| |
| |||||||
Log-Analyse und Auswertung: Pc ist langsamer geworden ... hier ein paar LogsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.06.2013, 14:39
| #1 |
| |  Pc ist langsamer geworden ... hier ein paar Logs Mein Problem liegt darin, dass sich die Leistung des Computers verschlechtert hat (vor allem die Verbindung mit dem Internet). Aus dem Grund habe ich ein bisschen gegoogelt und bin auf dieses Forum gestoßen. Ein User half einen anderen User schon einmal mit ein paar Tipps. Diese bin ich selber durchgegangen und nun wollte ich euch die Loggs dazu schicken. ADWCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 15:14:02 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IB Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5368c8dbc6db845
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cgeix5sb.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5528 octets] - [14/06/2013 15:14:02]
########## EOF - C:\AdwCleaner[S1].txt - [5588 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.06.2013 15:16:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,34% Memory free 15,92 Gb Paging File | 14,17 Gb Available in Paging File | 88,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 285,31 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 15:16:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe PRC - [2013.05.24 16:58:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.02 11:53:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.25 17:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.25 17:13:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.21 02:31:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 16:58:48 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.10.22 10:44:04 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.24 16:58:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.18 11:33:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.23 14:48:24 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.25 17:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.25 17:13:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2013.02.21 02:31:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.17 12:39:34 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.25 17:13:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.25 17:13:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.25 17:13:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.06 23:27:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.18 19:02:15 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.12.18 19:02:06 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2012.12.18 19:02:06 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2012.12.17 12:39:26 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.10.22 12:09:58 | 002,206,864 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.08.31 14:55:52 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.06 11:29:18 | 000,025,680 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ntcdrdrv.sys -- (ntcdrdrv) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.01.16 19:24:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013.01.16 19:21:14 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2013.01.16 19:20:59 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.findrsearch.com IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 BA DF 99 00 F4 CD 01 [binary data] IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-845884965-989321068-2959287550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://pbe.leagueoflegends.com/en/signup/index" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "152.26.53.5" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.05.24 17:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\Profiles\cgeix5sb.default\extensions [2013.05.09 23:31:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\cgeix5sb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 16:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 16:58:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-845884965-989321068-2959287550-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E9463ED-1D67-40CF-8288-F6F2A0413F2E}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC56843F-9FEE-409C-BE97-6FBC9D6E006E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 15:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.14 15:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.14 15:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.10 16:18:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.10 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2013.06.10 14:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI [2013.06.04 07:23:45 | 000,000,000 | ---D | C] -- C:\Malwarebytes [2013.05.24 16:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.17 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.05.17 14:01:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PDAppFlex [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 15:19:12 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 15:19:12 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 15:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 15:15:08 | 2117,787,647 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 15:10:07 | 000,648,201 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.06.14 15:09:54 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.14 14:42:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.14 14:42:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.14 14:42:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.14 14:42:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.14 14:42:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.14 14:35:29 | 000,038,331 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.06.12 23:42:00 | 000,000,222 | ---- | M] () -- C:\Users\*****\Desktop\Marvel Heroes.url [2013.06.10 16:29:13 | 000,001,360 | ---- | M] () -- C:\Users\*****\Desktop\kaiba_pc.lnk [2013.06.10 16:29:08 | 000,001,346 | ---- | M] () -- C:\Users\*****\Desktop\joey_pc.lnk [2013.06.10 16:10:54 | 000,001,346 | ---- | M] () -- C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk [2013.06.06 14:43:34 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.05.19 10:04:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 12:53:32 | 002,183,120 | ---- | M] () -- C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav [2013.05.16 14:09:26 | 000,000,903 | ---- | M] () -- C:\Users\*****\Desktop\ePSXe.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.14 15:10:06 | 000,648,201 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.06.14 15:09:54 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.14 15:09:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.14 14:35:29 | 000,038,331 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.06.12 23:42:00 | 000,000,222 | ---- | C] () -- C:\Users\*****\Desktop\Marvel Heroes.url [2013.06.10 16:29:13 | 000,001,360 | ---- | C] () -- C:\Users\*****\Desktop\kaiba_pc.lnk [2013.06.10 16:29:08 | 000,001,346 | ---- | C] () -- C:\Users\*****\Desktop\joey_pc.lnk [2013.06.10 16:10:54 | 000,001,346 | ---- | C] () -- C:\Users\*****\Desktop\Yugi_PC - Verknüpfung.lnk [2013.05.18 12:53:19 | 002,183,120 | ---- | C] () -- C:\Users\*****\ts3_recording_13_05_18_12_53_18.wav [2013.05.16 14:09:26 | 000,000,903 | ---- | C] () -- C:\Users\*****\Desktop\ePSXe.lnk [2013.05.06 02:21:10 | 000,000,052 | ---- | C] () -- C:\Users\*****\.gtk-bookmarks [2013.05.06 01:19:03 | 000,000,059 | ---- | C] () -- C:\Users\*****\.goutputstream-FHEUWW [2013.04.19 16:10:35 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.30 07:07:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.03.30 07:07:23 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.03.30 07:07:23 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.03.30 07:07:22 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.03.29 11:52:38 | 000,001,490 | ---- | C] () -- C:\Users\*****\AppData\Local\RecConfig.xml [2013.03.07 00:55:31 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.06 15:40:02 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.03.06 14:25:00 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.03.06 14:25:00 | 000,003,436 | ---- | C] () -- C:\Windows\unins000.dat [2013.03.03 20:05:03 | 000,002,207 | ---- | C] () -- C:\Windows\cmudaxp.ini [2013.03.03 18:51:22 | 000,005,298 | ---- | C] () -- C:\Windows\Cmudau.ini [2013.01.18 15:13:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.18 15:13:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.18 15:06:05 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.16 19:21:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.01.16 19:07:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.01.16 18:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.27 22:32:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2013.06.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2013.05.10 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\avidemux [2013.06.13 19:26:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Awesomium [2013.04.02 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Boilsoft [2013.01.26 01:07:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2013.04.06 07:11:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.21 11:16:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2013.03.24 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2013.02.21 02:22:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2013.02.01 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GoforFiles [2013.03.23 02:04:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit [2013.01.17 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient [2013.02.15 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Minecraft Version Changer [2013.03.30 06:51:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mkvtoolnix [2013.01.17 18:06:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2013.05.17 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PDAppFlex [2013.03.08 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers [2013.03.23 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony [2013.03.30 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony Creative Software Inc [2013.05.17 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.27 22:21:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2013.02.25 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TechSmith [2013.06.14 14:27:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2013.06.13 19:23:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tunngle [2013.03.26 06:40:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Waterfox Limited [2013.04.02 08:33:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 15:16:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,34% Memory free
15,92 Gb Paging File | 14,17 Gb Available in Paging File | 88,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 285,31 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-845884965-989321068-2959287550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F56290-4EC3-40D9-93BA-C280A9D247B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A72BFD9-4C5B-4E86-BA16-DE1234BC2B0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26F7ED5C-BB1D-46DF-988D-ECB6A436A661}" = lport=138 | protocol=17 | dir=in | app=system |
"{2B65B5C3-8E65-48A1-80C7-9BE499531AEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30A5B462-083A-450E-B332-B70C232BF586}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BB963CB-3429-44E3-861F-80DDAF0B5250}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{462F2EAF-DB69-4FE0-BECC-DB702F41FC4E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{4C691E83-6905-48D1-B37D-D27645545975}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F06B8E1-EE0A-4722-B6E1-EBEB6BDB81B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66D9B915-C64B-41E4-BE98-96B60FB96558}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AD555E2-5C59-4C56-8ABA-F8CAB1747F70}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BBB47DA-D96F-4C6F-B041-325228589663}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CDAC754-C9F7-4F56-9D8C-FC18B70045AE}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{82EBA9A3-405A-487C-B245-7ED076FEA822}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8E5FB420-C42D-40A9-8E99-50DC41EA376C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F8B8115-F052-4594-9C50-D65E9DD9D985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95A076B2-4C36-422B-8CAA-22EEAEB1E2E2}" = lport=25565 | protocol=6 | dir=in | name=minecraft server |
"{9EDC7A32-A24E-474E-A075-E7C8FC295EED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2D89F2F-28D8-44B8-B6D3-CBE7D149C157}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC1A1133-93F1-4B86-9561-98128425FC42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDEAD212-322B-48B6-8911-7A7F7A12A833}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{BF470EAF-47D5-4F61-A5AF-EAF36E792F53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BFAEF716-FE6D-4AE7-8C92-DF35003B6CDB}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{C0F0C18D-1C24-49B0-9E4C-121CDE59AFA3}" = rport=139 | protocol=6 | dir=out | app=system |
"{D65372D8-0F9C-47BB-B551-3F2B162052E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA3D8CBC-9126-452F-A547-BAEF04BA8150}" = lport=137 | protocol=17 | dir=in | app=system |
"{E248D609-8CD9-479F-A473-2C93A39EFC13}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{EC851E21-B4B1-413C-849A-CCE810C83B92}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{F2590235-FF58-4332-A16C-90F45174C58A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FEA0349E-E955-47EE-9320-3AB9C752C89E}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF4CDBA2-8203-4CAA-B441-D17052C42C2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00516915-24E2-410E-ADE9-C8524F611E48}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{02A6C9A3-91B7-4257-AFE4-3642FDFF87C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{046E5F09-E2B2-4025-A90C-4B4BE3A1FAA5}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{05858180-A137-4365-A9A5-3612B9E50B28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{0771334B-34FE-4625-867A-6496BA38DC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{07CE5330-0234-4889-8CAF-AB932832587A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08900913-4186-4155-BD1D-3285CC46EAD0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0898BD49-EB38-4A59-AAFD-C8500B01C1A9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0C4C2B55-C2C0-4D6F-A0B5-8BB48742CF47}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0D185F8D-C403-4688-8AD9-DB2BC1770936}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{0D4BE042-181F-4342-A208-70596B1F716E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0F071063-5EB6-4966-9DC0-AF8411432504}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{11136AC3-18D2-484A-9A8F-D2B2C2E8AA13}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 3\deadspace3.exe |
"{133EA1B2-8EC9-4D90-BFA0-9AA9056BFDF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14618850-B2B9-41C9-BBBA-4293B67CBD09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{16730E1E-AF79-40CE-A91A-A91C6788EB55}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{173E0028-4ED9-48FC-8F61-431866D9E50A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{18C3CC80-E98A-4961-B68C-BE7961A25DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1EE91103-272A-4B6C-8C36-8EB019673293}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2139E31C-89CD-4075-BD33-267730FC384E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{23B16B63-77E0-41F6-AFA3-FB7FCD7FE628}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{24EC2133-FDCB-4CEE-BB65-4D659F94CDF3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{25FBE8F8-EBDA-4154-B37B-C67C6E1E09EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{27F358F9-F7E4-4F39-9C99-E45F1BBE02F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2962F9FF-72D6-4A24-BADB-5087288D901E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2A754D67-7F7C-418C-8F74-79A53D1E2C9B}" = protocol=6 | dir=out | app=system |
"{2C7B7370-45BD-48DA-AC79-519F1409CDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{2D11477F-D18E-4A13-B5B6-81D295EE0E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{30B9CCCA-F3FD-42EE-ABAA-D2FC06307520}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33CA4455-D159-4227-8096-CF06D68D16BD}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{3941E53C-D8D5-4FCA-A272-37CE1EC3CCCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{39F5831B-BB71-4F11-A502-20F1937C16FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{3B48066B-30AC-496B-9726-EB6995ED3CE7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3BFAC11B-4D88-4ABC-8DEC-D39FECCE8D7C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D91747D-C383-4F7A-B766-9B6A3B504F12}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{3F369A79-BD82-44E4-8DF6-7B4F6D5D636F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FC1FCC5-BE75-4033-8DA2-3D31C8C78155}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{42FF0ECA-BDD4-4156-A28B-74991FC4A5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{436F7425-8856-475A-82F3-64D3EC3EB168}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{43D8A3D1-153A-4678-8C44-ED8064D98E53}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{44824B33-D1FC-4605-982F-DD5AB72E3989}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{452EFA12-DF9D-472A-9489-B4D6D1B94AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48AFF614-402F-42A2-AE9D-464A5942331B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AA890C6-1459-4C56-A5BF-02956BEC7A82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4B8002C6-7FC4-4E67-A5D0-1BA020C3F85F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4BA3E87B-EB7E-4A13-9033-C72B2E214FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{4CF62D67-CC28-4C38-A350-E0A7791CE4F0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4E4A11C5-28A4-428B-8992-16CBA76AF201}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5492C4F9-B703-432B-A1B3-F01D0B56E77E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5AC7A6D1-7B80-44E0-85C6-85CA825E47FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5D132145-9936-4431-9798-A4D61F0842E9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{5DB51735-1987-4ACF-BB14-23A912CFAC03}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe |
"{65D5A4D8-7280-4D97-AA3D-048CCF7F9475}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{66124D16-D65F-4E93-9433-55A8EC0677F9}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"{68307A9D-E3FB-40F1-B34B-1ECD9D8E956D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6935C97C-891D-460C-AA78-23ED5F58A8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 3\deadspace3.exe |
"{6B9A2724-C702-4E07-A639-E25BDAD69A9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6D7C9FF7-9D37-4C06-B9DD-C243C7319C44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{6EB0B53C-2C6C-4F44-BBC7-62852AF0ECD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{71E04E78-74DF-4218-9B99-8AB424E3D6C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7252D71A-C04C-4F9A-8F7C-916EBDE622EA}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{726ADEBD-BDEF-47A0-80AD-4B4A94C67BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{74D80ABC-A014-4A96-9148-212F27D70167}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{74DD9C23-59BF-4642-AAC4-C79D0DD88961}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BE29959-1878-46DF-94AD-C114215C0380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{80B3EE65-003E-4D04-90A0-892E8AD8E942}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{81325630-3A4E-4851-81B0-40E5F871C1A4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{853A44A6-4058-4890-9230-6FDAF56165EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{87F9ADE8-92DC-45FC-AB64-CE3C2BEF53DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{8B10C662-A11E-4394-8A13-C32A599116DF}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"{8EC11256-7936-45B5-B643-AFAB5BAB04CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{8FF7FEF6-1084-4DDC-9F57-DCE9E10763B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91D3FF45-907C-4291-9F54-DF213D9B29FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{91FC92F1-A3B4-4947-8E39-B1F7EBC6D28C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{92E96CC0-1DB1-4809-B559-B4D5668D0D46}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{981CB0ED-0018-48C3-BF00-B7F85179CE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{9BE1422A-7B74-4172-AF86-EE34E4D4BB19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{9E9277B1-344A-4C3F-B721-0E34825F7C54}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{A0B66F93-9984-4E7C-B392-40F1B208F019}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{A0CB7C81-EE3D-4A84-BEF5-5200B88AF58B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{A25E2A26-72AA-46C9-96E8-A879F975D36A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2873088-9936-4F05-AAE4-FBC0BDD2031E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{A348C0D2-0C45-4E85-A936-8AF895D8EA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{AAEBA4D9-5B01-404F-9462-84E039D3B91B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{ADF41889-9F05-4BBE-8A24-651CB7E8440D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{B34586DA-0A60-4EE8-BCDE-2E10E25FD040}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{B471647E-06EF-454B-A4BC-F1ABE5D7197F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD1D69FF-5176-443B-86CA-9817FE281D3D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C1BFFB5D-6ED4-4B14-B64B-8BC7641D9B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C457F4DC-FAA8-46AD-8E60-7E5DF1EDB65C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{C4C3B9B4-8432-4F3E-BAF9-A7B624161338}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{CD7BE536-AAE0-4D9C-A0CA-37F0428CEE68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF794E08-B45B-45EF-9B72-D14F7333AA40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{D31743A5-52F9-45ED-988B-84F90E7B2357}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D62945F0-9523-43CD-BFE2-A2E6DC90D962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7ED3652-920A-46BB-9BD8-5A5DE4BBB161}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D8AA26C6-5005-43AF-8793-EE39F2D3A87F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D9662943-A50D-4A75-8649-E827BB0AA83D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{D9F43C3C-4DF9-42CB-A6C3-62FBCA4787BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{DC1604FF-9C13-4FFC-AFF7-8B0541A35227}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DD5BA3BF-AC54-4DFA-82EF-C48490B34AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{DDB3CBE7-0112-435A-9F73-F1C3FF574D40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{DDED050D-F3DF-4127-93D7-69A19297DBFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E10D9F0F-A6EB-45C4-9A63-3C42AA25BEB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E2010418-A7FC-4624-AC2E-5D036C045BA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{E760BF1E-103C-4F62-881A-DD46266C8812}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{E7F09D40-B1AB-41BD-BAE4-73808DFD130A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E8B7AA8A-D03B-4CF5-B932-5147C3BC08CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{E95E3179-9BEF-4B29-949B-140FA4538EEA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EFB2F8A4-58A2-464D-819A-848E31108819}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EFB33C12-B733-4FCE-A368-77BAC7D6C852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F227A393-2FF6-47EE-A51E-1976865BE004}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{F3A4F93F-1EA6-41E5-BCC7-F36C787ACF13}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{F743A647-1CC2-4D77-ABD9-D006F687E830}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{F8CEC0EB-D7C9-4C44-AC52-D6F79BD3447A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDDAE7E8-CCB4-44D7-A67C-73F142CC00EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{FED5E058-E51A-4F2D-B843-750652DA8759}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{303DA8B1-7C95-4024-977D-7E248C498D2C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{362DAA8E-B83B-4DA9-B3DF-43B095674FC5}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{3C4C7C9C-20B4-415D-B596-3B0822345E41}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{5BC68D7D-BA5A-4F6B-A484-5FB85AC01E82}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe |
"TCP Query User{71B7C81F-99D4-4BB4-AC11-2951D153E529}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{B980F301-AEB9-4F8E-8037-66E7F76E6D3A}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{BE728ADB-1ABC-4EA1-B9B7-9F00FD9C0C4C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{CD7FD80A-4F9C-496E-867D-51D3DB77F620}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{D7C6A3CE-C760-4312-8736-81CACFC65FF3}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{F01DDF02-9279-44DA-AD7A-C9CC8A9E9EB4}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"TCP Query User{F065294F-DC58-4F23-BFDE-1621E391E8D4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0FB0B5A1-207B-41B4-BC12-6461928E591C}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{177DF58B-F762-4B2C-9A6C-DCA6E373B118}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe |
"UDP Query User{26F073EC-87C2-44F1-8FB8-83490BDF8419}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{5B1833E9-A0D0-46EE-8F84-567D0FF1D8B0}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{AD7BEA3F-E730-472B-B1D3-F1067DB0C828}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D323A88F-B54E-4E97-9133-84F50E61B354}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{D90D46C3-3610-430F-A3DA-9E6E42E9DE74}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{DADBFF4E-8C11-40EF-94A1-49E87D88692B}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{E27B3AE8-F5D7-4EAC-9154-D6F33DEFE1CC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F178F074-2871-4CEF-93C4-6228D387E314}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{FD3FAF36-23C8-413D-9C31-139BD25602A2}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}" = AMD Catalyst Install Manager
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{E74DBCA2-F0BC-929D-0504-87E97079EB4A}" = AMD Drag and Drop Transcoding
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.15.4
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{385C8E5A-0B4F-4DCD-BBBD-2A8AE0400A76}" = TP-LINK Wireless Client Utility
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C6B0FBD0-067F-5ED3-B4C1-BC61284A1079}" = Catalyst Control Center InstallProxy
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EB99ED57-FF42-4272-8EDA-E367DFF29596}" = Audials
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aliens: Colonial Marines_is1" = Aliens: Colonial Marines
"APOFIG GUI_is1" = APOFIG GUI by enable v1.00 [01 July 2010]
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BioShock Infinite_is1" = BioShock Infinite
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory 2.0.104
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Generic USB Sound" = Speed Link
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MKVToolNix" = MKVToolNix 6.1.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1" = Dead Island Riptide (c) Deep Silver version 1
"StarCraft II" = StarCraft II
"Steam App 109400" = MicroVolts
"Steam App 202352" = Steam Trading Card Beta Access
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 226320" = Marvel Heroes
"Steam App 230410" = Warframe
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 630" = Alien Swarm
"Steam App 6370" = Bloodline Champions
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack
"Tomb Raider_is1" = Tomb Raider
"Tunngle beta_is1" = Tunngle beta
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uplay" = Uplay
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.06.2013 12:46:30 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm INSTALL.EXE, Version 9.0.0.76 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c5c Startzeit:
01ce6530c41983e9 Endzeit: 4 Anwendungspfad: C:\Users\*****\Downloads\Jdownloader\INSTALL.EXE
Berichts-ID:
2159ecc1-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:18 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0xfd4 Startzeit der fehlerhaften Anwendung: 0x01ce653101061c48 Pfad der fehlerhaften
Anwendung: C:\Users\*****\AppData\Local\Temp\Rar$EXa0.717\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\AppData\Local\Temp\Rar$EXa0.717\joey_pc.exe Berichtskennung:
3ec7026d-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0x13ac Startzeit der fehlerhaften Anwendung: 0x01ce65310c70f234 Pfad der fehlerhaften
Anwendung: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Berichtskennung: 4a2ccf36-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 12:47:50 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000024c2 ID des fehlerhaften Prozesses:
0x11c8 Startzeit der fehlerhaften Anwendung: 0x01ce653113f4461d Pfad der fehlerhaften
Anwendung: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Pfad des fehlerhaften
Moduls: C:\Users\*****\Downloads\Jdownloader\joey_pc.exe Berichtskennung: 51b13494-d124-11e2-8a85-902b349a1177
Error - 09.06.2013 14:45:27 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm WORDPAD.EXE, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 154 Startzeit: 01ce65417c1dd3f1 Endzeit: 6 Anwendungspfad: C:\Program
Files\Windows NT\Accessories\WORDPAD.EXE Berichts-ID: befdd64a-d134-11e2-8a85-902b349a1177
Error - 10.06.2013 08:56:39 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12d0 Startzeit: 01ce65d9ed567cb9 Endzeit: 2 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 2f81362a-d1cd-11e2-84e1-902b349a1177
Error - 10.06.2013 09:00:07 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a74 Startzeit: 01ce65da68f38424 Endzeit: 2 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID:
ab06486c-d1cd-11e2-84e1-902b349a1177
Error - 11.06.2013 21:44:55 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: joey_pc.exe, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005e045 ID des fehlerhaften Prozesses:
0x1a8 Startzeit der fehlerhaften Anwendung: 0x01ce66f3393ed399 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh! Power of Chaos
JOEY THE PASSION\joey_pc.exe Berichtskennung: adfd282f-d301-11e2-8ae5-902b349a1177
Error - 11.06.2013 21:45:11 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm joey_pc.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a8 Startzeit:
01ce66f3393ed399 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\KONAMI\Yu-Gi-Oh!
Power of Chaos JOEY THE PASSION\joey_pc.exe Berichts-ID:
Error - 14.06.2013 04:47:58 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0x01ce68db30f4988b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
1cbc4c62-d4cf-11e2-97e8-902b349a1177
[ System Events ]
Error - 05.06.2013 14:02:25 | Computer Name = *****-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.06.2013 07:14:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.06.2013 07:14:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 07.06.2013 07:33:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.06.2013 07:33:07 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.06.2013 14:52:37 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 10.06.2013 10:25:08 | Computer Name = *****-PC | Source = DCOM | ID = 10001
Description =
Error - 13.06.2013 09:05:51 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
Error - 13.06.2013 16:25:58 | Computer Name = *****-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
< End of report >
Code:
ATTFilter Farbar Service Scanner Version: 31-05-2013 01
Ran by ****** (administrator) on 14-06-2013 at 15:36:07
Running from "C:\Users\******\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Hoffe das ich alles richtig gemacht habe. Danke für eure HILFE!  |
| Themen zu Pc ist langsamer geworden ... hier ein paar Logs |
| antivir, appdatalow, autorun, avira, battle.net, bho, black, browser, desktop, error, firefox, flash player, google, home, install.exe, internet, internet browser, internet explorer, launch, logfile, mozilla, msvcrt, plug-in, problem, registrierungsdatenbank, registry, scan, security, server, software, svchost.exe, teamspeak, usb sound, windows |
Baum-Darstellung