| Equinox501 | 24.05.2013 14:11 |
GMER Logfile: Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-24 15:06:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 Patriot_Warp_V2_64GB_SSD rev.02.10104 60,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Albert\AppData\Local\Temp\kgdiqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ed000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031ed02f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072bf1a22 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072bf1ad0 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072bf1b08 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072bf1bba 2 bytes [BF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2692] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072bf1bda 2 bytes [BF, 72]
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075fecfca 5 bytes JMP 0000000175094720
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Users\Albert\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1772:2116] 000007fef8c410c8
Thread C:\Windows\System32\spoolsv.exe [1772:2132] 000007fef8b96144
Thread C:\Windows\System32\spoolsv.exe [1772:2136] 000007fef8985fd0
Thread C:\Windows\System32\spoolsv.exe [1772:2140] 000007fef8c23438
Thread C:\Windows\System32\spoolsv.exe [1772:2144] 000007fef89863ec
Thread C:\Windows\System32\spoolsv.exe [1772:2168] 000007fef8f35e5c
Thread C:\Windows\system32\svchost.exe [1808:4132] 000007fef13b2888
Thread C:\Windows\system32\svchost.exe [1808:4180] 000007fef12c2940
Thread [1968:1996] 0000000077aa3e45
Thread [1968:2000] 0000000075e17587
Thread [1968:2012] 0000000077aa2e25
Thread [2824:2864] 0000000077aa3e45
Thread [2824:2868] 0000000075e17587
---- EOF - GMER 2.1 ----
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 24.05.2013 13:17:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 57,06% Memory free
16,00 Gb Paging File | 12,95 Gb Available in Paging File | 80,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,07 Gb Total Space | 11,09 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 315,76 Gb Free Space | 33,90% Space Free | Partition Type: NTFS
Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.24 12:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe
PRC - [2013.05.19 12:34:02 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe
PRC - [2013.05.17 23:44:41 | 000,047,392 | ---- | M] (Yontoo LLC) -- C:\Users\Albert\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.05.17 23:44:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.04.24 20:00:06 | 028,499,304 | ---- | M] (Dropbox, Inc.) -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.04.20 21:54:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.02.19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2013.01.29 00:35:26 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.25 05:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.24 12:15:54 | 000,013,600 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.05.20 18:51:15 | 000,145,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.05.19 12:34:32 | 000,021,272 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.05.19 12:34:28 | 000,025,368 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.05.19 12:34:28 | 000,019,736 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.05.19 12:34:22 | 000,051,480 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.05.19 12:34:22 | 000,013,592 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.05.19 12:34:20 | 000,111,896 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.05.19 12:34:18 | 000,044,312 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.05.19 12:34:16 | 000,078,104 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.05.19 12:34:16 | 000,016,152 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.05.19 12:34:12 | 000,057,112 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.05.19 12:34:12 | 000,018,712 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.05.19 12:34:08 | 000,032,024 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.05.19 12:34:08 | 000,012,568 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.05.19 12:34:06 | 000,014,104 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.05.19 12:34:06 | 000,013,592 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.05.19 12:34:04 | 001,688,856 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.05.19 12:34:04 | 000,192,792 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
MOD - [2013.05.19 12:34:04 | 000,081,176 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.05.19 12:34:02 | 000,657,688 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.05.19 12:33:12 | 000,047,384 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.05.19 12:33:00 | 000,025,368 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013.05.19 12:32:54 | 000,067,864 | ---- | M] () -- C:\Users\Albert\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2013.05.16 18:19:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 18:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.20 23:19:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.02.20 23:18:23 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.02.19 14:40:26 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.19 14:39:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.19 14:39:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.19 14:39:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.19 14:39:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.02.07 12:20:33 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
========== Services (SafeList) ==========
SRV - [2013.05.15 20:25:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.10 19:55:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.02 21:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013.04.20 21:54:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.29 00:35:26 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.25 05:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.03.21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013.01.29 00:35:26 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.09.25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.11 22:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.04.11 22:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_190513_lnkry&babsrc=SP_ss&mntrId=D4EF1C6F653DFE01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26
FF - prefs.js..extensions.enabledAddons: YTKaraoke%40DacSoft.org:1.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.07 12:56:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.07 12:56:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.05.02 21:21:44 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\YTKaraoke@DacSoft.org: C:\Program Files (x86)\YTKaraoke\FF\ [2013.05.24 12:15:43 | 000,000,000 | ---D | M]
[2013.05.21 01:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions
[2013.05.21 02:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\ssj0e6i8.default\Extensions
[2013.05.21 02:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.21 01:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 01:15:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.02 21:21:44 | 000,037,909 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\WAJAM\FIREFOX\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
[2013.05.24 12:15:43 | 000,000,000 | ---D | M] ("Tube Karaoke") -- C:\PROGRAM FILES (X86)\YTKARAOKE\FF
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Tube Karaoke) - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Program Files (x86)\YTKaraoke\ytkaraoke.dll (Dacotta SoftEngineering)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Albert\AppData\Local\Smartbar\Application\Delta.exe (Smartbar)
O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Albert\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC840841-8F75-422F-9815-409E7ACC1DF8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5491d3de-a763-11e2-93b8-1c6f653dfe01}\Shell - "" = AutoRun
O33 - MountPoints2\{5491d3de-a763-11e2-93b8-1c6f653dfe01}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{572ef886-6f01-11e2-b974-1c6f653dfe01}\Shell - "" = AutoRun
O33 - MountPoints2\{572ef886-6f01-11e2-b974-1c6f653dfe01}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{5d13129a-8729-11e2-9c2c-1c6f653dfe01}\Shell - "" = AutoRun
O33 - MountPoints2\{5d13129a-8729-11e2-9c2c-1c6f653dfe01}\Shell\AutoRun\command - "" = F:\raf-mll.exe
O33 - MountPoints2\{73d109f0-c0f5-11e2-a537-1c6f653dfe01}\Shell - "" = AutoRun
O33 - MountPoints2\{73d109f0-c0f5-11e2-a537-1c6f653dfe01}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{f40a56e8-c2dc-11e2-9c01-1c6f653dfe01}\Shell - "" = AutoRun
O33 - MountPoints2\{f40a56e8-c2dc-11e2-9c01-1c6f653dfe01}\Shell\AutoRun\command - "" = H:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.24 12:38:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe
[2013.05.24 12:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTKaraoke
[2013.05.21 01:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.21 01:10:44 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Downloaded Installations
[2013.05.21 01:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013.05.21 01:09:49 | 000,033,736 | ---- | C] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys
[2013.05.21 01:09:48 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.21 01:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013.05.20 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Smartbar
[2013.05.20 18:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.05.20 18:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.05.20 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.05.20 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.05.20 18:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.05.20 18:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.05.20 18:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.05.20 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
[2013.05.20 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2013.05.20 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\LavFilters
[2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2013.05.20 18:46:58 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\CDXReader
[2013.05.20 18:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx
[2013.05.20 18:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013.05.20 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.05.20 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.05.20 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.20 18:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.05.20 18:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSource Flash Video Splitter
[2013.05.20 18:46:05 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\BabSolution
[2013.05.20 18:45:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013.05.20 18:45:51 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\DSite
[2013.05.20 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013.05.20 18:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder
[2013.05.20 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Babylon
[2013.05.20 18:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.05.20 18:42:59 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Yontoo
[2013.05.20 18:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.05.20 18:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.20 18:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.05.20 15:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.20 04:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac
[2013.05.19 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\WarThunder
[2013.05.19 21:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.05.19 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013.05.17 12:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.05.17 12:46:15 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Programs
[2013.05.15 19:10:19 | 000,000,000 | ---D | C] -- C:\Users\Albert\Desktop\skse_1_06_13
[2013.05.15 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Nexus Mod Manager
[2013.05.15 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Black_Tree_Gaming
[2013.05.15 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013.05.15 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Skyrim
[2013.05.13 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Microsoft Games
[2013.05.08 18:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2013.05.08 18:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013.04.29 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.28 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Rockstar Games
[2013.04.28 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.28 23:16:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.04.28 22:54:15 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Rockstar Games
[2013.04.28 22:54:11 | 000,000,000 | RH-D | C] -- C:\Users\Albert\AppData\Roaming\SecuROM
[2013.04.28 22:54:10 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.28 22:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.04.28 22:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.04.28 22:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.04.26 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.04.26 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Dropbox
[2013.04.26 17:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.24 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Thunderbird
[2013.04.24 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Thunderbird
========== Files - Modified Within 30 Days ==========
[2013.05.24 12:45:02 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.05.24 12:43:40 | 000,000,000 | ---- | M] () -- C:\Users\Albert\defogger_reenable
[2013.05.24 12:43:11 | 000,377,856 | ---- | M] () -- C:\Users\Albert\Desktop\gmer_2.1.19163.exe
[2013.05.24 12:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe
[2013.05.24 12:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 12:22:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:22:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:21:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.24 12:21:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.24 12:21:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.24 12:21:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.24 12:21:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.24 12:15:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 12:15:25 | 2146,246,655 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 18:53:25 | 000,000,000 | ---- | M] () -- C:\END
[2013.05.21 01:16:04 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.20 18:46:26 | 000,001,992 | ---- | M] () -- C:\Windows\unins000.dat
[2013.05.20 18:46:07 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013.05.20 18:43:39 | 000,002,037 | ---- | M] () -- C:\Users\Albert\Desktop\JDownloader.lnk
[2013.05.20 15:21:07 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.05.20 04:14:31 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk
[2013.05.17 20:22:02 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.17 20:22:02 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.16 18:18:25 | 000,312,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 19:39:59 | 000,001,612 | ---- | M] () -- C:\Users\Albert\Desktop\Skyrim.lnk
[2013.05.15 18:49:59 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.05.14 14:56:21 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.30 20:07:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 20:07:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.28 22:54:10 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.26 23:07:09 | 000,001,051 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
========== Files Created - No Company Name ==========
[2013.05.24 12:43:40 | 000,000,000 | ---- | C] () -- C:\Users\Albert\defogger_reenable
[2013.05.24 12:43:11 | 000,377,856 | ---- | C] () -- C:\Users\Albert\Desktop\gmer_2.1.19163.exe
[2013.05.21 01:16:04 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.21 01:16:04 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.20 18:48:44 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.05.20 18:48:43 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.05.20 18:48:43 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.05.20 18:48:40 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.05.20 18:48:39 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.05.20 18:48:38 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.05.20 18:47:03 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.05.20 18:46:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.05.20 18:46:26 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.05.20 18:46:22 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013.05.20 18:46:20 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013.05.20 18:46:20 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2013.05.20 18:45:51 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.05.20 18:45:49 | 000,000,000 | ---- | C] () -- C:\END
[2013.05.20 18:43:39 | 000,002,037 | ---- | C] () -- C:\Users\Albert\Desktop\JDownloader.lnk
[2013.05.20 18:43:19 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.05.20 18:43:19 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.05.20 18:43:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.05.20 04:14:31 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk
[2013.05.20 04:14:31 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk
[2013.05.15 19:37:58 | 000,001,612 | ---- | C] () -- C:\Users\Albert\Desktop\Skyrim.lnk
[2013.05.15 18:49:59 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.05.10 17:37:46 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.30 20:07:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 20:07:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.26 23:07:09 | 000,001,051 | ---- | C] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 17:08:13 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.02.07 12:52:53 | 000,262,685 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013.02.07 12:52:53 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2013.02.04 23:23:52 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.04 23:23:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.19 18:34:06 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\.minecraft
[2013.02.04 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\AVG2013
[2013.05.20 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\BabSolution
[2013.05.20 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Babylon
[2013.05.20 18:47:12 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\CDXReader
[2013.05.24 12:16:01 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Dropbox
[2013.05.20 18:45:51 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\DSite
[2013.05.20 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\LavFilters
[2013.02.04 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Leadertech
[2013.05.20 18:37:35 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\LumacDaemon
[2013.02.17 16:47:20 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\MediaMonkey
[2013.02.05 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Origin
[2013.04.24 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Thunderbird
[2013.02.04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\TuneUp Software
[2013.05.16 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Wargaming.net
[2013.05.24 12:15:55 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\Yontoo
========== Purity Check ==========
< End of report >
--- --- ---
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 24.05.2013 12:39:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 54,96% Memory free
16,00 Gb Paging File | 12,67 Gb Available in Paging File | 79,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,07 Gb Total Space | 11,10 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 315,76 Gb Free Space | 33,90% Space Free | Partition Type: NTFS
Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D30FDE-B0FD-490E-BF26-110665F76CDB}" = lport=137 | protocol=17 | dir=in | app=system |
"{0FE2A3FC-E6A8-470B-93D7-3D1D8D1ABE0E}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{14BFD5CC-4FDD-40AE-B976-8AEBEE476184}" = lport=445 | protocol=6 | dir=in | app=system |
"{19C699F4-AC69-46E7-8F80-F2BB564F92C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CF6AF8D-2D39-459F-B6EB-C87C74DF991E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2397EFF4-B53E-48D6-9FDA-71500C277A2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{274BACB9-6FB9-479B-B69F-FA60B76925C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E1C31C1-DF38-4798-923A-32964BCA3729}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FEE32A7-232B-4BAB-B300-F5C6FCD31CEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3AA8072F-2D32-413D-B189-35AEAF95E092}" = lport=2869 | protocol=6 | dir=in | app=system |
"{469C3FDB-91F6-4CBE-80E4-F215EBA0EFE4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{501C88EB-6C3D-47F7-A7B4-50CE9F7AE031}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5784F026-061A-4B14-A4CD-29EAB53E9B3F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5FCAF3CF-B03E-4E07-B6E9-4A53134470F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{62B184C2-51E4-4729-9A84-5CD9DCD5917D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{723EB261-1CBD-4F92-80A6-61D5DAD4A651}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{77631B10-77A7-47B6-8809-14853DAF1B06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9006DE5A-63DB-4FED-A9B7-759A625D3299}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90917C9F-4693-473A-A23A-3918FB591178}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97398F23-404B-411E-9BEE-DC08A8F7AC17}" = rport=80 | protocol=6 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{BC630FE9-CF5D-405B-A1B3-C9D0604289B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CDD22F01-5F62-4831-83D7-A8877B291A8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D335F46F-913A-4AEE-A7E4-7F792C5F1D0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DACE0A67-1252-41CE-BE52-9DC5A33F1DB0}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF96466F-3E80-4ADB-A838-F1C0915D1E83}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3637304-F4BE-4EE3-838D-6C2BA895F204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DB155A-CA5A-4363-991D-4A7E2A3D075F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{04E4793F-A9DB-4DFE-9D49-A885876AC4B7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{0599FC68-F991-4CA3-B5E3-48CDE4D7624A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{05C46EEF-5A0D-404C-A54D-5DC562551E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{075B5D3F-4A91-4DFA-9BB2-35BA1A433781}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{0BDA7E8B-D89B-40B0-A298-098E0282F9C7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{0C9F6EA1-12F0-4E8B-AFD8-7FEF36E47B9A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{0D969833-E69D-4955-8AF4-CFABFEE18E95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1155B900-1D4A-4AA9-B277-29C101A8DDDD}" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe |
"{11EDD132-BCD1-49B7-B1D7-51F63C60EC85}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"{13C95D6B-FB7B-4DCA-BF77-A4C2F46F6724}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{13E25D04-E562-4572-A2DE-8977E80D555B}" = protocol=17 | dir=in | app=d:\games\origin\medal of honor warfighter\mohw.exe |
"{14932009-CFA1-44D0-AD10-2F34E0036411}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{15347947-EA84-4771-8CE0-848970C99A54}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{1C35C4FB-8832-4A16-B6A5-8D3B05E69352}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1E8330D7-A566-42BE-AC66-8C3361DF1144}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage64.exe |
"{1F135A93-447A-46AA-8BD9-920E96F7C0FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2228E7F9-E581-44D7-9CCB-C090290A7F70}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{23CF9C21-BC3D-4CFA-80F4-A14CEDC1B62A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2436A575-44A4-44CA-81D4-0B087A8EB457}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{26FC3BA4-65B0-4CA4-A6D7-6F7ED8BBE3C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{2CB31E0B-9AE7-4ABC-B602-0AF5AC3D7723}" = protocol=17 | dir=in | app=d:\games\origin\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{2CCD611F-EF9A-47B6-AA23-237FCBDA072F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{2E9EA9C2-2CC8-4972-BE38-0C5D29DA513F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{303B95D0-7DD1-4F34-921E-29F149F6C4E7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{32356A10-8BC4-456E-8B8F-6B0555D591A7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3255F302-F335-4F73-869F-00FB5825653E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{33EA5C7C-BFC3-4920-B89C-77692EB3A3B4}" = protocol=17 | dir=in | app=d:\games\war thunder\launcher.exe |
"{340934B8-B401-40B4-9D60-1FF8DB479BF3}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{347E0997-7374-417C-92E2-CF95105756B2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B34FED2-41A0-4F50-9C93-4735340A69BA}" = protocol=6 | dir=in | app=d:\games\origin\medal of honor warfighter\mohw.exe |
"{3C0A4239-2E75-4FCD-BD1D-A2BCCE041FFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D699124-0600-4E48-9B79-3E546300C4EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3F32F2EE-3A4A-42DA-9CE8-679D4E70B4EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{46C8B5BC-680C-4757-83D1-4D350D88A8D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{46DC4BAC-8B87-4F02-8909-0DC3E7C34021}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A78D1F5-A2C0-43A5-853C-BA6FF363DC32}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"{4AD6F5FB-FCD1-4F8B-B5FB-EA821868C0AD}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4C7603B1-9964-4D25-B9F9-F6C1F5211DCF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C9754CF-7363-4194-BF5A-00B126AF2015}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4C9E2810-9798-469F-8233-9FC95237A99B}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4CBCF573-AA37-45E7-B242-69AD78981417}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E4D8251-F5B3-4558-9497-D5B8FE13EB3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{51690F5B-63CA-4337-B6FE-C3F1B4EF9217}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe |
"{5259AA1D-E4FD-4D59-837B-348EE99F971E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5790C904-6FCD-42B8-8C2C-1B9A2CCE7843}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{591ADC8A-8377-4FD3-8C20-61BE2C5305D6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5980A828-DAAD-4951-ADDB-E2AE9B02DA5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{604A163C-243E-4E1A-BC21-3A59D8F5DC14}" = protocol=17 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe |
"{609E5A8D-DAFD-42DC-B276-C06CFBBD0BB7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\wizardry online\launchpad.exe |
"{62907FDE-53A5-4FDD-9223-7A4E04D7F819}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6560731E-F99E-4187-81AB-80B9BDD4C427}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{68B71DB4-56E0-499F-8706-A6453ACC9E70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6F69C8BE-9E85-48E2-92A0-3BAECB574EED}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{709FA55E-334F-42CA-AEE3-7224854B16F4}" = protocol=17 | dir=in | app=d:\programme\office\office12\onenote.exe |
"{70CCC928-A738-4DA9-80AC-3B19A81AFF54}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{70EFC577-9D7E-4CC5-9238-2FDF466CFC3C}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe |
"{7341C1B1-6300-4DBB-B473-7FE8D3518B91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7406EF1A-0E13-42C0-B850-1E718BA8D48A}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{76FE9D3C-E170-44D9-B66D-769872AD82F2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{7883D461-CD02-437C-A684-C67D00418C22}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcry.exe |
"{78948318-CCCB-4FE8-9BE1-5C8EB91BBC6C}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{79125FB6-23DC-47C0-8083-15F3344D4FF9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7A9C004D-BF94-4065-8C8E-1472C669667F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{7B0D3B0E-FDB1-4D91-8D49-470EF34527E2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{7B11D626-912B-464E-ADCC-8D055258FBAF}" = protocol=6 | dir=out | app=system |
"{7B695F0A-6198-4984-ADF3-78AC49FB67F9}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\dota 2 beta\dota.exe |
"{7BA16E5C-03B6-4935-A277-061CD684381A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\tools\launcher.exe |
"{7D3BD138-4009-4F3C-9D92-BEE5F33C728E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{805D25FC-A103-4EF8-A95C-12A3D03A551E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{83569159-0B41-4B55-BB71-26B51481B2A7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 3\arma3.exe |
"{84D98702-4DD3-4835-8464-DCF04ED96EF5}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{869E510D-68D1-4533-B335-644D4D584968}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{8827CBB5-7F85-4F59-B937-93DDFA93FBBC}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{888F8EA9-FBA7-4501-8533-BBCFA1B98AA0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{8C0FD2A4-3852-40CC-9E75-549AF70201A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DCFA55D-3FDC-45DB-887C-DAB27CCF0799}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8F5A92CF-2342-43E8-9649-DE117A41BFB0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{95C30667-F52D-4563-9443-0354B97AF1D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9899D79E-B136-4FB7-90A7-9A06736D003C}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe |
"{989CC5BA-FD37-4E01-BFC5-CC4058727557}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{9C8AE510-D35E-4AC2-BF91-0F771DBE7A05}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{9EBB6057-C68A-4EC6-8980-A821431CCF15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9ED39546-6868-42AD-A0EB-A4AF0E95F02D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0AED8CF-AE83-4AAE-BB80-CEAF761B5DBD}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{A195085D-14CC-44D6-98CC-85FE7F363827}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{A22C1A57-B0B1-41E0-A636-3121AB5FE830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{A87401CF-92B5-48D2-9794-622ACBA96B45}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{A94AC001-597D-4F71-97AF-4067FE063D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA30F0E3-3B6A-47AC-99EA-4CCCA0ED86EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ADD8D4A0-8B03-4C8E-BEDC-A7E8F231EA15}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{B042D632-0DC0-45D9-B936-E56E90086B3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{B181CD6D-3A39-4E81-B8CD-6B2AD53B737C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1BB5B68-C81E-4D57-B601-2313836E2219}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcry.exe |
"{B3945A90-1DEE-4ACE-90D8-0C8535414BBE}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B8A0D432-AC3D-4FA5-9F8C-078055687C1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B8BA06D7-4680-4375-AD61-530140B4F48B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98ED117-50CD-4611-A794-AA35BF3BB86E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BB8BD99F-D3FC-42A5-8F8F-B82F58F8670F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C2BD68FF-4A58-4DE0-8033-E2029C157A03}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{C4F111E3-EA4B-4A7C-8C76-0BE316ECBBA7}" = protocol=6 | dir=in | app=d:\games\origin\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{C6A29DA0-4E7A-4C8E-9564-8A57BB14FFD7}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\dota 2 beta\dota.exe |
"{CF10CC33-54AB-4F4C-B754-658F52CF3A9D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\wizardry online\launchpad.exe |
"{CFD8D937-7995-4AB1-896B-2DBE95A7F70E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D042CA01-0B45-433B-AA7D-A60BFADA6C51}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D2D6408E-C100-4590-8328-E454842903F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D32821DC-A66D-405B-8581-AA9D8859204D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D32B776C-0B48-4E66-B10D-E23095221981}" = protocol=6 | dir=in | app=d:\games\war thunder\launcher.exe |
"{D4822403-282D-46BC-95AF-B749677A0D38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5BB8623-933C-4C0B-AA02-CDF07D17225B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D77D9C86-5900-415E-8FF0-2B398BAD6F7D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{D7B0299E-16E0-40FC-B7D3-E9FB1540CFDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC100BA-52BC-4134-A68F-17CD04CBAB48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC35CA98-AA30-4618-8E49-A768E3F072EC}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{DCB10DC2-4D3D-4663-9DDB-C725C619B98A}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{E152BFF1-43D7-495D-A6A2-3F65A9A55854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E1DCB092-0354-4E27-90DE-0E2718D7BBBA}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2\arma2.exe |
"{E327ADE7-EDA0-418C-BE8E-B02FCED04610}" = protocol=6 | dir=in | app=d:\programme\office\office12\onenote.exe |
"{E41ACDD1-BF43-4715-A1B5-C8E7D8A40A3F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{EBC3EDC5-E752-40E9-87B3-4BF195EA78EE}" = protocol=6 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe |
"{EBDBD909-D2C1-47B6-8F55-A1D25181F35D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{ED356030-1A84-4F79-9E7D-626A0135D251}" = protocol=17 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.exe |
"{ED6C1DFF-DC2F-4B07-904C-3090094FCBC5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage64.exe |
"{EE21F8D0-84EA-4701-BEB5-DC61ED44632D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F1AA4D79-0D2B-414C-BCD3-D14D91EB4431}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F2181DDF-C807-4B68-92F4-DAB7C7A81EEC}" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe |
"{F252CE16-7C75-4159-A0AA-C0F71CBD2DF1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F29E828D-6442-4414-B1CF-8BFCAB6E09B6}" = protocol=17 | dir=out | app=d:\programme\steam\steamapps\common\warframe\warframe.x64.exe |
"{F4FCD231-5B2A-4B1B-AAD1-3A1D330A3785}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F52A9B9B-1D56-4DAC-AD75-BD06BF0C9843}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{F65DE787-5289-41A2-B385-C6611B24FA41}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F818CF42-468D-4034-8C60-9D8DF00811D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8A3CA81-D67C-48A0-B7CA-9D0AFDD525D6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F9195EFC-7D31-4D4C-B922-692467643BF0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FA221C83-D668-4248-92CF-B9BC8403B78D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC08662A-4363-44F1-9F9B-B8C4F60831A5}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{FC092C14-2657-43E3-89BA-3545F8F20900}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FD148834-18B4-4246-BF83-3A224EB81CC2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 3\arma3.exe |
"{FD416E9E-F4B1-4905-9D74-3C7B7F2EDAAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{082CD911-FBF4-4C84-8D7C-73115E0793A1}D:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{099D9F73-301C-46FF-BCEC-B3ADA8E84419}D:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{0D518785-F6A4-4DD5-81E2-0E22099BB299}C:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe |
"TCP Query User{0FB65CB5-3758-4C8E-AF9A-04314EB70AB6}D:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=d:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{172F918F-DC09-4BE5-BD3A-4C6C49EDA364}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{2CD92DCC-2269-4716-8768-AAFCC9A5FC3F}C:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe |
"TCP Query User{48E53D2C-6DDC-429C-AAB3-5C040E0C5D07}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{5757993B-783F-410F-9B89-5E895F2F275E}C:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe |
"TCP Query User{5B4CBC1E-C6E0-4746-98AA-3CC833CEE418}C:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe |
"TCP Query User{74DDA053-B892-4AB2-8DBC-B9B67D9BAC42}C:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe |
"TCP Query User{7888156D-25FD-4B94-B256-4A4C381D217E}C:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe |
"TCP Query User{881EDCC7-9CBB-4E7D-9C32-5F928013BB25}C:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe |
"TCP Query User{95FBD64F-91E7-4DCF-8704-643819A42786}C:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe |
"TCP Query User{9CB6DE42-5E11-4BEA-9047-0840C7E1D1D1}C:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe |
"TCP Query User{AA33B268-E66B-4D6E-B53D-3DD6337102B3}C:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe |
"TCP Query User{C117E5F2-5A1C-4850-8C97-8CE991E54DC3}C:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe |
"TCP Query User{C8147BB4-7894-4862-AB87-41D80662D929}D:\games\war thunder\aces.exe" = protocol=6 | dir=in | app=d:\games\war thunder\aces.exe |
"TCP Query User{C922D66B-84A3-4503-BB45-B73EFDED30FD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{D8912882-1722-4333-A61A-B9547C0E2ED3}D:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=d:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{DB2C3636-7907-40CA-98D9-2203E7C60944}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EE486681-5A12-4F1D-947A-DE0EC4E4E42A}C:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe |
"TCP Query User{EFEB48BC-07B5-4BE4-886C-56AF5AF6498D}D:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{0065D955-B019-4120-A0B2-1C3FEACC71A7}C:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.264\mw2sa.exe |
"UDP Query User{08EA9633-DCAA-4632-9ED2-C0BFBE51D5B5}C:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.879\mw2sa.exe |
"UDP Query User{2021D5FD-7FD6-4333-B78D-9391EE20AF46}C:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.536\mw2sa.exe |
"UDP Query User{32F2A253-2D3E-46B9-8B2E-CE103E40B0D9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5084E3C6-A4DA-48DE-80CC-1B162A0CB1D1}D:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{52D0A057-5B77-48FC-8B5B-8163424D2F1A}C:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.871\mw2sa.exe |
"UDP Query User{5FF7245E-2513-4FA5-9C7D-5C45ADE4AEA2}D:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{853F238D-CE12-4451-AB53-489DCA2E4F01}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{8DBD12A4-8BF2-4879-82DB-05390E6B6379}C:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.441\mw2sa.exe |
"UDP Query User{8F5F40B7-FE91-4C13-8DE2-EF9CE488C364}C:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.947\mw2sa.exe |
"UDP Query User{95B8CE1B-E9AF-4CCD-BE7E-CCC0ED303A48}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A816A74C-4582-4942-BE29-97EFFC1A8276}C:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.449\mw2sa.exe |
"UDP Query User{C8577BA3-03A9-4803-832B-9948531A4D60}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{C9BAC025-8BB3-4067-8C30-62729E36B824}D:\games\war thunder\aces.exe" = protocol=17 | dir=in | app=d:\games\war thunder\aces.exe |
"UDP Query User{CC07368B-401A-474A-89FE-30388813A58D}D:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{CF3E7577-B28F-42BE-909C-9844B293718E}C:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.981\mw2sa.exe |
"UDP Query User{DD2DF991-77FE-4918-88AD-A55B7E503EAB}C:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\apps\2.0\gdzy8jtt.vyr\vw3xbhle.bej\laun...app_59711684aa47878d_0001.001e_0f529f5f0ebfb750\launcher.exe |
"UDP Query User{DDD08D17-41D0-480B-91E1-003F70E9AC15}C:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.620\mw2sa.exe |
"UDP Query User{E4D65447-B454-44F2-A27A-2E024A44BA52}C:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.718\mw2sa.exe |
"UDP Query User{ED750450-18E0-48C8-8C73-18189B0D294C}C:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\local\temp\rar$exa0.261\mw2sa.exe |
"UDP Query User{F5BE8624-FCBE-41E1-959A-D2410DF08A19}D:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=d:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{F5CBA0C5-DFDC-4B2D-A24B-E1AAE7A45DDA}D:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=d:\games\ghost recon\ghost recon online\pdc-live\ghostrecononline.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02454664-23E6-46B3-9CB3-30870AE3645E}" = Crysis®3 MP Open Beta
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790412BB-B6CE-459B-9E17-7DA7C20FC98C}" = DayZ Commander
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1F04430-DC1A-4CF1-B004-46EC264AE840}" = Delta
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DC-Bass Source" = DC-Bass Source 1.3.0
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressRip" = Express Rip
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"LAME_is1" = LAME v3.99.3 (for Windows)
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10090" = Call of Duty: World at War
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 107410" = Arma 3 Alpha
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 13520" = Far Cry
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220240" = Far Cry® 3
"Steam App 221360" = Wizardry Online
"Steam App 230410" = Warframe
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 500" = Left 4 Dead
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9200" = RAGE
"Tomb Raider_is1" = Tomb Raider
"VLC media player" = VLC media player 2.0.3
"vsfilter_is1" = DirectVobSub 2.40.4209
"Wajam" = Wajam
"WinPcapInst" = WinPcap 4.1.2
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTKaraoke@DacSoft.org" = Tube Karaoke
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Dropbox" = Dropbox
"DSite" = Update for Codec Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2013 07:51:30 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 17.05.2013 07:51:30 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 17.05.2013 07:51:54 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 18.05.2013 18:28:16 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Borderlands2.exe, Version: 1.0.60.324,
Zeitstempel: 0x51428def Name des fehlerhaften Moduls: Borderlands2.exe, Version:
1.0.60.324, Zeitstempel: 0x51428def Ausnahmecode: 0xc0000005 Fehleroffset: 0x002019e5
ID
des fehlerhaften Prozesses: 0x91c Startzeit der fehlerhaften Anwendung: 0x01ce5416bb883834
Pfad
der fehlerhaften Anwendung: D:\Programme\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Pfad
des fehlerhaften Moduls: D:\Programme\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Berichtskennung:
3b635211-c00a-11e2-a745-1c6f653dfe01
Error - 19.05.2013 22:13:59 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 19.05.2013 22:14:25 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 09:43:38 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 09:43:39 | Computer Name = Albert-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 20.05.2013 19:15:30 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01ce55afd2107d59 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx Berichtskennung:
29a0ab6e-c1a3-11e2-9e3a-1c6f653dfe01
Error - 20.05.2013 19:15:40 | Computer Name = Albert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1428 Startzeit der fehlerhaften Anwendung: 0x01ce55afdcd5c209 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx Berichtskennung:
2f439f8e-c1a3-11e2-9e3a-1c6f653dfe01
[ System Events ]
Error - 20.05.2013 12:53:12 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.05.2013 12:56:48 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.05.2013 20:48:13 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 21.05.2013 10:33:00 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 21.05.2013 16:02:35 | Computer Name = Albert-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.05.2013 16:32:58 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 22.05.2013 08:42:02 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 22.05.2013 20:51:16 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.05.2013 12:53:17 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.05.2013 16:22:08 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
--- --- --- |
