- 71631  
     07.05.2012 19:43     C:\Users\\AppData\Local\Temp\wls7915.tmp --------- 63  
     06.05.2012 16:08     C:\Users\\AppData\Local\Temp\ISAE_3420_-_Final.pdf --------- 751667  
     05.05.2012 15:28     C:\Users\\AppData\Local\Temp\plugtmp-33 --------- 0  
     01.05.2012 12:22     C:\Users\\AppData\Local\Temp\JAUReg.log --------- 682  
     01.05.2012 12:22     C:\Users\\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 549  
     01.05.2012 12:22     C:\Users\\AppData\Local\Temp\java_install_reg.log --------- 12504  
     01.05.2012 12:22     C:\Users\\AppData\Local\Temp\java_install.log --------- 28891  
     01.05.2012 11:57     C:\Users\\AppData\Local\Temp\java_install_sp.log --------- 2708  
     01.05.2012 11:57     C:\Users\\AppData\Local\Temp\ASK7CA8.tmp --------- 114344  
     01.05.2012 11:56     C:\Users\\AppData\Local\Temp\jinstall.cfg --------- 1348  
     30.04.2012 22:32     C:\Users\\AppData\Local\Temp\CVHLauncher(201204302232161A00).log --------- 2  
     27.04.2012 11:58     C:\Users\\AppData\Local\Temp\DMIA38F.tmp --------- 0  
     27.04.2012 11:46     C:\Users\\AppData\Local\Temp\SetupAdmin15FC.log --------- 1421770  
     26.04.2012 19:36     C:\Users\\AppData\Local\Temp\BF2.dir --------- 0  
     26.04.2012 19:35     C:\Users\\AppData\Local\Temp\BF2.tmp --------- 0  
     26.04.2012 13:03     C:\Users\\AppData\Local\Temp\plugtmp-32 --------- 0  
     24.04.2012 11:44     C:\Users\\AppData\Local\Temp\Setup Log 2012-04-24 #001.txt --------- 77793  
     24.04.2012 01:34     C:\Users\\AppData\Local\Temp\plugtmp-31 --------- 0  
     20.04.2012 18:41     C:\Users\\AppData\Local\Temp\wmsetup.log --------- 3609  
     19.04.2012 12:49     C:\Users\\AppData\Local\Temp\B02C.dir --------- 0  
     19.04.2012 12:49     C:\Users\\AppData\Local\Temp\B02C.tmp --------- 0  
     17.04.2012 19:03     C:\Users\\AppData\Local\Temp\plugtmp-30 --------- 0  
     17.04.2012 11:12     C:\Users\\AppData\Local\Temp\plugtmp-29 --------- 0  
     11.04.2012 10:03     C:\Users\\AppData\Local\Temp\plugtmp-28 --------- 0  
     05.04.2012 14:22     C:\Users\\AppData\Local\Temp\plugtmp-27 --------- 0  
     05.04.2012 13:50     C:\Users\\AppData\Local\Temp\scoped_dir32443 --------- 0  
     05.04.2012 13:50     C:\Users\\AppData\Local\Temp\scoped_dir31725 --------- 0  
     05.04.2012 13:50     C:\Users\\AppData\Local\Temp\scoped_dir19561 --------- 0  
     05.04.2012 13:50     C:\Users\\AppData\Local\Temp\scoped_dir32394 --------- 0  
     04.04.2012 22:21     C:\Users\\AppData\Local\Temp\plugtmp-26 --------- 0  
     23.03.2012 14:42     C:\Users\\AppData\Local\Temp\lslqxlf7.out --------- 691  
     23.03.2012 14:42     C:\Users\\AppData\Local\Temp\lslqxlf7.dll --------- 9728  
     23.03.2012 14:40     C:\Users\\AppData\Local\Temp\lslqxlf7.err --------- 0  
     23.03.2012 14:40     C:\Users\\AppData\Local\Temp\lslqxlf7.cmdline --------- 407  
     23.03.2012 14:40     C:\Users\\AppData\Local\Temp\lslqxlf7.0.cs --------- 14371  
     23.03.2012 14:40     C:\Users\\AppData\Local\Temp\lslqxlf7.tmp --------- 0  
     23.03.2012 14:29     C:\Users\\AppData\Local\Temp\SkypeSetup.exe --------- 24247944  
     22.03.2012 20:12     C:\Users\\AppData\Local\Temp\plugtmp-25 --------- 0  
     21.03.2012 10:45     C:\Users\\AppData\Local\Temp\pdo18FD.tmp --------- 0  
     15.03.2012 16:11     C:\Users\\AppData\Local\Temp\plugtmp-24 --------- 0  
     14.03.2012 05:02     C:\Users\\AppData\Local\Temp\plugtmp-23 --------- 0  
     07.03.2012 01:39     C:\Users\\AppData\Local\Temp\msdtadmin --------- 0  
     06.03.2012 22:59     C:\Users\\AppData\Local\Temp\pdo48A4.tmp --------- 0  
     25.02.2012 18:18     C:\Users\\AppData\Local\Temp\plugtmp-22 --------- 0  
     23.02.2012 20:34     C:\Users\\AppData\Local\Temp\scoped_dir25240 --------- 0  
     23.02.2012 19:56     C:\Users\\AppData\Local\Temp\scoped_dir17700 --------- 0  
     23.02.2012 19:42     C:\Users\\AppData\Local\Temp\scoped_dir14869 --------- 0  
     23.02.2012 19:41     C:\Users\\AppData\Local\Temp\scoped_dir25059 --------- 0  
     23.02.2012 19:41     C:\Users\\AppData\Local\Temp\scoped_dir14826 --------- 0  
     23.02.2012 13:20     C:\Users\\AppData\Local\Temp\plugtmp-21 --------- 0  
     22.02.2012 16:21     C:\Users\\AppData\Local\Temp\C88D.tmp --------- 0  
     22.02.2012 16:21     C:\Users\\AppData\Local\Temp\70BD.dir --------- 0  
     22.02.2012 16:21     C:\Users\\AppData\Local\Temp\70BD.tmp --------- 0  
     21.02.2012 22:08     C:\Users\\AppData\Local\Temp\DMID6B7.tmp --------- 0  
     21.02.2012 22:02     C:\Users\\AppData\Local\Temp\DMI35B7.tmp --------- 0  
     19.02.2012 20:12     C:\Users\\AppData\Local\Temp\scoped_dir6343 --------- 0  
     19.02.2012 20:12     C:\Users\\AppData\Local\Temp\scoped_dir32702 --------- 0  
     19.02.2012 20:12     C:\Users\\AppData\Local\Temp\scoped_dir6291 --------- 0  
     18.02.2012 03:11     C:\Users\\AppData\Local\Temp\plugtmp-20 --------- 0  
     17.02.2012 20:44     C:\Users\\AppData\Local\Temp\pdo229F.tmp --------- 0  
     15.02.2012 13:55     C:\Users\\AppData\Local\Temp\plugtmp-19 --------- 0  
     13.02.2012 15:07     C:\Users\\AppData\Local\Temp\AdobeARM.log --------- 46501  
     10.02.2012 13:42     C:\Users\\AppData\Local\Temp\{d884f082-00a8-4c65-ad4f-6164e2fbf317} --------- 0  
     10.02.2012 13:32     C:\Users\\AppData\Local\Temp\{c0089d6c-24a3-4af8-a380-7ff7f731257a} --------- 0  
     09.02.2012 21:42     C:\Users\\AppData\Local\Temp\F428DAF6.TMP --------- 145  
     07.02.2012 15:11     C:\Users\\AppData\Local\Temp\dd_vcredistUI0894.txt --------- 18408  
     07.02.2012 15:11     C:\Users\\AppData\Local\Temp\dd_vcredistMSI0894.txt --------- 585490  
     06.02.2012 01:49     C:\Users\\AppData\Local\Temp\plugtmp-18 --------- 0  
     05.02.2012 19:03     C:\Users\\AppData\Local\Temp\{5ba738e3-f278-4fa9-889d-72b3dbe6d217} --------- 0  
     05.02.2012 14:22     C:\Users\\AppData\Local\Temp\{68ecc82c-a8d8-4e48-8f05-2ed9c6987962} --------- 0  
     05.02.2012 14:04     C:\Users\\AppData\Local\Temp\{C4C206E1-D892-475A-85C4-D69B350F0960} --------- 0  
     04.02.2012 17:45     C:\Users\\AppData\Local\Temp\{FA4E8D9D-A67F-403D-A80D-D80D61C34369} --------- 0  
     03.02.2012 23:30     C:\Users\\AppData\Local\Temp\i4j_nlog_2 --------- 8949  
     03.02.2012 16:23     C:\Users\\AppData\Local\Temp\dat31E9.tmp --------- 85010  
     03.02.2012 10:32     C:\Users\\AppData\Local\Temp\plugtmp-17 --------- 0  
     02.02.2012 11:29     C:\Users\\AppData\Local\Temp\pdoE07D.tmp --------- 0  
     02.02.2012 04:00     C:\Users\\AppData\Local\Temp\plugtmp-16 --------- 0  
     01.02.2012 16:53     C:\Users\\AppData\Local\Temp\dat8B5D.tmp --------- 85010  
     01.02.2012 02:18     C:\Users\\AppData\Local\Temp\datED3F.tmp --------- 85010  
     31.01.2012 17:11     C:\Users\\AppData\Local\Temp\datC8BB.tmp --------- 85010  
     26.01.2012 02:49     C:\Users\\AppData\Local\Temp\scoped_dir10023 --------- 0  
     26.01.2012 02:49     C:\Users\\AppData\Local\Temp\scoped_dir29843 --------- 0  
     26.01.2012 02:49     C:\Users\\AppData\Local\Temp\scoped_dir9987 --------- 0  
     26.01.2012 02:48     C:\Users\\AppData\Local\Temp\Pando_WinCrash_012612_014852.zip --------- 28799  
     24.01.2012 16:19     C:\Users\\AppData\Local\Temp\plugtmp-15 --------- 0  
     21.01.2012 21:17     C:\Users\\AppData\Local\Temp\plugtmp-14 --------- 0  
     20.01.2012 15:19     C:\Users\\AppData\Local\Temp\datFDBE.tmp --------- 85010  
     19.01.2012 19:01     C:\Users\\AppData\Local\Temp\datCB59.tmp --------- 85010  
     18.01.2012 20:28     C:\Users\\AppData\Local\Temp\pdo9DB8.tmp --------- 0  
     18.01.2012 20:23     C:\Users\\AppData\Local\Temp\pdoD940.tmp --------- 0  
     18.01.2012 15:08     C:\Users\\AppData\Local\Temp\datB691.tmp --------- 85010  
     17.01.2012 22:12     C:\Users\\AppData\Local\Temp\plugtmp-13 --------- 0  
     16.01.2012 14:52     C:\Users\ppData\Local\Temp\dat201E.tmp --------- 85010  
     15.01.2012 18:42     C:\Users\r\AppData\Local\Temp\dat73FE.tmp --------- 85010  
     15.01.2012 17:16     C:\Users\\AppData\Local\Temp\nsk3844.tmp --------- 0  
     15.01.2012 17:16     C:\Users\AppData\Local\Temp\nsf1CB9.tmp --------- 0  
     15.01.2012 17:16     C:\Users\ppData\Local\Temp\nsa176C.tmp --------- 0  
     15.01.2012 17:16     C:\Users\\AppData\Local\Temp\OICE_E5F5B542-4B58-4D01-B35E-30AFA78683A4.0 --------- 0  
     15.01.2012 17:16     C:\Users\\AppData\Local\Temp\CVRDBD3.tmp.cvr --------- 0  
     14.01.2012 18:38     C:\Users\Data\Local\Temp\nsoCF94.tmp --------- 0  
     14.01.2012 18:38     C:\Users\pData\Local\Temp\nsjB4A5.tmp --------- 0  
     14.01.2012 18:38     C:\Users\ppData\Local\Temp\nsoAF48.tmp --------- 0  
     14.01.2012 15:10     C:\Users\pData\Local\Temp\datA3DF.tmp --------- 85010  
     13.01.2012 19:55     C:\Users\ppData\Local\Temp\plugtmp-12 --------- 0  
     13.01.2012 16:11     C:\Users\AppData\Local\Temp\dat4DC2.tmp --------- 85010  
     13.01.2012 10:40     C:\Users\pData\Local\Temp\OOBE(2012011309400315EC).log --------- 4444  
     13.01.2012 10:39     C:\Users\ppData\Local\Temp\OOBE(201201130939291734).log --------- 4444  
     12.01.2012 19:29     C:\Users\Data\Local\Temp\OOBE(20120112182902DC0).log --------- 4444  
     12.01.2012 09:54     C:\Users\pData\Local\Temp\dat7E62.tmp --------- 85010  
     11.01.2012 18:48     C:\Users\Data\Local\Temp\plugtmp-11 --------- 0  
     11.01.2012 17:54     C:\Users\Data\Local\Temp\CVHLauncher(2012011116034957C).log --------- 269  
     11.01.2012 17:43     C:\Users\pData\Local\Temp\CVR2646.tmp.cvr --------- 0  
     11.01.2012 17:15     C:\Users\ppData\Local\Temp\sammelSchein34a24c3d-f2f9-4f9f-b761-79178cbc74b3.pdf --------- 43628  
     11.01.2012 13:36     C:\Users\pData\Local\Temp\pdo781E.tmp --------- 0  
     11.01.2012 13:32     C:\Users\ppData\Local\Temp\pdo76B6.tmp --------- 0  
     10.01.2012 11:37     C:\Users\ppData\Local\Temp\datA9B6.tmp --------- 85010  
     09.01.2012 20:34     C:\Users\pData\Local\Temp\plugtmp-10 --------- 0  
     09.01.2012 18:37     C:\Users\pData\Local\Temp\scoped_dir19672 --------- 0  
     09.01.2012 18:37     C:\Users\pData\Local\Temp\scoped_dir2097 --------- 0  
     09.01.2012 18:37     C:\Users\ppData\Local\Temp\scoped_dir19604 --------- 0  
     09.01.2012 10:02     C:\Users\pData\Local\Temp\UCDebugger --------- 0  
     09.01.2012 10:02     C:\Users\Data\Local\Temp\dd_vcredistUI4253.txt --------- 11478  
     09.01.2012 10:02     C:\Users\ppData\Local\Temp\dd_vcredistMSI4253.txt --------- 380754  
     09.01.2012 10:02     C:\Users\ppData\Local\Temp\Epic-90c555c0-5d41-4756-8d21-80df9c12ef99 --------- 0  
     08.01.2012 14:34     C:\Users\pData\Local\Temp\AdobeARM_NotLocked.log --------- 792  
     06.01.2012 18:46     C:\Users\pData\Local\Temp\PDFC7F7.tmp --------- 47579  
     06.01.2012 18:44     C:\Users\ppData\Local\Temp\PDFA14.tmp --------- 47579  
     06.01.2012 17:05     C:\Users\ppData\Local\Temp\PDF3D8F.tmp --------- 40138  
     06.01.2012 17:04     C:\Users\ppData\Local\Temp\PDF60E6.tmp --------- 41515  
     06.01.2012 17:03     C:\Users\Data\Local\Temp\PDF6039.tmp --------- 40138  
     06.01.2012 14:39     C:\Users\\AppData\Local\Temp\plugtmp-9 --------- 0  
     06.01.2012 12:15     C:\Users\Data\Local\Temp\dat1D51.tmp --------- 85010  
     05.01.2012 16:33     C:\Users\AppData\Local\Temp\plugtmp-8 --------- 0  
     05.01.2012 12:25     C:\Users\pData\Local\Temp\datF3C.tmp --------- 85010  
     04.01.2012 13:18     C:\Users\pData\Local\Temp\CFGB56A.tmp --------- 123  
     04.01.2012 13:13     C:\Users\ppData\Local\Temp\Cab7686.tmp --------- 47186  
     04.01.2012 13:09     C:\Users\ppData\Local\Temp\{763CFC85-B5D1-4266-9C0B-E75CFA341A5F} --------- 0  
     04.01.2012 13:09     C:\Users\\AppData\Local\Temp\{5C491548-F099-49C1-BEA0-5006018B62CA} --------- 0  
     04.01.2012 13:07     C:\Users\AppData\Local\Temp\BingBarInstallerLogs --------- 0  
     04.01.2012 13:07     C:\Users\AppData\Local\Temp\MSN5FBE.tmp --------- 0  
     04.01.2012 13:05     C:\Users\Data\Local\Temp\{9E934400-2F97-4E3A-B584-B5EA25444891} --------- 0  
     04.01.2012 12:53     C:\Users\ppData\Local\Temp\~DFD236CAFDC47C77FF.TMP --------- 114688  
     04.01.2012 12:28     C:\Users\AppData\Local\Temp\Pando_WinCrash_010412_112849.zip --------- 16535  
     04.01.2012 12:00     C:\Users\AppData\Local\Temp\dat8842.tmp --------- 85010  
     02.01.2012 15:59     C:\Users\pData\Local\Temp\OOBE(20120102145857330).log --------- 4444  
     02.01.2012 12:13     C:\Users\AppData\Local\Temp\dat5CB0.tmp --------- 85010  
     31.12.2011 16:59     C:\Users\AppData\Local\Temp\plugtmp-7 --------- 0  
     31.12.2011 16:33     C:\Users\\AppData\Local\Temp\dat3246.tmp --------- 85010  
     29.12.2011 23:04     C:\Users\\AppData\Local\Temp\scoped_dir15805 --------- 0  
     29.12.2011 23:04     C:\Users\\AppData\Local\Temp\scoped_dir3747 --------- 0  
     29.12.2011 23:04     C:\Users\\AppData\Local\Temp\scoped_dir15726 --------- 0  
     28.12.2011 23:34     C:\Users\AppData\Local\Temp\plugtmp-6 --------- 0  
     24.12.2011 18:16     C:\Users\\AppData\Local\Temp\pdo8E5A.tmp --------- 0  
     11.12.2011 13:18     C:\Users\\AppData\Local\Temp\PDF12D8.tmp --------- 178814  
     11.12.2011 13:13     C:\Users\\AppData\Local\Temp\OOBE(2011121112133812D4).log --------- 5184  
     10.12.2011 22:13     C:\Users\\AppData\Local\Temp\pdo5A90.tmp --------- 0  
     27.11.2011 11:57     C:\Users\\AppData\Local\Temp\datDDC6.tmp --------- 85010  
     27.11.2011 02:28     C:\Users\\AppData\Local\Temp\datEC9A.tmp --------- 85010  
     25.11.2011 15:20     C:\Users\\AppData\Local\Temp\plugtmp-5 --------- 0  
     24.11.2011 17:59     C:\Users\\AppData\Local\Temp\plugtmp-4 --------- 0  
     24.11.2011 15:10     C:\Users\\AppData\Local\Temp\OICE_732F1E29-8F94-46FE-99FA-343681ABBD97.0 --------- 0  
     24.11.2011 15:09     C:\Users\\AppData\Local\Temp\VirtualizationBootstrapper(2011112414090517C8).log --------- 2958  
     24.11.2011 15:09     C:\Users\\AppData\Local\Temp\OOBE(20111124140858112C).log --------- 4640  
     24.11.2011 15:09     C:\Users\\AppData\Local\Temp\mavcperf-setup.log --------- 6372  
     24.11.2011 15:09     C:\Users\\AppData\Local\Temp\Commands.xml --------- 438  
     24.11.2011 15:08     C:\Users\\AppData\Local\Temp\OOBE(201111241408352D0).log --------- 4542  
     24.11.2011 15:08     C:\Users\\AppData\Local\Temp\SetupExe(201111241408451A70).log --------- 6431  
     24.11.2011 15:08     C:\Users\\AppData\Local\Temp\repair_config.xml --------- 218  
     24.11.2011 15:08     C:\Users\\AppData\Local\Temp\config.xml --------- 97  
     24.11.2011 15:06     C:\Users\\AppData\Local\Temp\PDFC1F1.tmp --------- 299949  
     23.11.2011 19:06     C:\Users\\AppData\Local\Temp\geColladaModelCacheLock --------- 0  
     23.11.2011 19:06     C:\Users\\AppData\Local\Temp\geIconCacheLock --------- 0  
     23.11.2011 19:05     C:\Users\AppData\Local\Temp\dat99B3.tmp --------- 85010  
     23.11.2011 19:04     C:\Users\\AppData\Local\Temp\is3536.tmp --------- 0  
     23.11.2011 19:04     C:\Users\AppData\Local\Temp\._msigeplugin61 --------- 0  
     23.11.2011 15:51     C:\Users\ppData\Local\Temp\wlsF25A.tmp --------- 71631  
     23.11.2011 15:51     C:\Users\AppData\Local\Temp\wlsF1FC.tmp --------- 63  
     22.11.2011 17:43     C:\Users\\AppData\Local\Temp\plugtmp-3 --------- 0  
     21.11.2011 08:29     C:\Users\AppData\Local\Temp\jar_cache1960603669297479776.tmp --------- 0  
     21.11.2011 08:29     C:\Users\ppData\Local\Temp\jar_cache595658853125943124.tmp --------- 0  
     21.11.2011 08:29     C:\Users\Data\Local\Temp\jar_cache2000370859206083442.tmp --------- 0  
     21.11.2011 08:29     C:\Users\\AppData\Local\Temp\jar_cache2220051362543128741.tmp --------- 0  
     21.11.2011 08:29     C:\Users\AppData\Local\Temp\jar_cache6948474023914814123.tmp --------- 0  
     21.11.2011 08:29     C:\Users\AppData\Local\Temp\jar_cache1999775399787366358.tmp --------- 0  
     21.11.2011 08:29     C:\Users\\AppData\Local\Temp\PDFAAC9.tmp --------- 200924  
     21.11.2011 08:29     C:\Users\AppData\Local\Temp\PDFA1E2.tmp --------- 344674  
     21.11.2011 00:43     C:\Users\AppData\Local\Temp\datB6D0.tmp --------- 85010  
     16.11.2011 11:17     C:\Users\\AppData\Local\Temp\dat2A6B.tmp --------- 85010  
     16.11.2011 04:30     C:\Users\\AppData\Local\Temp\dat7068.tmp --------- 85010  
     15.11.2011 00:29     C:\Users\Data\Local\Temp\datDF70.tmp --------- 85010  
     14.11.2011 23:08     C:\Users\\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe --------- 909088  
     14.11.2011 14:57     C:\Users\\AppData\Local\Temp\DBFE.tmp --------- 0  
     14.11.2011 14:57     C:\Users\\AppData\Local\Temp\7C70.dir --------- 0  
     14.11.2011 14:56     C:\Users\\AppData\Local\Temp\7C70.tmp --------- 0  
     13.11.2011 17:14     C:\Users\AppData\Local\Temp\Pando_WinCrash_111311_161454.zip --------- 16037  
     12.11.2011 15:32     C:\Users\\AppData\Local\Temp\dat40C7.tmp --------- 85010  
     10.11.2011 21:33     C:\Users\\AppData\Local\Temp\EULA.rtf --------- 99817  
     10.11.2011 21:33     C:\Users\AppData\Local\Temp\OriginLauncher2176993.exe --------- 48141056  
     09.11.2011 03:01     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110911_020153.zip --------- 28945  
     09.11.2011 02:22     C:\Users\AppData\Local\Temp\Pando_WinCrash_110911_012215.zip --------- 28873  
     09.11.2011 01:36     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110911_003639.zip --------- 28957  
     09.11.2011 00:29     C:\Users\\AppData\Local\Temp\plugtmp-2 --------- 0  
     08.11.2011 19:34     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110811_183438.zip --------- 28855  
     08.11.2011 18:47     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110811_174742.zip --------- 30561  
     07.11.2011 21:28     C:\Users\\AppData\Local\Temp\Setup.exe --------- 47020208  
     07.11.2011 21:27     C:\Users\\AppData\Local\Temp\installerdll2183249.dll --------- 3032704  
     07.11.2011 21:27     C:\Users\\AppData\Local\Temp\installerdll2177961.dll --------- 3032704  
     07.11.2011 21:27     C:\Users\\AppData\Local\Temp\installerdll2176993.dll --------- 3032704  
     05.11.2011 12:00     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110511_110004.zip --------- 28194  
     05.11.2011 00:42     C:\Users\\AppData\Local\Temp\vcredist_x86.exe --------- 4995416  
     05.11.2011 00:42     C:\Users\\AppData\Local\Temp\vcredist_x64.exe --------- 5673816  
     05.11.2011 00:42     C:\Users\\AppData\Local\Temp\rootsupd.exe --------- 336280  
     05.11.2011 00:42     C:\Users\\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe --------- 2585872  
     04.11.2011 14:49     C:\Users\\AppData\Local\Temp\{AA21D9B7-CEB7-4944-94AE-478CD3615DD9} --------- 0  
     04.11.2011 14:48     C:\Users\AppData\Local\Temp\{E652E13C-F701-4048-B68B-4FA31D39C379} --------- 0  
     04.11.2011 10:49     C:\Users\r\AppData\Local\Temp\PDFFB5F.tmp --------- 958610  
     04.11.2011 10:49     C:\Users\AppData\Local\Temp\Adobe --------- 0  
     04.11.2011 00:47     C:\Users\AppData\Local\Temp\Pando_WinCrash_110311_234748.zip --------- 28922  
     04.11.2011 00:32     C:\Users\pData\Local\Temp\pdo602A.tmp --------- 0  
     03.11.2011 19:43     C:\Users\ppData\Local\Temp\plugtmp-1 --------- 0  
     03.11.2011 16:13     C:\Users\AppData\Local\Temp\sonarinst.exe --------- 1786688  
     01.11.2011 10:42     C:\Users\\AppData\Local\Temp\Pando_WinCrash_110111_094236.zip --------- 30484  
     01.11.2011 10:42     C:\Users\AppData\Local\Temp\Gast.bmp --------- 49208  
     01.11.2011 10:41     C:\Users\\AppData\Local\Temp\.bmp --------- 31832  
     01.11.2011 10:38     C:\Users\AppData\Local\Temp\Sonic11.tmp --------- 0  
     01.11.2011 10:32     C:\Users\AppData\Local\Temp\msdt --------- 0  
     01.11.2011 10:29     C:\Users\ppData\Local\Temp\Sonic10.tmp --------- 0  
     01.11.2011 10:10     C:\Users\AppData\Local\Temp\dd_vcredistUI39A4.txt --------- 11262  
     01.11.2011 10:10     C:\Users\AppData\Local\Temp\dd_vcredistMSI39A4.txt --------- 368766  
     01.11.2011 09:46     C:\Users\\AppData\Local\Temp\Sonic9.tmp --------- 0  
     31.10.2011 18:36     C:\Users\pData\Local\Temp\Pando_WinCrash_103111_173602.zip --------- 28256  
     31.10.2011 18:14     C:\Users\AppData\Local\Temp\plugtmp --------- 0  
     31.10.2011 15:05     C:\Users\AppData\Local\Temp\Sonic8.tmp --------- 0  
     31.10.2011 10:58     C:\Users\AppData\Local\Temp\{26EA0309-9263-4EF4-8491-9BABBCEA02B8} --------- 0  
     31.10.2011 10:56     C:\Users\ppData\Local\Temp\bye9877.tmp --------- 0  
     31.10.2011 10:55     C:\Users\ppData\Local\Temp\Sonic7.tmp --------- 0  
     31.10.2011 10:53     C:\Users\ppData\Local\Temp\Sonic6.tmp --------- 0  
     30.10.2011 20:06     C:\Users\ppData\Local\Temp\pdo4994.tmp --------- 0  
     30.10.2011 20:04     C:\Users\\AppData\Local\Temp\pdoF55C.tmp --------- 0  
     30.10.2011 20:02     C:\Users\AppData\Local\Temp\pdoD4C1.tmp --------- 0  
     30.10.2011 19:57     C:\Users\AppData\Local\Temp\pdoDE41.tmp --------- 0  
     30.10.2011 19:56     C:\Users\ppData\Local\Temp\{14F76604-AF25-405C-801B-97139977B629} --------- 0  
     30.10.2011 19:52     C:\Users\ppData\Local\Temp\LeagueofLegends.exe.log --------- 6481910  
     30.10.2011 18:44     C:\Users\ppData\Local\Temp\6991739284f991f5dcff8cd0c0f1d06d.lock --------- 0  
     30.10.2011 18:41     C:\Users\AppData\Local\Temp\mtka_tmp --------- 0  
     30.10.2011 16:20     C:\Users\AppData\Local\Temp\Sonic5.tmp --------- 0  
     30.10.2011 16:19     C:\Users\pData\Local\Temp\Sonic4.tmp --------- 0  
     30.10.2011 15:34     C:\Users\\AppData\Local\Temp\pdoDCC7.tmp --------- 0  
     30.10.2011 15:34     C:\Users\\AppData\Local\Temp\~DF5AB78BE610A3E848.TMP --------- 16384  
     30.10.2011 15:31     C:\Users\\AppData\Local\Temp\swt-win32-3349.dll --------- 139672  
     30.10.2011 15:17     C:\Users\AppData\Local\Temp\Cookies --------- 0  
     30.10.2011 15:17     C:\Users\\AppData\Local\Temp\History --------- 0  
     30.10.2011 15:17     C:\Users\AppData\Local\Temp\Temporary Internet Files --------- 0  
     30.10.2011 15:17     C:\Users\AppData\Local\Temp\Sonic3.tmp --------- 0  
     30.10.2011 15:17     C:\Users\\AppData\Local\Temp\Sonic2.tmp --------- 0  
     30.10.2011 15:05     C:\Users\\AppData\Local\Temp\Sonic1.tmp --------- 0  
     30.10.2011 14:47     C:\Users\AppData\Local\Temp\eul6AE6.tmp --------- 5061  
     30.10.2011 14:47     C:\Users\\AppData\Local\Temp\eul6AB6.tmp --------- 4849  
     30.10.2011 14:47     C:\Users\AppData\Local\Temp\eul5D4D.tmp --------- 124253  
     30.10.2011 14:46     C:\Users\\AppData\Local\Temp\eul9A7A.tmp --------- 5560  
     30.10.2011 14:38     C:\Users\AppData\Local\Temp\OriginLauncher1274434.exe --------- 48106400  
     30.10.2011 14:38     C:\Users\\AppData\Local\Temp\CA04.tmp --------- 0  
     30.10.2011 14:38     C:\Users\AppData\Local\Temp\A524.tmp --------- 376480  
     30.10.2011 14:26     C:\Users\AppData\Local\Temp\Low --------- 0  
     30.10.2011 14:25     C:\Users\\AppData\Local\Temp\StructuredQuery.log --------- 803  
     30.10.2011 14:24     C:\Users\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
     30.10.2011 14:24     C:\Users\\AppData\Local\Temp\Sonic.tmp --------- 0  
     30.10.2011 14:24     C:\Users\AppData\Local\Temp\qtsingleapp-stager-fe9f-1-lockfile --------- 0  
     30.10.2011 14:23     C:\Users\\AppData\Local\Temp\TAS63C1.tmp --------- 0  
     20.10.2011 23:51     C:\Users\\AppData\Local\Temp\installerdll1280003.dll --------- 3039360  
     20.10.2011 23:51     C:\Users\\AppData\Local\Temp\installerdll1275245.dll --------- 3039360  
     20.10.2011 23:51     C:\Users\AppData\Local\Temp\installerdll1274434.dll --------- 3039360  
     20.10.2011 11:54     C:\Users\AppData\Local\Temp\Tar76C6.tmp --------- 110483  
     30.09.2011 00:23     C:\Users\ppData\Local\Temp\installerdll842920.dll --------- 3036288  
     30.09.2011 00:23     C:\Users\AppData\Local\Temp\installerdll941778.dll --------- 3036288  
     13.08.2010 20:19     C:\Users\ppData\Local\Temp\MSN5FBE.exe --------- 468232  
     07.01.2010 17:42     C:\Users\AppData\Local\Temp\PROPHET.NFO --------- 12597  
     03.03.2009 20:33     C:\Users\ppData\Local\Temp\msvcr80.dll --------- 626688  
     03.03.2009 20:32     C:\Users\ppData\Local\Temp\zlib1.dll --------- 75264  
     03.03.2009 20:32     C:\Users\pData\Local\Temp\SimPack.exe --------- 81408  
     31.01.2009 13:42     C:\Users\AppData\Local\Temp\Empire Total War_disk1.sim --------- 54298  
     10.11.2003 20:55     C:\Users\AppData\Local\Temp\setCDCA.tmp --------- 116880  
     20.12.1999 14:04     C:\Users\\AppData\Local\Temp\mpegc.dll --------- 56832  
    ----------------------------------------
    
     
    C:\Program Files
    
     21.05.2012 11:45     C:\Program Files\Microsoft Silverlight --------- 4096  
     09.05.2012 03:00     C:\Program Files\Windows Journal --------- 0  
     27.04.2012 11:47     C:\Program Files\iTunes --------- 0  
     27.04.2012 11:47     C:\Program Files\iPod --------- 0  
     27.04.2012 11:46     C:\Program Files\Common Files --------- 4096  
     27.04.2012 11:46     C:\Program Files\Bonjour --------- 0  
     15.04.2012 19:53     C:\Program Files\Internet Explorer --------- 4096  
     04.02.2012 15:34     C:\Program Files\WinRAR --------- 4096  
     24.11.2011 15:09     C:\Program Files\Microsoft Office --------- 0  
     04.11.2011 14:48     C:\Program Files\Creative --------- 0  
     30.10.2011 14:20     C:\Program Files\Gemeinsame Dateien --------- 0  
     30.10.2011 14:20     C:\Program Files\Windows NT --------- 4096  
     25.10.2011 05:43     C:\Program Files\ZinioReader4 --------- 0  
     24.10.2011 22:44     C:\Program Files\dell stage --------- 0  
     24.10.2011 22:34     C:\Program Files\mcafee --------- 4096  
     24.10.2011 22:34     C:\Program Files\mcafee.com --------- 0  
     24.10.2011 22:32     C:\Program Files\Roxio --------- 0  
     24.10.2011 22:24     C:\Program Files\Windows Live --------- 0  
     24.10.2011 22:14     C:\Program Files\ATI --------- 0  
     24.10.2011 22:07     C:\Program Files\Java --------- 0  
     24.10.2011 21:56     C:\Program Files\Dell Inc --------- 0  
     21.11.2010 09:00     C:\Program Files\DVD Maker --------- 0  
     21.11.2010 09:00     C:\Program Files\Microsoft Games --------- 0  
     21.11.2010 08:50     C:\Program Files\Windows Mail --------- 0  
     21.11.2010 08:50     C:\Program Files\Windows Sidebar --------- 4096  
     21.11.2010 08:50     C:\Program Files\Windows Photo Viewer --------- 0  
     21.11.2010 08:50     C:\Program Files\Windows Media Player --------- 4096  
     21.11.2010 08:50     C:\Program Files\Windows Defender --------- 4096  
     21.11.2010 05:31     C:\Program Files\Windows Portable Devices --------- 0  
     14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
     14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
     14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
     14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    xxx  
    Default    
    Public    
    Default User    
    All Users    
    desktop.ini    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    
    ----------------------------------------
    
     
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            24 K
    System                           4 Services                   0         5.696 K
    smss.exe                       388 Services                   0            92 K
    csrss.exe                      592 Services                   0         2.660 K
    wininit.exe                    668 Services                   0           224 K
    csrss.exe                      688 Console                    1         7.468 K
    services.exe                   724 Services                   0        28.876 K
    lsass.exe                      752 Services                   0        38.092 K
    lsm.exe                        760 Services                   0         1.612 K
    winlogon.exe                   864 Console                    1        28.608 K
    svchost.exe                    904 Services                   0        40.316 K
    svchost.exe                    984 Services                   0        31.304 K
    atiesrxx.exe                   144 Services                   0           368 K
    svchost.exe                    576 Services                   0        78.568 K
    svchost.exe                    432 Services                   0       280.048 K
    svchost.exe                    920 Services                   0       111.792 K
    CTAudSvc.exe                  1088 Services                   0           540 K
    svchost.exe                   1128 Services                   0        37.576 K
    svchost.exe                   1224 Services                   0        54.068 K
    atieclxx.exe                  1380 Console                    1         2.152 K
    spoolsv.exe                   1484 Services                   0        46.748 K
    svchost.exe                   1520 Services                   0        44.424 K
    AppleMobileDeviceService.     1628 Services                   0         7.088 K
    dwm.exe                       1824 Console                    1        30.576 K
    taskhost.exe                  1952 Console                    1         5.540 K
    mDNSResponder.exe              692 Services                   0         2.176 K
    svchost.exe                   1744 Services                   0        85.492 K
    mfevtps.exe                   1864 Services                   0         5.264 K
    PnkBstrA.exe                  1740 Services                   0           632 K
    sftvsa.exe                    2368 Services                   0           712 K
    svchost.exe                   2416 Services                   0        40.000 K
    WLIDSVC.EXE                   2472 Services                   0         2.500 K
    mcshield.exe                  2500 Services                   0       126.368 K
    mfefire.exe                   2740 Services                   0         2.620 K
    sftlist.exe                   2788 Services                   0         4.080 K
    rundll32.exe                  2440 Console                    1        50.200 K
    rundll32.exe                  1396 Console                    1        50.752 K
    WLIDSVCM.EXE                  2812 Services                   0           404 K
    RaUI.exe                      3160 Console                    1         2.328 K
    McSvHost.exe                  3208 Services                   0        16.936 K
    rundll32.exe                  3292 Console                    1        50.196 K
    CVHSVC.EXE                    3312 Services                   0        10.392 K
    MOM.exe                       3384 Console                    1         6.556 K
    mcagent.exe                   3524 Console                    1         7.940 K
    iTunesHelper.exe              3540 Console                    1         6.048 K
    jusched.exe                   3548 Console                    1         9.416 K
    CCC.exe                       3728 Console                    1        10.456 K
    iPodService.exe               3476 Services                   0         3.428 K
    WUDFHost.exe                  4152 Services                   0         2.092 K
    svchost.exe                   4252 Services                   0        28.124 K
    SearchIndexer.exe             4424 Services                   0        27.344 K
    firefox.exe                   5024 Console                    1       257.416 K
    PresentationFontCache.exe     3780 Services                   0         1.668 K
    plugin-container.exe          1912 Console                    1         9.796 K
    IAStorDataMgrSvc.exe          4948 Services                   0         2.336 K
    NASvc.exe                      896 Services                   0         1.484 K
    wmpnetwk.exe                  2208 Services                   0         7.000 K
    audiodg.exe                   1976 Services                   0        23.304 K
    Skype.exe                      464 Console                    1       112.196 K
    distnoted.exe                 2248 Console                    1         1.548 K
    conhost.exe                   4988 Console                    1           176 K
    WUDFHost.exe                  2252 Services                   0         3.616 K
    SyncServer.exe                 588 Console                    1         2.596 K
    conhost.exe                   1964 Console                    1           208 K
    OTL.exe                       5792 Console                    1        14.468 K
    dllhost.exe                   1648 Console                    1           924 K
    explorer.exe                  5260 Console                    1        16.884 K
    SearchProtocolHost.exe        1032 Services                   0         9.148 K
    SearchFilterHost.exe          2336 Services                   0         8.008 K
    cmd.exe                       3808 Console                    1         4.316 K
    conhost.exe                   6028 Console                    1         6.276 K
    dllhost.exe                   6132 Console                    1         6.816 K
    tasklist.exe                  2232 Console                    1         6.340 K
    WmiPrvSE.exe                  4652 Services                   0         6.968 K
    
     
    ***** Ende des Scans 31.05.2012 um 11:09:39,06 ***

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.710

    AW: Diablo 3 Acc gehackt, Keylogger Trojaner?

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    Das Program installieren und ausführen:
    Anleitung:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

    2.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten--> `Do a system scan only`--> Einträge auswählen--> Häckhen setzen--> "Fix checked"klicken-->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Vista und WIN 7)

    3.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf das Tool HijackThis -> als Administrator ausführen wählen

    4.
    Hast Du OTL falsch installiert:
    OTL muss auf dem Desktop gespechert werden!
    Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
    also entfernen und erneut herunterladen!

    nach Installation im Logfile soll etwa so aussehen:
    Folder = C:\Users\***\Desktop
    5.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häkchen bei LOP- und Purity-Prüfung
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    6.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Paypal gehackt - Keylogger?
    Von ryuuzaki im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 29.03.2011, 14:20
  2. WOW- Account gehackt, Keylogger?!
    Von da_hoffi im Forum Archiv
    Antworten: 11
    Letzter Beitrag: 29.04.2010, 20:46
  3. Keylogger hat mein wow acc. gehackt
    Von Chopper im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 17.12.2009, 21:33
  4. Acc wurde gehackt
    Von Dobber im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 14.12.2009, 20:33
  5. acc gehackt
    Von Gorthak im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 31.10.2009, 18:24

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •