| |
| |||||||
Alles rund um Windows: Problem mit MalewareWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
24.05.2013, 12:43
| #1 |
| |  Problem: Problem mit Maleware Hallo, ich habe offensichtlich seit einigen Tagen mit bösartiger Maleware zu kämpfen. Ich habe hier im Forum eine Anleitung gefunden mit der man eine GMER eine OTL und eine Extras.txt erstellen sollte, damit einem geholfen werden kann. Soll ich die hier einfach posten? MfG |
|
24.05.2013, 12:46
| #2 |
  | Problem mit Maleware Anleitung / Hilfe jap posten bitte man kann ja schlecht riechen was drin steht
__________________ mfg HardStylerx3 |
|
24.05.2013, 14:11
| #3 |
| | Problem mit Maleware Details GMER Logfile:
__________________Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-24 15:06:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 Patriot_Warp_V2_64GB_SSD rev.02.10104 60,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Albert\AppData\Local\Temp\kgdiqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ed000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031ed02f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072bf1a22 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072bf1ad0 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072bf1b08 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072bf1bba 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072bf1bda 2 bytes [BF, 72]
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1772:2116] 000007fef8c410c8
Thread C:\Windows\System32\spoolsv.exe [1772:2132] 000007fef8b96144
Thread C:\Windows\System32\spoolsv.exe [1772:2136] 000007fef8985fd0
Thread C:\Windows\System32\spoolsv.exe [1772:2140] 000007fef8c23438
Thread C:\Windows\System32\spoolsv.exe [1772:2144] 000007fef89863ec
Thread C:\Windows\System32\spoolsv.exe [1772:2168] 000007fef8f35e5c
Thread C:\Windows\system32\svchost.exe [1808:4132] 000007fef13b2888
Thread C:\Windows\system32\svchost.exe [1808:4180] 000007fef12c2940
Thread [1968:1996] 0000000077aa3e45
Thread [1968:2000] 0000000075e17587
Thread [1968:2012] 0000000077aa2e25
Thread [2824:2864] 0000000077aa3e45
Thread [2824:2868] 0000000075e17587
---- EOF - GMER 2.1 ----
OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.05.2013 13:17:12 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 57,06% Memory free 16,00 Gb Paging File | 12,95 Gb Available in Paging File | 80,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,07 Gb Total Space | 11,09 Gb Free Space | 18,47% Space Free | Partition Type: NTFS Drive D: | 931,41 Gb Total Space | 315,76 Gb Free Space | 33,90% Space Free | Partition Type: NTFS Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.24 12:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe PRC - [2013.05.19 12:34:02 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe PRC - [2013.05.17 23:44:41 | 000,047,392 | ---- | M] (Yontoo LLC) -- C:\Users\Albert\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.05.17 23:44:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2013.04.24 20:00:06 | 028,499,304 | ---- | M] (Dropbox, Inc.) -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.04.20 21:54:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.02.19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2013.01.29 00:35:26 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.25 05:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 12:15:54 | 000,013,600 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.05.20 18:51:15 | 000,145,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2013.05.19 12:34:32 | 000,021,272 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2013.05.19 12:34:28 | 000,025,368 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2013.05.19 12:34:28 | 000,019,736 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2013.05.19 12:34:22 | 000,051,480 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2013.05.19 12:34:22 | 000,013,592 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2013.05.19 12:34:20 | 000,111,896 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2013.05.19 12:34:18 | 000,044,312 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2013.05.19 12:34:16 | 000,078,104 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2013.05.19 12:34:16 | 000,016,152 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2013.05.19 12:34:12 | 000,057,112 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2013.05.19 12:34:12 | 000,018,712 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2013.05.19 12:34:08 | 000,032,024 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2013.05.19 12:34:08 | 000,012,568 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2013.05.19 12:34:06 | 000,014,104 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2013.05.19 12:34:06 | 000,013,592 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2013.05.19 12:34:04 | 001,688,856 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2013.05.19 12:34:04 | 000,192,792 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll MOD - [2013.05.19 12:34:04 | 000,081,176 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2013.05.19 12:34:02 | 000,657,688 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2013.05.19 12:33:12 | 000,047,384 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2013.05.19 12:33:00 | 000,025,368 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll MOD - [2013.05.19 12:32:54 | 000,067,864 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll MOD - [2013.05.16 18:19:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 18:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.20 23:19:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.02.20 23:18:23 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013.02.19 14:40:26 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.02.19 14:39:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.19 14:39:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.19 14:39:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.19 14:39:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.07 12:20:33 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Services (SafeList) ========== SRV - [2013.05.15 20:25:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.10 19:55:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2013.04.20 21:54:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.29 00:35:26 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.25 05:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013.03.21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013.01.29 00:35:26 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.09.25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.11 22:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly) DRV:64bit: - [2011.04.11 22:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_190513_lnkry&babsrc=SP_ss&mntrId=D4EF1C6F653DFE01 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26 FF - prefs.js..extensions.enabledAddons: YTKaraoke%40DacSoft.org:1.112 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.07 12:56:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.07 12:56:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.05.02 21:21:44 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\YTKaraoke@DacSoft.org: C:\Program Files (x86)\YTKaraoke\FF\ [2013.05.24 12:15:43 | 000,000,000 | ---D | M] [2013.05.21 01:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions [2013.05.21 02:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\ssj0e6i8.default\Extensions [2013.05.21 02:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.21 01:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.21 01:15:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.02 21:21:44 | 000,037,909 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\WAJAM\FIREFOX\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI [2013.05.24 12:15:43 | 000,000,000 | ---D | M] ("Tube Karaoke") -- C:\PROGRAM FILES (X86)\YTKARAOKE\FF O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Tube Karaoke) - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Program Files (x86)\YTKaraoke\ytkaraoke.dll (Dacotta SoftEngineering) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe (Smartbar) O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Albert\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC840841-8F75-422F-9815-409E7ACC1DF8}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5491d3de-a763-11e2-93b8-1c6f653dfe01}\Shell - "" = AutoRun O33 - MountPoints2\{5491d3de-a763-11e2-93b8-1c6f653dfe01}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{572ef886-6f01-11e2-b974-1c6f653dfe01}\Shell - "" = AutoRun O33 - MountPoints2\{572ef886-6f01-11e2-b974-1c6f653dfe01}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{5d13129a-8729-11e2-9c2c-1c6f653dfe01}\Shell - "" = AutoRun O33 - MountPoints2\{5d13129a-8729-11e2-9c2c-1c6f653dfe01}\Shell\AutoRun\command - "" = F:\raf-mll.exe O33 - MountPoints2\{73d109f0-c0f5-11e2-a537-1c6f653dfe01}\Shell - "" = AutoRun O33 - MountPoints2\{73d109f0-c0f5-11e2-a537-1c6f653dfe01}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{f40a56e8-c2dc-11e2-9c01-1c6f653dfe01}\Shell - "" = AutoRun O33 - MountPoints2\{f40a56e8-c2dc-11e2-9c01-1c6f653dfe01}\Shell\AutoRun\command - "" = H:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 12:38:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe [2013.05.24 12:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTKaraoke [2013.05.21 01:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.21 01:10:44 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Downloaded Installations [2013.05.21 01:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.05.21 01:09:49 | 000,033,736 | ---- | C] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys [2013.05.21 01:09:48 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.21 01:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.05.20 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Smartbar [2013.05.20 18:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.05.20 18:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.05.20 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid [2013.05.20 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013.05.20 18:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013.05.20 18:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.05.20 18:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid [2013.05.20 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub [2013.05.20 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub [2013.05.20 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\LavFilters [2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali [2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\CDXReader [2013.05.20 18:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx [2013.05.20 18:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013.05.20 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.05.20 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.05.20 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.20 18:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.05.20 18:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSource Flash Video Splitter [2013.05.20 18:46:05 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\BabSolution [2013.05.20 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013.05.20 18:45:51 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\DSite [2013.05.20 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2013.05.20 18:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder [2013.05.20 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Babylon [2013.05.20 18:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.20 18:42:59 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Yontoo [2013.05.20 18:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.05.20 18:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.05.20 18:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.05.20 15:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.05.20 04:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac [2013.05.19 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\WarThunder [2013.05.19 21:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder [2013.05.19 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder [2013.05.17 12:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.05.17 12:46:15 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Programs [2013.05.15 19:10:19 | 000,000,000 | ---D | C] -- C:\Users\Albert\Desktop\skse_1_06_13 [2013.05.15 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Nexus Mod Manager [2013.05.15 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Black_Tree_Gaming [2013.05.15 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2013.05.15 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Skyrim [2013.05.13 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Microsoft Games [2013.05.08 18:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2013.05.08 18:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2013.04.29 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.28 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Rockstar Games [2013.04.28 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.04.28 23:16:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013.04.28 22:54:15 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Rockstar Games [2013.04.28 22:54:11 | 000,000,000 | RH-D | C] -- C:\Users\Albert\AppData\Roaming\SecuROM [2013.04.28 22:54:10 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.04.28 22:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2013.04.28 22:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.04.28 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.04.26 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.04.26 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Dropbox [2013.04.26 17:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.24 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Thunderbird [2013.04.24 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Thunderbird ========== Files - Modified Within 30 Days ========== [2013.05.24 12:45:02 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.05.24 12:43:40 | 000,000,000 | ---- | M] () -- C:\Users\Albert\defogger_reenable [2013.05.24 12:43:11 | 000,377,856 | ---- | M] () -- C:\Users\Albert\Desktop\gmer_2.1.19163.exe [2013.05.24 12:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe [2013.05.24 12:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 12:22:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 12:22:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 12:21:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.24 12:21:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.24 12:21:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.24 12:21:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.24 12:21:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.24 12:15:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 12:15:25 | 2146,246,655 | -HS- | M] () -- C:\hiberfil.sys [2013.05.23 18:53:25 | 000,000,000 | ---- | M] () -- C:\END [2013.05.21 01:16:04 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.20 18:46:26 | 000,001,992 | ---- | M] () -- C:\Windows\unins000.dat [2013.05.20 18:46:07 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe [2013.05.20 18:43:39 | 000,002,037 | ---- | M] () -- C:\Users\Albert\Desktop\JDownloader.lnk [2013.05.20 15:21:07 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.05.20 04:14:31 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.17 20:22:02 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.17 20:22:02 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.16 18:18:25 | 000,312,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 19:39:59 | 000,001,612 | ---- | M] () -- C:\Users\Albert\Desktop\Skyrim.lnk [2013.05.15 18:49:59 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2013.05.14 14:56:21 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.04.30 20:07:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 20:07:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.28 22:54:10 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.04.26 23:07:09 | 000,001,051 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.05.24 12:43:40 | 000,000,000 | ---- | C] () -- C:\Users\Albert\defogger_reenable [2013.05.24 12:43:11 | 000,377,856 | ---- | C] () -- C:\Users\Albert\Desktop\gmer_2.1.19163.exe [2013.05.21 01:16:04 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.21 01:16:04 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.20 18:48:44 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2013.05.20 18:48:43 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2013.05.20 18:48:43 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2013.05.20 18:48:40 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2013.05.20 18:48:39 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.05.20 18:48:38 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.05.20 18:47:03 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.20 18:46:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.05.20 18:46:26 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.05.20 18:46:22 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2013.05.20 18:46:20 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.05.20 18:46:20 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat [2013.05.20 18:45:51 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.05.20 18:45:49 | 000,000,000 | ---- | C] () -- C:\END [2013.05.20 18:43:39 | 000,002,037 | ---- | C] () -- C:\Users\Albert\Desktop\JDownloader.lnk [2013.05.20 18:43:19 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.05.20 18:43:19 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.05.20 18:43:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.05.20 04:14:31 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk [2013.05.20 04:14:31 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.15 19:37:58 | 000,001,612 | ---- | C] () -- C:\Users\Albert\Desktop\Skyrim.lnk [2013.05.15 18:49:59 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2013.05.10 17:37:46 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.04.30 20:07:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 20:07:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.26 23:07:09 | 000,001,051 | ---- | C] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 17:08:13 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.02.07 12:52:53 | 000,262,685 | ---- | C] () -- C:\Windows\hpwins23.dat [2013.02.07 12:52:53 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2013.02.04 23:23:52 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.04 23:23:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.19 18:34:06 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\.minecraft [2013.02.04 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\AVG2013 [2013.05.20 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\BabSolution [2013.05.20 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Babylon [2013.05.20 18:47:12 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\CDXReader [2013.05.24 12:16:01 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Dropbox [2013.05.20 18:45:51 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\DSite [2013.05.20 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\LavFilters [2013.02.04 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Leadertech [2013.05.20 18:37:35 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\LumacDaemon [2013.02.17 16:47:20 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\MediaMonkey [2013.02.05 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Origin [2013.04.24 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Thunderbird [2013.02.04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\TuneUp Software [2013.05.16 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Wargaming.net [2013.05.24 12:15:55 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.05.2013 12:39:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 54,96% Memory free
16,00 Gb Paging File | 12,67 Gb Available in Paging File | 79,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,07 Gb Total Space | 11,10 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 315,76 Gb Free Space | 33,90% Space Free | Partition Type: NTFS
Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D30FDE-B0FD-490E-BF26-110665F76CDB}" = lport=137 | protocol=17 | dir=in | app=system |
"{0FE2A3FC-E6A8-470B-93D7-3D1D8D1ABE0E}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{14BFD5CC-4FDD-40AE-B976-8AEBEE476184}" = lport=445 | protocol=6 | dir=in | app=system |
"{19C699F4-AC69-46E7-8F80-F2BB564F92C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CF6AF8D-2D39-459F-B6EB-C87C74DF991E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2397EFF4-B53E-48D6-9FDA-71500C277A2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{274BACB9-6FB9-479B-B69F-FA60B76925C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E1C31C1-DF38-4798-923A-32964BCA3729}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FEE32A7-232B-4BAB-B300-F5C6FCD31CEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3AA8072F-2D32-413D-B189-35AEAF95E092}" = lport=2869 | protocol=6 | dir=in | app=system |
"{469C3FDB-91F6-4CBE-80E4-F215EBA0EFE4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{501C88EB-6C3D-47F7-A7B4-50CE9F7AE031}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5784F026-061A-4B14-A4CD-29EAB53E9B3F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5FCAF3CF-B03E-4E07-B6E9-4A53134470F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{62B184C2-51E4-4729-9A84-5CD9DCD5917D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{723EB261-1CBD-4F92-80A6-61D5DAD4A651}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{77631B10-77A7-47B6-8809-14853DAF1B06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9006DE5A-63DB-4FED-A9B7-759A625D3299}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90917C9F-4693-473A-A23A-3918FB591178}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97398F23-404B-411E-9BEE-DC08A8F7AC17}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{BC630FE9-CF5D-405B-A1B3-C9D0604289B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CDD22F01-5F62-4831-83D7-A8877B291A8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D335F46F-913A-4AEE-A7E4-7F792C5F1D0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DACE0A67-1252-41CE-BE52-9DC5A33F1DB0}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF96466F-3E80-4ADB-A838-F1C0915D1E83}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3637304-F4BE-4EE3-838D-6C2BA895F204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DB155A-CA5A-4363-991D-4A7E2A3D075F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{04E4793F-A9DB-4DFE-9D49-A885876AC4B7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{0599FC68-F991-4CA3-B5E3-48CDE4D7624A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{05C46EEF-5A0D-404C-A54D-5DC562551E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{075B5D3F-4A91-4DFA-9BB2-35BA1A433781}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{0BDA7E8B-D89B-40B0-A298-098E0282F9C7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{0C9F6EA1-12F0-4E8B-AFD8-7FEF36E47B9A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{0D969833-E69D-4955-8AF4-CFABFEE18E95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1155B900-1D4A-4AA9-B277-29C101A8DDDD}" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe |
"{11EDD132-BCD1-49B7-B1D7-51F63C60EC85}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"{13C95D6B-FB7B-4DCA-BF77-A4C2F46F6724}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{13E25D04-E562-4572-A2DE-8977E80D555B}" = protocol=17 | dir=in | app=d:\games\origin\medal of honor warfighter\mohw.exe |
"{14932009-CFA1-44D0-AD10-2F34E0036411}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{15347947-EA84-4771-8CE0-848970C99A54}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{1C35C4FB-8832-4A16-B6A5-8D3B05E69352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1E8330D7-A566-42BE-AC66-8C3361DF1144}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage64.exe |
"{1F135A93-447A-46AA-8BD9-920E96F7C0FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2228E7F9-E581-44D7-9CCB-C090290A7F70}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{23CF9C21-BC3D-4CFA-80F4-A14CEDC1B62A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2436A575-44A4-44CA-81D4-0B087A8EB457}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{26FC3BA4-65B0-4CA4-A6D7-6F7ED8BBE3C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{2CB31E0B-9AE7-4ABC-B602-0AF5AC3D7723}" = protocol=17 | dir=in | app=d:\games\origin\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{2CCD611F-EF9A-47B6-AA23-237FCBDA072F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{2E9EA9C2-2CC8-4972-BE38-0C5D29DA513F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{303B95D0-7DD1-4F34-921E-29F149F6C4E7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{32356A10-8BC4-456E-8B8F-6B0555D591A7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3255F302-F335-4F73-869F-00FB5825653E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{33EA5C7C-BFC3-4920-B89C-77692EB3A3B4}" = protocol=17 | dir=in | app=d:\games\war thunder\launcher.exe |
"{340934B8-B401-40B4-9D60-1FF8DB479BF3}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{347E0997-7374-417C-92E2-CF95105756B2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B34FED2-41A0-4F50-9C93-4735340A69BA}" = protocol=6 | dir=in | app=d:\games\origin\medal of honor warfighter\mohw.exe |
"{3C0A4239-2E75-4FCD-BD1D-A2BCCE041FFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D699124-0600-4E48-9B79-3E546300C4EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3F32F2EE-3A4A-42DA-9CE8-679D4E70B4EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{46C8B5BC-680C-4757-83D1-4D350D88A8D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{46DC4BAC-8B87-4F02-8909-0DC3E7C34021}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A78D1F5-A2C0-43A5-853C-BA6FF363DC32}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"{4AD6F5FB-FCD1-4F8B-B5FB-EA821868C0AD}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4C7603B1-9964-4D25-B9F9-F6C1F5211DCF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C9754CF-7363-4194-BF5A-00B126AF2015}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4C9E2810-9798-469F-8233-9FC95237A99B}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4CBCF573-AA37-45E7-B242-69AD78981417}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E4D8251-F5B3-4558-9497-D5B8FE13EB3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{51690F5B-63CA-4337-B6FE-C3F1B4EF9217}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe |
"{5259AA1D-E4FD-4D59-837B-348EE99F971E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5790C904-6FCD-42B8-8C2C-1B9A2CCE7843}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{591ADC8A-8377-4FD3-8C20-61BE2C5305D6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5980A828-DAAD-4951-ADDB-E2AE9B02DA5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{604A163C-243E-4E1A-BC21-3A59D8F5DC14}" = protocol=17 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe |
"{609E5A8D-DAFD-42DC-B276-C06CFBBD0BB7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\wizardry online\launchpad.exe |
"{62907FDE-53A5-4FDD-9223-7A4E04D7F819}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6560731E-F99E-4187-81AB-80B9BDD4C427}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{68B71DB4-56E0-499F-8706-A6453ACC9E70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6F69C8BE-9E85-48E2-92A0-3BAECB574EED}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{709FA55E-334F-42CA-AEE3-7224854B16F4}" = protocol=17 | dir=in | app=d:\programme\office\office12\onenote.exe |
"{70CCC928-A738-4DA9-80AC-3B19A81AFF54}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{70EFC577-9D7E-4CC5-9238-2FDF466CFC3C}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe |
"{7341C1B1-6300-4DBB-B473-7FE8D3518B91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7406EF1A-0E13-42C0-B850-1E718BA8D48A}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{76FE9D3C-E170-44D9-B66D-769872AD82F2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{7883D461-CD02-437C-A684-C67D00418C22}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcry.exe |
"{78948318-CCCB-4FE8-9BE1-5C8EB91BBC6C}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{79125FB6-23DC-47C0-8083-15F3344D4FF9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7A9C004D-BF94-4065-8C8E-1472C669667F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{7B0D3B0E-FDB1-4D91-8D49-470EF34527E2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{7B11D626-912B-464E-ADCC-8D055258FBAF}" = protocol=6 | dir=out | app=system |
"{7B695F0A-6198-4984-ADF3-78AC49FB67F9}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\dota 2 beta\dota.exe |
"{7BA16E5C-03B6-4935-A277-061CD684381A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{7D3BD138-4009-4F3C-9D92-BEE5F33C728E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{805D25FC-A103-4EF8-A95C-12A3D03A551E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{83569159-0B41-4B55-BB71-26B51481B2A7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 3\arma3.exe |
"{84D98702-4DD3-4835-8464-DCF04ED96EF5}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{869E510D-68D1-4533-B335-644D4D584968}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{8827CBB5-7F85-4F59-B937-93DDFA93FBBC}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{888F8EA9-FBA7-4501-8533-BBCFA1B98AA0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{8C0FD2A4-3852-40CC-9E75-549AF70201A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DCFA55D-3FDC-45DB-887C-DAB27CCF0799}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8F5A92CF-2342-43E8-9649-DE117A41BFB0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{95C30667-F52D-4563-9443-0354B97AF1D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9899D79E-B136-4FB7-90A7-9A06736D003C}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe |
"{989CC5BA-FD37-4E01-BFC5-CC4058727557}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{9C8AE510-D35E-4AC2-BF91-0F771DBE7A05}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{9EBB6057-C68A-4EC6-8980-A821431CCF15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9ED39546-6868-42AD-A0EB-A4AF0E95F02D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0AED8CF-AE83-4AAE-BB80-CEAF761B5DBD}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{A195085D-14CC-44D6-98CC-85FE7F363827}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{A22C1A57-B0B1-41E0-A636-3121AB5FE830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{A87401CF-92B5-48D2-9794-622ACBA96B45}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{A94AC001-597D-4F71-97AF-4067FE063D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA30F0E3-3B6A-47AC-99EA-4CCCA0ED86EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ADD8D4A0-8B03-4C8E-BEDC-A7E8F231EA15}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{B042D632-0DC0-45D9-B936-E56E90086B3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{B181CD6D-3A39-4E81-B8CD-6B2AD53B737C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1BB5B68-C81E-4D57-B601-2313836E2219}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcry.exe |
"{B3945A90-1DEE-4ACE-90D8-0C8535414BBE}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B8A0D432-AC3D-4FA5-9F8C-078055687C1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B8BA06D7-4680-4375-AD61-530140B4F48B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98ED117-50CD-4611-A794-AA35BF3BB86E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BB8BD99F-D3FC-42A5-8F8F-B82F58F8670F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C2BD68FF-4A58-4DE0-8033-E2029C157A03}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{C4F111E3-EA4B-4A7C-8C76-0BE316ECBBA7}" = protocol=6 | dir=in | app=d:\games\origin\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{C6A29DA0-4E7A-4C8E-9564-8A57BB14FFD7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\dota 2 beta\dota.exe |
"{CF10CC33-54AB-4F4C-B754-658F52CF3A9D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\wizardry online\launchpad.exe |
"{CFD8D937-7995-4AB1-896B-2DBE95A7F70E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D042CA01-0B45-433B-AA7D-A60BFADA6C51}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D2D6408E-C100-4590-8328-E454842903F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D32821DC-A66D-405B-8581-AA9D8859204D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D32B776C-0B48-4E66-B10D-E23095221981}" = protocol=6 | dir=in | app=d:\games\war thunder\launcher.exe |
"{D4822403-282D-46BC-95AF-B749677A0D38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5BB8623-933C-4C0B-AA02-CDF07D17225B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D77D9C86-5900-415E-8FF0-2B398BAD6F7D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{D7B0299E-16E0-40FC-B7D3-E9FB1540CFDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC100BA-52BC-4134-A68F-17CD04CBAB48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC35CA98-AA30-4618-8E49-A768E3F072EC}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{DCB10DC2-4D3D-4663-9DDB-C725C619B98A}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{E152BFF1-43D7-495D-A6A2-3F65A9A55854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E1DCB092-0354-4E27-90DE-0E2718D7BBBA}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe |
"{E327ADE7-EDA0-418C-BE8E-B02FCED04610}" = protocol=6 | dir=in | app=d:\programme\office\office12\onenote.exe |
"{E41ACDD1-BF43-4715-A1B5-C8E7D8A40A3F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{EBC3EDC5-E752-40E9-87B3-4BF195EA78EE}" = protocol=6 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe |
"{EBDBD909-D2C1-47B6-8F55-A1D25181F35D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{ED356030-1A84-4F79-9E7D-626A0135D251}" = protocol=17 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{ED6C1DFF-DC2F-4B07-904C-3090094FCBC5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage64.exe |
"{EE21F8D0-84EA-4701-BEB5-DC61ED44632D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F1AA4D79-0D2B-414C-BCD3-D14D91EB4431}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F2181DDF-C807-4B68-92F4-DAB7C7A81EEC}" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe |
"{F252CE16-7C75-4159-A0AA-C0F71CBD2DF1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F29E828D-6442-4414-B1CF-8BFCAB6E09B6}" = protocol=17 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{F4FCD231-5B2A-4B1B-AAD1-3A1D330A3785}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F52A9B9B-1D56-4DAC-AD75-BD06BF0C9843}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{F65DE787-5289-41A2-B385-C6611B24FA41}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F818CF42-468D-4034-8C60-9D8DF00811D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8A3CA81-D67C-48A0-B7CA-9D0AFDD525D6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F9195EFC-7D31-4D4C-B922-692467643BF0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FA221C83-D668-4248-92CF-B9BC8403B78D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC08662A-4363-44F1-9F9B-B8C4F60831A5}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{FC092C14-2657-43E3-89BA-3545F8F20900}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FD148834-18B4-4246-BF83-3A224EB81CC2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 3\arma3.exe |
"{FD416E9E-F4B1-4905-9D74-3C7B7F2EDAAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{082CD911-FBF4-4C84-8D7C-73115E0793A1}D:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{099D9F73-301C-46FF-BCEC-B3ADA8E84419}D:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{0D518785-F6A4-4DD5-81E2-0E22099BB299}C:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe |
"TCP Query User{0FB65CB5-3758-4C8E-AF9A-04314EB70AB6}D:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=d:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{172F918F-DC09-4BE5-BD3A-4C6C49EDA364}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{2CD92DCC-2269-4716-8768-AAFCC9A5FC3F}C:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe |
"TCP Query User{48E53D2C-6DDC-429C-AAB3-5C040E0C5D07}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{5757993B-783F-410F-9B89-5E895F2F275E}C:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe |
"TCP Query User{5B4CBC1E-C6E0-4746-98AA-3CC833CEE418}C:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe |
"TCP Query User{74DDA053-B892-4AB2-8DBC-B9B67D9BAC42}C:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe |
"TCP Query User{7888156D-25FD-4B94-B256-4A4C381D217E}C:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe |
"TCP Query User{881EDCC7-9CBB-4E7D-9C32-5F928013BB25}C:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe |
"TCP Query User{95FBD64F-91E7-4DCF-8704-643819A42786}C:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe |
"TCP Query User{9CB6DE42-5E11-4BEA-9047-0840C7E1D1D1}C:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe |
"TCP Query User{AA33B268-E66B-4D6E-B53D-3DD6337102B3}C:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe |
"TCP Query User{C117E5F2-5A1C-4850-8C97-8CE991E54DC3}C:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe |
"TCP Query User{C8147BB4-7894-4862-AB87-41D80662D929}D:\games\war thunder\aces.exe" = protocol=6 | dir=in | app=d:\games\war thunder\aces.exe |
"TCP Query User{C922D66B-84A3-4503-BB45-B73EFDED30FD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{D8912882-1722-4333-A61A-B9547C0E2ED3}D:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=d:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{DB2C3636-7907-40CA-98D9-2203E7C60944}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EE486681-5A12-4F1D-947A-DE0EC4E4E42A}C:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe |
"TCP Query User{EFEB48BC-07B5-4BE4-886C-56AF5AF6498D}D:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{0065D955-B019-4120-A0B2-1C3FEACC71A7}C:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe |
"UDP Query User{08EA9633-DCAA-4632-9ED2-C0BFBE51D5B5}C:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe |
"UDP Query User{2021D5FD-7FD6-4333-B78D-9391EE20AF46}C:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe |
"UDP Query User{32F2A253-2D3E-46B9-8B2E-CE103E40B0D9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5084E3C6-A4DA-48DE-80CC-1B162A0CB1D1}D:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{52D0A057-5B77-48FC-8B5B-8163424D2F1A}C:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe |
"UDP Query User{5FF7245E-2513-4FA5-9C7D-5C45ADE4AEA2}D:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{853F238D-CE12-4451-AB53-489DCA2E4F01}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{8DBD12A4-8BF2-4879-82DB-05390E6B6379}C:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe |
"UDP Query User{8F5F40B7-FE91-4C13-8DE2-EF9CE488C364}C:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe |
"UDP Query User{95B8CE1B-E9AF-4CCD-BE7E-CCC0ED303A48}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A816A74C-4582-4942-BE29-97EFFC1A8276}C:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe |
"UDP Query User{C8577BA3-03A9-4803-832B-9948531A4D60}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{C9BAC025-8BB3-4067-8C30-62729E36B824}D:\games\war thunder\aces.exe" = protocol=17 | dir=in | app=d:\games\war thunder\aces.exe |
"UDP Query User{CC07368B-401A-474A-89FE-30388813A58D}D:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{CF3E7577-B28F-42BE-909C-9844B293718E}C:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe |
"UDP Query User{DD2DF991-77FE-4918-88AD-A55B7E503EAB}C:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe |
"UDP Query User{DDD08D17-41D0-480B-91E1-003F70E9AC15}C:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe |
"UDP Query User{E4D65447-B454-44F2-A27A-2E024A44BA52}C:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe |
"UDP Query User{ED750450-18E0-48C8-8C73-18189B0D294C}C:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe |
"UDP Query User{F5BE8624-FCBE-41E1-959A-D2410DF08A19}D:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=d:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{F5CBA0C5-DFDC-4B2D-A24B-E1AAE7A45DDA}D:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=d:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02454664-23E6-46B3-9CB3-30870AE3645E}" = Crysis®3 MP Open Beta
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790412BB-B6CE-459B-9E17-7DA7C20FC98C}" = DayZ Commander
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1F04430-DC1A-4CF1-B004-46EC264AE840}" = Delta
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DC-Bass Source" = DC-Bass Source 1.3.0
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressRip" = Express Rip
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"LAME_is1" = LAME v3.99.3 (for Windows)
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 107410" = Arma 3 Alpha
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 13520" = Far Cry
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220240" = Far Cry® 3
"Steam App 221360" = Wizardry Online
"Steam App 230410" = Warframe
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 500" = Left 4 Dead
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9200" = RAGE
"Tomb Raider_is1" = Tomb Raider
"VLC media player" = VLC media player 2.0.3
"vsfilter_is1" = DirectVobSub 2.40.4209
"Wajam" = Wajam
"WinPcapInst" = WinPcap 4.1.2
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTKaraoke@DacSoft.org" = Tube Karaoke
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Dropbox" = Dropbox
"DSite" = Update for Codec Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2013 07:51:30 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 17.05.2013 07:51:30 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 17.05.2013 07:51:54 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 18.05.2013 18:28:16 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Borderlands2.exe, Version: 1.0.60.324,
Zeitstempel: 0x51428def Name des fehlerhaften Moduls: Borderlands2.exe, Version:
1.0.60.324, Zeitstempel: 0x51428def Ausnahmecode: 0xc0000005 Fehleroffset: 0x002019e5
ID
des fehlerhaften Prozesses: 0x91c Startzeit der fehlerhaften Anwendung: 0x01ce5416bb883834
Pfad
der fehlerhaften Anwendung: D:\Programme\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Pfad
des fehlerhaften Moduls: D:\Programme\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Berichtskennung:
3b635211-c00a-11e2-a745-1c6f653dfe01
Error - 19.05.2013 22:13:59 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 19.05.2013 22:14:25 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 09:43:38 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 09:43:39 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 19:15:30 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01ce55afd2107d59 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx Berichtskennung:
29a0ab6e-c1a3-11e2-9e3a-1c6f653dfe01
Error - 20.05.2013 19:15:40 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1428 Startzeit der fehlerhaften Anwendung: 0x01ce55afdcd5c209 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx Berichtskennung:
2f439f8e-c1a3-11e2-9e3a-1c6f653dfe01
[ System Events ]
Error - 20.05.2013 12:53:12 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.05.2013 12:56:48 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.05.2013 20:48:13 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 21.05.2013 10:33:00 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 21.05.2013 16:02:35 | Computer Name = Albert-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.05.2013 16:32:58 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 22.05.2013 08:42:02 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 22.05.2013 20:51:16 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.05.2013 12:53:17 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.05.2013 16:22:08 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
|
|
24.05.2013, 14:24
| #4 |
| | Lösung: Problem mit Maleware Also es ist aufjedenfall einiges an Werbemüll und Toolbars zu sehen, für eine genauere analyse wird sich dann jemand vom helferteam hier melden und dir helfen  mfg HardStylerx3 |
|
24.05.2013, 14:35
| #5 |
| | Wie Problem mit Maleware Trotzdem danke ich dir. |
|
24.05.2013, 14:45
| #6 |
| | Wo Problem mit Maleware Lösung! kein problem  |
|
| Themen zu Problem mit Maleware |
| anleitung, bösartiger, einfach, erstelle, erstellen, extras.txt, forum, gefunde, geholfen, gmer, leitung, maleware, poste, posten, problem, tagen |
Problem mit Maleware
Linear-Darstellung
