| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Merkwürdig: Anführungszeichen vor Zahlen und Windows Uhrzeit?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.04.2013, 15:59
| #1 |
| |  Merkwürdig: Anführungszeichen vor Zahlen und Windows Uhrzeit? Da ich Google und auch diverse Foren bereits durchkämmt hab und immer noch ratlos bin, möchte ich mein Problem hier mal schildern.... Meine Uhrzeit in Windows7 sieht z.b so aus: "16:46 Oder der freie Festplattenspeicherplatz unter start/computer: bei C: 90","9 GB frei von 372 GB bei D: 54","4 GB frei bei M: normal!! (D und M ist der selbe physikalische Datenträger...) bei M: unter Computerverwaltung/Datenträgerverwaltun: 406"25 GB NTFS Auch z.b in der Systemsteuerung/Programme und Funktionen sowie in diversen anderen Programmen besteht das Problem! Ich bin wirklich ratlos und weis auch nicht woher das Problem stammt oder wie ich es beheben kann... Mein System: Windows7 x64 mit Eset SmartSecurity Sorry beinahe vergessen: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: dd.MM.yyyy 17:09:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: "00000407" | Country: "Deutschland" | Language: "DEU" | Date Format: "dd.MM.yyyy" 5.99 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 79.91% Memory free 11.98 Gb Paging File | 10.72 Gb Available in Paging File | 89.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372.51 Gb Total Space | 90.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS Drive D: | 525.26 Gb Total Space | 54.42 Gb Free Space | 10.36% Space Free | Partition Type: NTFS Drive M: | 406.25 Gb Total Space | 108.66 Gb Free Space | 26.75% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.16 17:02:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.12 20:58:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe PRC - [2010.04.10 09:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2009.03.20 03:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Services (SafeList) ========== SRV - [2013.04.13 10:39:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.22 16:58:14 | 000,354,816 | ---- | M] () [Auto | Stopped] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio) SRV - [2013.03.12 20:58:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.18 00:25:33 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2012.08.17 23:27:39 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.06.04 08:38:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.06.08 07:54:56 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2011.04.13 17:25:48 | 000,110,344 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Programme\SolidWorks\COSMOS\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2011) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.11.16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.11.16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.03 09:38:41 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.13 15:47:12 | 000,200,200 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys -- (MAUSBMIDI) DRV:64bit: - [2010.01.08 08:13:12 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2009.12.23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.12.18 15:02:26 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2009.12.18 15:02:26 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2009.11.16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2009.11.16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:64bit: - [2009.10.15 13:51:28 | 000,034,376 | ---- | M] (Bome Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bomebus.sys -- (bomebus) DRV:64bit: - [2009.10.15 13:51:28 | 000,030,792 | ---- | M] (Bome Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bomemidi.sys -- (bomemidi) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 11:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2009.06.10 11:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2009.03.20 03:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007.05.01 16:01:04 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH80C0.sys -- (SaiH80C0) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 4E C5 68 D6 B2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: info%40convert2mp3.net:2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 10:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 10:39:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.04.03 09:33:44 | 000,000,000 | ---D | M] [2012.04.03 16:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.27 12:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ujnzphta.default\extensions [2013.03.10 01:31:30 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ujnzphta.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.27 12:32:37 | 000,043,066 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ujnzphta.default\extensions\info@convert2mp3.net.xpi [2013.03.09 14:25:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ujnzphta.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.13 10:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 10:39:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.07.02 14:38:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 09:15:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.02 14:38:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.02 14:38:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.02 14:38:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.02 14:38:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.24 22:13:03 | 000,000,944 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 updates.presonus.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Programme\Serviio\bin\ServiioConsole.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E7C2074-0EAD-49FE-A211-1767E3A80BCB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7079faa3-7d60-11e1-afd4-20cf30263637}\Shell - "" = AutoRun O33 - MountPoints2\{7079faa3-7d60-11e1-afd4-20cf30263637}\Shell\AutoRun\command - "" = H:\zky-ds3.exe O33 - MountPoints2\{d71b7ec7-56a5-11e2-8555-20cf30263637}\Shell - "" = AutoRun O33 - MountPoints2\{d71b7ec7-56a5-11e2-8555-20cf30263637}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.16 17:01:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.16 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojascan [2013.04.15 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mgn-aunmspe2 [2013.04.15 16:33:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ToneBoosters.All.Plugins.Bundle.v2.8.6.Incl.Keygen.INTERNAL-R2R [2013.04.15 16:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1 [2013.04.15 16:13:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LennarDigital.Sylenth1.v2.21.x86.x64.READ.NFO-iDONTKNOWHO [2013.04.14 12:38:41 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.13 10:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Plex Media Server [2013.04.11 18:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.04.11 18:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex [2013.04.11 18:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio [2013.04.11 18:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Serviio [2013.04.11 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.11 17:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2013.04.11 17:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server [2013.04.10 19:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.04.10 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Winamp [2013.04.10 19:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.04.10 19:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2013.04.10 19:15:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Anwendungserkennung [2013.04.10 18:09:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rainmeter [2013.04.10 18:09:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rainmeter [2013.04.10 18:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter [2013.04.10 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.10 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Xion [2013.04.10 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\r2 Studios [2013.04.10 17:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios [2013.04.09 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EA Games [2013.04.09 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\EA Games [2013.04.09 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\BioWare [2013.04.06 14:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\sPlan70 [2013.04.06 14:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sPlan 7.0 [2013.04.06 14:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sPlan70 [2013.04.05 12:30:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.04.05 12:29:11 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.04.05 12:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.04.02 16:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato [2013.04.02 16:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato [2013.04.01 15:35:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Focus Home Interactive [2013.04.01 15:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive [2013.04.01 15:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Home Interactive [2013.03.29 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013.03.26 15:32:48 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.26 15:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.26 15:32:22 | 000,000,000 | ---D | C] -- C:\Intel [2013.03.24 21:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.24 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.24 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.24 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.24 21:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.18 14:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix [2013.03.18 14:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DMC Devi May Cry ========== Files - Modified Within 30 Days ========== [2013.04.16 17:10:10 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 17:10:10 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 17:07:17 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2013.04.16 17:07:12 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys [2013.04.16 17:06:17 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.16 17:03:31 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.16 17:03:15 | 000,168,240 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png [2013.04.16 17:02:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.16 17:02:04 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.16 16:29:07 | 235,212,300 | ---- | M] () -- C:\Users\***\Desktop\EmsisoftEmergencyKit_3.0.0.3.zip [2013.04.16 16:01:59 | 000,000,111 | ---- | M] () -- C:\.dir [2013.04.14 12:26:42 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.14 12:26:42 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.14 12:26:42 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.14 12:26:42 | 000,131,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.14 12:26:42 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.14 12:20:48 | 003,072,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 18:25:14 | 000,001,843 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2013.04.10 18:09:00 | 000,001,730 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013.04.09 15:17:58 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss [2013.04.09 15:17:58 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll [2013.04.09 15:17:58 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat [2013.04.08 22:11:18 | 004,691,414 | ---- | M] () -- C:\Users\***\Desktop\all for one_demoloop.MP3 [2013.04.06 14:08:19 | 000,000,089 | ---- | M] () -- C:\Windows\SPL7019.DAT [2013.04.05 10:59:49 | 000,000,619 | ---- | M] () -- C:\Users\***\Desktop\ABI.lnk [2013.03.26 15:32:22 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2013.03.26 15:18:19 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.03.24 22:13:03 | 000,000,944 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.24 22:13:03 | 000,000,943 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella ========== Files Created - No Company Name ========== [2013.04.16 17:06:16 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.16 17:03:29 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.16 17:03:15 | 000,168,240 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png [2013.04.16 17:01:56 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.16 16:26:25 | 235,212,300 | ---- | C] () -- C:\Users\***\Desktop\EmsisoftEmergencyKit_3.0.0.3.zip [2013.04.11 18:25:52 | 000,000,111 | ---- | C] () -- C:\.dir [2013.04.11 18:25:14 | 000,001,843 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2013.04.10 18:09:00 | 000,001,730 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013.04.10 18:09:00 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk [2013.04.08 22:11:18 | 004,691,414 | ---- | C] () -- C:\Users\***\Desktop\all for one_demoloop.MP3 [2013.04.06 14:08:19 | 000,000,089 | ---- | C] () -- C:\Windows\SPL7019.DAT [2013.04.05 10:59:49 | 000,000,619 | ---- | C] () -- C:\Users\***\Desktop\ABI.lnk [2013.03.26 15:32:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.03.26 15:18:19 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.01.26 21:25:58 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2013.01.26 21:25:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2012.10.15 22:22:17 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.08.31 08:23:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.18 00:19:03 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.08.17 23:34:01 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\ibfs32.dll [2012.06.21 10:37:14 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.07 07:52:34 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2012.05.07 07:52:34 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2012.04.05 07:53:28 | 000,001,880 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.04.03 22:23:08 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.03 22:22:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.03 16:39:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.04.03 09:55:41 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe [2012.04.03 09:55:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.26 19:58:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.03.07 20:45:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ableton [2013.04.09 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Celemony Software GmbH [2012.04.03 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cycling '74 [2012.04.03 09:50:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.08.18 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2013.04.14 12:30:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.04.03 09:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET [2012.04.03 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FabFilter [2012.09.15 18:43:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iFunbox_UserCache [2012.08.22 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2013.04.14 12:51:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.08 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.04.12 08:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2012.04.03 17:33:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PreSonus [2012.10.22 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2013.04.10 17:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\r2 Studios [2013.04.10 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter [2012.10.10 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.06.28 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.04.12 08:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Waldorf [2012.04.23 19:29:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1246 bytes -> C:\ProgramData\Microsoft:ccIEBXKJIbcUMzmKFOqAye @Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:XQ2EEv8nSipO6wGJRwHTPkgU < End of report > Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: dd.MM.yyyy 17:09:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: "00000407" | Country: "Deutschland" | Language: "DEU" | Date Format: "dd.MM.yyyy"
5.99 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 79.91% Memory free
11.98 Gb Paging File | 10.72 Gb Available in Paging File | 89.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 90.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive D: | 525.26 Gb Total Space | 54.42 Gb Free Space | 10.36% Space Free | Partition Type: NTFS
Drive M: | 406.25 Gb Total Space | 108.66 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101CA5D-DC36-4F30-9686-0706DDE8363B}" = lport=138 | protocol=17 | dir=in | app=system |
"{07F93A7B-88F9-4C48-B470-7AA664C2B252}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{18602C59-C199-4242-8FF1-D9F4FFD3B94F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{216C8A1B-089C-4056-BA76-6F95467F5E44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37C7FE0C-F641-4DB3-9DA4-D962CAB28F39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{382F0DE3-71A1-4B90-AC2D-9CB7A5D18338}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D8FB220-610E-4CE9-9E6A-FAB36DF43E47}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45AD5CFC-9461-4620-92C4-B6930C3FB24A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5006DB6E-BE56-41E5-85BC-ABA1136BCBAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{544B3278-66EC-4959-AA28-49E29FED2883}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D793710-C158-4C6F-B2D0-C59E0A3321B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{641F7F05-C639-4EBC-BAE4-1976B4732B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B25C1DD-9CDC-4BB6-91E9-A65F54FB52B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B90850A-4AAA-40AC-8AF3-059DD177D60A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6F665062-4069-4BF8-B90B-D550CD75977D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{744FD0BA-CF32-45BF-A8CF-9CA1064B33EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7517FEBD-C8AB-4B73-888F-83901C2B09C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75863594-52AF-4ED1-90E6-0240839B1108}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{90E9AF43-BAC1-4C4B-B0FC-B6E3E12543C8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A282572F-4DA4-4A77-B30E-B474D131303D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5A2F689-375A-451E-8EBC-92528F83EA7F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A9B55D1B-415D-4AEF-9833-43D29957BCD2}" = lport=137 | protocol=17 | dir=in | app=system |
"{B1104660-ECAA-4E6C-A3BD-B12A4D5ACF41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B7D7D741-A8EE-4781-92B3-0A8311D1DEB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B83400C9-3FE4-4E31-9930-DA8B0B5F8C6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{DCEE101A-4C6A-4DBE-97D0-30461D9ADA5B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E341DE74-D64F-4A54-9EA6-39A4FDC620EA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E7E409E0-B808-43DD-80C9-8A06FEC9EB98}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED686446-AFF1-4196-92B9-8E555F939592}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE72C0CF-F9A2-4486-A487-B4C361870676}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFFB5E74-5971-4356-9C63-11DA85E75ECE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0023FC1F-3F2A-4BAE-8921-B78308793BDC}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{01A85596-EDDA-4553-87E9-A772201D6F8F}" = protocol=6 | dir=out | app=system |
"{029DB7D8-0536-4070-B8FD-4AC8FCF19450}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 limited edition\bf3.exe |
"{059FCB7B-D10C-44AD-A599-B084A9EE05C1}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{0752A6C7-4713-4A86-BBB5-537AF39B9247}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{115CB10C-6E5B-4D36-9362-03F22CA8E187}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{121E6316-D572-4401-AFE9-99521430D690}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AF459D0-C03B-45B2-90DE-E6C01FE9C74B}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{1EB46198-548B-4C1F-865F-608EFD1BEB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{21FD4F87-7813-4760-9B4C-36AE53112887}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26D9DD39-75C7-4619-8C87-B4CFDC25C266}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{287D47A2-D98A-4786-BB5D-AF1E95A70B25}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{31416DD1-B693-49C8-B1E5-F8412F5148B6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{31F80B3F-A26B-4A21-B725-7910A545164A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{38E5E479-6EE1-44AA-B80B-77F3AF5E0261}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40E82E5D-0FB2-462C-B397-49351C204CE6}" = protocol=6 | dir=in | app=c:\program files\solidworks\swscheduler\dtscoordinatorservice.exe |
"{4384AFBE-216D-4109-A99E-47013A986D7B}" = dir=out | app=%programfiles% (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{46B7C51A-402C-4354-8F97-38CA51088DFE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{49749209-535A-4A7F-B57C-356325CA2775}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4F2C369F-46BD-42DD-94DE-2774EC4E4D72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4FE8DC64-6370-43EE-B4E5-E9866828653C}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{502B03FB-FEF9-4252-8C0E-F9D032E40427}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{54AA3B78-53D2-4D2E-9466-FB9B3E5DC30D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5857BED0-E272-4FD6-8D27-46F8EF10C006}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{58DBB9B6-64EA-4F1E-A478-7FA2EB288082}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5D5EEBDD-F70C-42D3-92F1-0AB4130169BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63348D66-BD26-44D1-ABE7-3B3F10591AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{639DB348-C662-422F-B316-15A970313C76}" = dir=out | app=%programfiles% (x86)\rockstar games\social club\renderer.exe |
"{63C09159-5F84-4BA8-857E-D93B15ED5AEE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{693351F4-8439-45CC-B4B5-7506A1649D98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C0C74DF-F36D-4033-8024-F4EBD0922CF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E16B855-D4D1-4617-BEE4-CC9A4860E0A9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{6FA83856-DD92-4915-B258-F66073D496C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7839CC95-4B30-4E90-8C80-68587FFC2B1E}" = dir=out | app=%programfiles% (x86)\rockstar games\max payne 3\maxpayne3.exe |
"{7A4B3BE0-0D3B-4036-972B-BF644093BFEA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80167904-2C46-4DAF-978A-7592670602AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlclient.exe |
"{802D32D4-7CC8-4713-AFB2-79868DAF6317}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlclient.exe |
"{81D642E1-9180-4D37-AF95-66EAC9FCE3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{853BC7C5-6369-4C59-BA65-6CFE2AA72B5F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{86792A7C-19EC-4835-AF61-CB878CD1859D}" = dir=out | app=%programfiles% (x86)\rockstar games\social club\wow_helper.exe |
"{88B39FD1-7D52-4E9F-AE3D-B7900C7D9C5B}" = protocol=17 | dir=in | app=c:\program files (x86)\griid\griid connector.exe |
"{91257331-FAE1-4585-9463-052DBE8FD5C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91B59569-1520-45A2-8BB3-12F5A8EEA2DF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{91BB49F6-9EE1-4D6A-801C-A8A45D2C6415}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91BE010E-ADD9-4479-83FE-851EDA7F42C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91F43037-D09D-47F7-80E9-D2E2AB085308}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{9416ED1E-5731-4501-9BCD-A1067F6338E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{991ED962-CD8D-4870-A524-E61B6C4A9572}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9B6C2B9E-9B31-4392-8C55-F07671B63B6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B9BECA6-7C36-4F8B-A5B1-1989D3E0536E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{A12CCAEA-EF54-462A-9492-151E683E33BE}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{A6A2AED3-2524-463F-AD4B-9DAEF5F6A310}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A842F5B0-90C6-48AF-BA09-23E2B558DC08}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAA38CA7-050F-4E3A-964D-3BC85C389088}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B0A60FB2-9CFC-4B14-9591-DCB78F062979}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1D4C30B-FC4F-4AE2-A9E9-09E73C633E77}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{B39B973A-7C7A-471C-8AF7-C16ACAD21A48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4D80444-61E7-4F84-8531-F4A71F0CD4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\griid\griid connector.exe |
"{B5206142-F847-46AD-8BE5-4180BC776E9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7CEB811-933F-45E9-9907-22066A728C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C01A2D60-F11E-4419-8F25-5D652E599040}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{C1BE56EA-0E57-4650-80CF-B711AD9BE25C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C3CFA255-0941-4C2B-9943-59658BEFFC33}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C59BE4BA-8691-44E7-90EB-22073C9ABA1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CBF9745E-965C-4B02-AFF7-253063547678}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D075F764-791A-4B59-9205-53AFF1BCE37D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{D1948A8A-1CF7-4083-AA1E-315EB9984DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 limited edition\bf3.exe |
"{D275A36C-1CDE-4FB8-A1A3-2F1EE0990309}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D6B52286-1248-4BF2-B01D-77A74021B7CA}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{D9C062C1-8E2D-4B13-ABDC-E6890DDABA73}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{DAFC215A-EE34-428A-ACDE-50EBA0DABDB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DECC3E2C-433D-4E7C-8AF0-7BFFD0E22A9F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{DFEBDD03-5DD6-440B-BB91-69F63B88E3A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E166793E-0F6D-4BDC-952F-A54422E9EE54}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E52683ED-FF09-4A5F-BCF5-36CC16647674}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{E5EE1E89-544B-4E19-A02A-71296E7CA91D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E828C9A6-05B9-48C1-9A13-458E2FAF1D14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA37AE9C-F7C5-4EF9-AFE4-86CD92ADDBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{EB88B331-3CE9-41AC-A1D7-1C02C32A0998}" = protocol=17 | dir=in | app=c:\program files\solidworks\swscheduler\dtscoordinatorservice.exe |
"{ED149B18-9CAA-4CB2-81D2-23183564E997}" = dir=out | app=%programfiles% (x86)\rockstar games\social club\uninstallrgscredistributable.exe |
"{F3A8311F-D4D6-4B01-AF02-A7FDFC4445A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F4B254D4-83CB-436C-9AC7-96B885C18A12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F648B39D-DD1F-4CF3-8064-6D1F6634047D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F8707FCF-3AD7-437D-BC93-CB7178CF8347}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2B0BC542-0078-4D5E-B88F-6701C7D3CC16}C:\program files (x86)\ableton\live 8.2.8\program\live 8.2.8.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ableton\live 8.2.8\program\live 8.2.8.exe |
"TCP Query User{536C0FFA-8060-401E-8C2A-7B9AE7A617CA}C:\program files (x86)\griid\griid connector.exe" = protocol=6 | dir=in | app=c:\program files (x86)\griid\griid connector.exe |
"TCP Query User{6D964755-B241-4404-A17A-98CFEDF6018C}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"TCP Query User{9CEBCE78-B91F-435E-AA09-0282CAEEEC0E}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{45B8C2CA-7DCC-4600-B866-43D380FCA43E}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"UDP Query User{6C5B07BB-51D5-421B-A360-074928D9F385}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{A6058027-EAB0-409D-9321-9603C880DC89}C:\program files (x86)\griid\griid connector.exe" = protocol=17 | dir=in | app=c:\program files (x86)\griid\griid connector.exe |
"UDP Query User{E6BC05BA-EA85-4536-AE8E-BF21F1D717EB}C:\program files (x86)\ableton\live 8.2.8\program\live 8.2.8.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ableton\live 8.2.8\program\live 8.2.8.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{3F961287-BBFB-4240-B4B7-9407945A3A2D}" = ESET Smart Security
"{4388C87D-A0F9-4B0E-96A4-AC3127022C88}" = Max 5.1.6
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP04
"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{899FCA36-ADAF-4612-8579-B37DDB0C092F}" = Saitek SD6 Programming Software 6.6.6.9
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F8689D5-36FE-4BA3-AE55-6D68DE45A2B5}" = SolidWorks Flow Simulation 2011 SP04 x64 Edition
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A20610CB-510A-44C5-A52F-9A6F887507F9}" = COSMOSM 2011 x64 Edition (2010/165)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A44946FF-E609-4178-8475-A53555E36604}" = SolidWorks eDrawings 2011 x64 Edition SP04
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sandboxie" = Sandboxie 3.66 (64-bit)
"Serviio" = Serviio
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{079EE464-9C92-414A-8300-C9AEEDE9F3CF}" = SolidWorks 2011 API SDK
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{32A60EAD-4092-4484-9A77-6C9E560AE8AA}_is1" = Dead Space 3 Version 1.0
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36625871-9D4B-4046-A837-677974F51CAC}_is1" = DJ Intro version 1.1.1
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8D189F5-A5BD-4F59-94C3-BD39662B96F7}" = Ableton Live 9 Suite
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD38F702-A9BF-449E-8440-0C14EE0444B1}_is1" = Tomb Raider Version v1.0.716.5
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Assassin's Creed III_is1" = Assassin's Creed III
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BMIDI_Driver1.0.0.11_is1" = Bome's Virtual MIDI Port 1.0.0.11
"Cities XL Platinum_is1" = Cities XL Platinum
"DMC Devi May Cry (c) Capcom_is1" = DMC Devi May Cry (c) Capcom version 1
"eLicenser Control" = eLicenser Control
"ESN Sonar-0.70.4" = ESN Sonar
"FabFilter TotalBundle VST RTAS x86_is1" = FabFilter TotalBundle VST RTAS v1.1
"Griid" = Liine Griid
"Hitman Absolution_is1" = Hitman Absolution
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"Live 8.2.8" = Live 8.2.8
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MinecraftAlpha" = MinecraftAlpha
"Minimonsta" = GForce - Minimonsta
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"Nero Multimedia Suite10.0.13100 Lite" = Nero Multimedia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PreSonus Studio One 2" = PreSonus Studio One 2
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard 1.7.2_is1" = reFX Vanguard 1.7.2
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rockstar Games Social Club" = Rockstar Games Social Club
"SMPlayer" = SMPlayer 0.8.0
"sPlan_70_is1" = sPlan 7.0
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Sylenth1_is1" = Sylenth1 v2.21
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.2
"Waldorf Largo" = Waldorf Largo
"Winamp" = Winamp
"XMedia Recode" = XMedia Recode 3.0.9.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - dd.MM.yyyy 16:24:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 05:44:52 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 10:14:31 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 12:23:19 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 09:16:02 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 12:52:54 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Plex.exe, Version 0.9.5.4 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 744 Startzeit:
01ce36d4e05d075c Endzeit: 39 Anwendungspfad: C:\Program Files (x86)\Plex\Plex Media
Center\Plex.exe Berichts-ID: 3f0f9aa8-a2c8-11e2-9447-20cf30263637
Error - dd.MM.yyyy 13:26:20 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 15:04:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 07:56:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - dd.MM.yyyy 12:54:36 | Computer Name = ***-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\SolidWorks\COSMOS\binCFW\reg_sasenv.exe"
in Zeile 24. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
[ System Events ]
Error - dd.MM.yyyy 01:41:56 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.137.1371.0)
< End of report >
gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-16 17:26:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-7 SAMSUNG_HD403LJ rev.CT100-12 372"61GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770087b1 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072b81a22 2 bytes [B8, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072b81ad0 2 bytes [B8, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072b81b08 2 bytes [B8, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072b81bba 2 bytes [B8, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072b81bda 2 bytes [B8, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075351465 2 bytes [35, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753514bb 2 bytes [35, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [136:2444] 000007fef5940ea8
Thread C:\Windows\system32\svchost.exe [136:2156] 000007fef5939db0
Thread C:\Windows\system32\svchost.exe [136:2968] 000007fef5941c94
Thread C:\Windows\system32\svchost.exe [136:752] 000007fef593aa10
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3464:3876] 000007fefc072a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3464:3884] 000007feef69d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3464:2096] 000007fef7d05124
Thread C:\Windows\System32\svchost.exe [3540:580] 000007feedc59688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00081b82eafe
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00081b82eafe@e80688415a0d 0x0C 0x3C 0xA4 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x0F 0xBE 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xF4 0x9D 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x42 0xA2 0x13 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00081b82eafe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00081b82eafe@e80688415a0d 0x0C 0x3C 0xA4 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x0F 0xBE 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xF4 0x9D 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x42 0xA2 0x13 0x7F ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\GAMES\MinecraftBYrackbrainTV\Deadly\xb4s Minecraft Alpha Custom Installer.exe 1
---- EOF - GMER 2.1 ----
Geändert von nozz (16.04.2013 um 16:39 Uhr) Grund: Vervollständigung |
|
16.04.2013, 17:23
| #2 | |
| /// TB-Ausbilder  |  Merkwürdig: Anführungszeichen vor Zahlen und Windows Uhrzeit?Zitat:
Supportstopp  Lesestoff:Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________ |
|
| Themen zu Merkwürdig: Anführungszeichen vor Zahlen und Windows Uhrzeit? |
| andere, anderen, beheben, bereits, daten, diverse, eset, eset smart security, festplatte, focus, foren, funktionen, google, grand theft auto, helper.exe, install.exe, intranet, jdownloader, launch, merkwürdig, nexus, platte, problem, programmen, ratlos, richtlinie, security, smartsecurity, speicherplatz, super, systems, uhrzeit, uplay, visual studio, windows, windows7, wirklich, zahlen |
Linear-Darstellung
