Keine Ahnung was du mit CODE text meins!
OTL Logfile:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 27.04.2013 22:37:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 39,59% Memory free
12,32 Gb Paging File | 8,41 Gb Available in Paging File | 68,22% Paging File free
Paging file location(s): c:\pagefile.sys 7500 15000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 243,30 Gb Free Space | 52,25% Space Free | Partition Type: NTFS
Computer Name: XX | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\X\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\nostalex.dat (Entwell)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\GameforgeLive\gfl_client.exe (Gameforge)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (BlueStack Systems)
PRC - C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems)
PRC - C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\GameforgeLive\qjson.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\libgcrypt-11.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\libgpg-error-0.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\mssvoice.asi ()
MOD - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\mssogg.asi ()
MOD - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\mssmp3.asi ()
MOD - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\msseax.flt ()
MOD - C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\mssds3d.flt ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 68 5C 85 B6 F1 CD 01 [binary data]
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google-Suche = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: GFACE Experience Plugin = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0\
CHR - Extension: AdBlock = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.62_0\
CHR - Extension: Arcane Legends = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido\1.0.2.2_0\
CHR - Extension: ScriptSafe = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Google Mail = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001..\Run: [HW_OPENEYE_OUC_] "C:\Program Files (x86)\Hi Suite\UpdateDog\ouc.exe" File not found
O4 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A3F4B5E-6EAB-4A77-9D43-F0E670F4DAA8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e69bbcf-972b-11e2-a4f5-00241d699e74}\Shell - "" = AutoRun
O33 - MountPoints2\{4e69bbcf-972b-11e2-a4f5-00241d699e74}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{4e69bbd4-972b-11e2-a4f5-00241d699e74}\Shell - "" = AutoRun
O33 - MountPoints2\{4e69bbd4-972b-11e2-a4f5-00241d699e74}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.26 19:58:01 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Malwarebytes
[2013.04.26 19:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.26 19:57:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.26 19:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.24 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\Battlefield Heroes
[2013.04.24 18:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.04.24 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013.04.22 21:03:29 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\inkscape
[2013.04.22 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2013.04.20 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2013.04.20 13:03:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.17 16:36:00 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\SWTORPerf
[2013.04.17 15:25:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.17 15:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.17 15:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.17 15:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.04.15 22:34:49 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
[2013.04.15 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drakensang Online
[2013.04.15 10:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2013.04.15 10:02:02 | 000,000,000 | ---D | C] -- C:\BrickForce
[2013.04.14 23:35:30 | 000,000,000 | ---D | C] -- C:\Users\X\Profiles
[2013.04.14 23:35:30 | 000,000,000 | ---D | C] -- C:\Users\X\bin
[2013.04.14 23:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu
[2013.04.14 23:11:31 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2013.04.11 03:01:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 03:01:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 03:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 03:01:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 03:01:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 03:01:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 03:01:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 03:01:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 03:01:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 03:01:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 03:01:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 03:01:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 03:01:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.11 00:21:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.11 00:21:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.11 00:21:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.11 00:21:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.11 00:21:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.11 00:21:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.11 00:21:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 00:21:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 00:21:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 00:21:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 00:21:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 00:21:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.04 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\Ollydbg
[2013.03.31 02:58:22 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.31 02:58:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.29 18:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf
[2013.03.29 18:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf
[2013.03.29 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Overwolf
[2013.03.28 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\NosMapsBot
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.27 22:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.27 22:01:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.27 09:01:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 21:10:49 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 21:10:49 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 21:08:31 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.26 21:08:31 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.26 21:08:31 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.26 21:08:31 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.26 21:08:31 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 21:01:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 21:01:27 | 4026,179,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 18:41:53 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 18:41:46 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 18:41:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.22 23:40:17 | 000,003,240 | ---- | M] () -- C:\Users\X\Desktop\free_turian_skull_emblem_by_meken-d3fh6f9.png
[2013.04.22 22:22:57 | 000,001,201 | ---- | M] () -- C:\Users\X\AppData\Local\recently-used.xbel
[2013.04.22 22:22:23 | 000,087,645 | ---- | M] () -- C:\Users\X\Desktop\Thunder of Xau.png
[2013.04.22 21:02:05 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013.04.11 03:20:59 | 000,297,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 07:21:37 | 000,001,789 | ---- | M] () -- C:\Users\X\Desktop\NostaleX.exe - Verknüpfung.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.31 03:34:14 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.31 03:34:14 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.24 18:41:46 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 18:41:46 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 18:41:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.22 22:22:57 | 000,001,201 | ---- | C] () -- C:\Users\X\AppData\Local\recently-used.xbel
[2013.04.22 22:22:23 | 000,087,645 | ---- | C] () -- C:\Users\X\Desktop\Thunder of Xau.png
[2013.04.22 21:47:22 | 000,003,240 | ---- | C] () -- C:\Users\X\Desktop\free_turian_skull_emblem_by_meken-d3fh6f9.png
[2013.04.22 21:02:25 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2013.04.22 21:02:05 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013.04.09 07:21:37 | 000,001,789 | ---- | C] () -- C:\Users\X\Desktop\NostaleX.exe - Verknüpfung.lnk
[2013.03.31 02:58:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 22:53:01 | 000,731,475 | ---- | C] () -- C:\Users\X\Desktop\NosJobbot.exe
[2013.01.17 00:14:34 | 000,003,584 | ---- | C] () -- C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.13 20:19:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.13 19:46:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.13 19:46:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.01.13 19:46:07 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.13 19:46:07 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.13 19:46:07 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.13 19:43:58 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report > --- --- ---
--- --- ---
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 27.04.2013 22:37:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\X\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 39,59% Memory free
12,32 Gb Paging File | 8,41 Gb Available in Paging File | 68,22% Paging File free
Paging file location(s): c:\pagefile.sys 7500 15000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 243,30 Gb Free Space | 52,25% Space Free | Partition Type: NTFS
Computer Name: XX | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2380258265-3006174749-279724184-1001]
"EnableNotifications" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064D94F3-9BAA-4B00-8B60-3FD2C312A828}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0DF385E2-07EE-4FE4-836F-B872F3844E01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E6AF1D4-187D-4091-A915-8214DC599C41}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{41F6E4C5-3CFF-4939-B4CB-A02618E8D239}" = lport=137 | protocol=17 | dir=in | app=system |
"{44149631-3E20-49E5-9810-C383BB568C22}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{4C6EA97D-9737-4DCB-B384-501F59E24F1E}" = lport=57056 | protocol=6 | dir=in | name=pando media booster |
"{4D409C29-8CAB-48A0-B429-383C5E569FD4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{537B0F72-BEA5-42FC-8A99-9432B6E26FA5}" = rport=445 | protocol=6 | dir=out | app=system |
"{5562F2F9-4B2C-42DA-BA1E-5732AB13641B}" = lport=445 | protocol=6 | dir=in | app=system |
"{588EE154-D94E-4ADF-AE86-41EC7D6F5636}" = lport=57056 | protocol=6 | dir=in | name=pando media booster |
"{73538212-B531-4805-BC59-59BC4B1637D9}" = lport=57056 | protocol=17 | dir=in | name=pando media booster |
"{74DDDE23-74DE-40AF-BF4E-50AE7AE98E8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{76AC2B9F-7DBA-40CA-82C5-7D0C52FF2C67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E0E5077-A132-4A85-8758-090D6BD46956}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81CADA6B-0B71-42AC-B11F-AC31961AB25B}" = rport=138 | protocol=17 | dir=out | app=system |
"{88B372EC-A582-42C6-B997-B135E7CA0EEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A838EA7-5B76-47DF-9477-518DD8D58FD6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A63173B3-873F-49DE-9DEC-1BFFC69F7701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A68D794E-C034-4955-B6BE-99B93A860783}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA6B6162-D114-42FE-9AB3-9CBBE4A79075}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADB32A78-ACB2-47E1-9D29-23DC4EE51FF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFB8789B-002E-4C7C-A41E-F8D1B682E49B}" = lport=138 | protocol=17 | dir=in | app=system |
"{B12CD176-3D67-45A7-95F1-DBDC58C83041}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC8A8F86-354B-4950-B631-39980A278419}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB8D4765-FE7A-4ADD-9B4C-A9A77072D3F8}" = lport=57056 | protocol=17 | dir=in | name=pando media booster |
"{CD564194-0749-4191-897D-3F374AB614BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1782101-3196-42EA-ABE3-4C0C783E32B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5E177AD-76B4-4635-86BA-DC856B2D7BEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF70AAB8-282A-4CCC-BED1-21FF37AAB67C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F54EE5-C72B-492E-96DD-FC6936AEDE4B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0ADD9A39-28A2-41D1-B0E0-D714CFC64143}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0D2E69C0-DB03-41CC-AFE7-87ADB98CE5B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0EB70C62-3173-49E5-A869-DAC91D0937E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F0911D0-98C6-4061-B4C3-886D64BAC6EE}" = protocol=6 | dir=out | app=system |
"{16ED25E2-7939-41C2-BE3B-D6A20962429D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1A657F53-E864-4ABB-BE89-ABE92154C488}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{271E00BA-02CC-4159-9516-8BBAD653F935}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{28FF2253-A4AC-4E6A-9FC2-1FC2D219117B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29C32F82-4F49-4AA6-8506-11913DE95E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E4A1E33-7BE3-47BB-9FB0-CBB71B535342}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeonparty\dungeonparty.exe |
"{34082616-A900-4C47-B2F3-6E0346CE4824}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35E30C6C-9224-4788-AABD-B8979E762BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{39B72C8B-08CF-45D2-8B26-7377D301B502}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3C4E355E-57B6-4331-9BAF-CE8E2698BCA3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3C53286C-A932-47CD-80C5-97C76CC8CB9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{3F14CF9C-9393-4CA9-AE43-12DE81D3BB5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{409CDD95-ADEF-46A4-A43E-C789C26CF7ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{4305D902-1751-4F91-90C8-FBCA10C7E05D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{4CB4B932-9503-4EC3-95AB-F1C49BC6C82A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F1CCF21-2AA8-42A4-87B1-6862BE1978CC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{542344C1-0F0C-43E8-AE7D-393F1F649808}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeonparty\dungeonparty.exe |
"{5F03D29B-21CA-4AF0-A616-D03F1352BAF8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{670634F3-228D-4CEF-A74F-CEB1D2D516C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67993BB3-436A-41E8-9F2E-9EB711F6044B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{691B90B1-061B-4778-A3C5-9E4C6FEFDFA6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{691FB8FD-84CB-49C7-B7A8-F897A0ECE9D0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{6A0759DD-14D6-45A3-B2BB-2ED54B3AB0C9}" = dir=in | app=c:\brickforce\brickforce.exe |
"{6B86AFEB-BBCD-47F7-AE1F-112D2CCAC9B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F93F74C-579F-4B52-B625-98E31C12C6BE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{768073FB-650C-40B6-B173-066D17FFE9EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77CFF6D0-84E1-4243-8FFD-05824BB5F8CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D0CED7B-5252-4D88-BFF6-E7DDA8188C13}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80C6ACB6-6B72-4CAF-93DB-18F87DB421C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{820F005A-E554-4573-BC0F-61A186436291}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{863BCADC-5759-4894-9B54-F25892DF23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94C76A67-FD27-49AA-9B04-58F4861EBA9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A424835-6513-4535-8CE5-560593E83DC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{A121F64C-D40B-4E0A-800B-D571BF82B7A2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{A2D9A576-DE61-46E8-9270-99D538F705C1}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{A4F2C3E7-4EFE-4A56-AA20-B57D7441A281}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A9EE8125-9281-42A4-BB23-D23FFEE1F4BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{AD480103-D971-4680-8A63-7860BFAA472A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0FA11DD-7AB4-4291-85C7-11BD3A5AFD95}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B100F3A1-2C56-46E4-A8A8-76B660CFEBA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5F1F119-B4D0-453A-A8E3-BE6344E1D8DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B756D9D8-D9B4-458E-BF66-AF97FAA6B57A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD39ACD8-3C06-4AF1-B619-69D61FE01364}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{BE6D450C-C704-424E-A520-F28DAA16230B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{BEE17643-B3D9-475E-9232-60AB0AB95AAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BFC306EC-0E24-475E-AB57-F8784602105D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C26D5AE2-086D-413F-98F7-5332FE96E929}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{C9A1DDA2-028E-4239-A2F2-95D314BF317E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CF65C969-50C3-41E3-A10F-82A075504AB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D7495311-EFD2-49C5-A9B5-FA518D1529E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E06EEDCC-C87A-4746-871F-36C6C01A32BB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E21B8A86-FD69-4BF6-A1C5-E279DD09FB01}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E2733995-6E2B-48B4-BA81-C8C367CF7E43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7245233-4545-4D2B-9402-B2ED98996562}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E9D243A8-CF95-45B8-85C4-9C93AB0769F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE3EA333-13B0-4260-8041-7A29257E889B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE4CC1A1-47C4-41D4-8310-0CDA8C33C04A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EFCD147F-45FE-41F6-90F3-71C153ADF2B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EFEA8108-734A-476B-8ED4-D0F207FDCEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F2A958D9-9E1A-4429-A615-AFE0A90C2FA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7A76459-64BE-4596-ADE6-ED242619B16B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F871C6D0-1588-4076-880F-101A4CBF8D20}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F940F9F0-3929-45B9-8986-6066EB290297}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{1A0A7966-B75F-4DE0-87CC-9C3BC3B3C6D5}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{393126C9-AB36-452B-BBB4-A2C8B4DCFBA1}C:\users\x\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\x\appdata\local\temp\gw2.exe |
"TCP Query User{4D42C6C4-F048-478D-982F-8DD193B0927A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{5464EDD6-26DF-46A8-82F5-C62B329777F2}C:\users\x\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\x\desktop\hardcore-reloaded\.hardcore reloaded.exe |
"TCP Query User{5E37CE20-08C6-4AE3-AC19-F934D71A8FD1}C:\users\x\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\x\appdata\local\akamai\netsession_win.exe |
"TCP Query User{861BE798-FF10-46C2-B19D-F52D8C60E5BC}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{917EFE97-F4DF-42A4-A1CB-C3EA775BEEA0}C:\program files (x86)\steam\steamapps\lightscreen\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lightscreen\counter-strike source\hl2.exe |
"TCP Query User{BF5C48FC-9D80-4106-B4DA-D0D982F57F0E}C:\users\x\desktop\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\x\desktop\hardcore-reloaded\metin2client.bin |
"TCP Query User{C21F9A6B-4749-4778-978F-8E16EA7D60AF}C:\program files (x86)\skype\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\skype.exe |
"TCP Query User{D818F2FD-6D55-4033-B68B-1E756560042A}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"TCP Query User{DC143C35-8833-4B60-80FB-3D16CD16C1FA}C:\users\x\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\x\appdata\local\akamai\netsession_win.exe |
"TCP Query User{DC9C14C1-324C-4782-AA4A-FC341E2BD020}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F1430B00-A54A-4D3C-B2AA-7CB62B08D640}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{0513F7E1-5C32-475D-A79E-ADAB3E633964}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{11B74640-A3CB-4684-914A-D64B9952CA9F}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{28353A2F-ECBB-4C90-91F6-21317BBFB913}C:\users\x\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\x\desktop\hardcore-reloaded\.hardcore reloaded.exe |
"UDP Query User{2EEF1699-F055-4546-8773-3139D018768F}C:\program files (x86)\steam\steamapps\lightscreen\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lightscreen\counter-strike source\hl2.exe |
"UDP Query User{37CE07A0-5DFF-4785-A964-AD507CCB9247}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"UDP Query User{4D21D380-465F-4C95-994D-DF1B8CEECF1F}C:\users\x\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\x\appdata\local\akamai\netsession_win.exe |
"UDP Query User{4F1653D1-CDAC-495D-B019-87A046B3B528}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{56799CCB-2374-4300-A461-0675BC385E55}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{7BBA757E-10F7-4D8D-BE6C-78D19E14BF8A}C:\users\x\desktop\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\x\desktop\hardcore-reloaded\metin2client.bin |
"UDP Query User{8F6546AD-25A4-4B15-ADEB-BA25CAC4EAD1}C:\users\x\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\x\appdata\local\temp\gw2.exe |
"UDP Query User{B1C435D4-2E75-4836-B462-89E66B5489ED}C:\users\x\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\x\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F43BA317-D732-4FBF-BE5F-6A4AC0C4ADC0}C:\program files (x86)\skype\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\skype.exe |
"UDP Query User{F62B750A-2760-4697-81B8-6C23BCB65925}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}" = Pokémon Trading Card Game Online
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6FB58056-0BD1-4E42-BC61-26A840895497}" = Overwolf
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A6C8CD51-1AE4-474D-BA2D-125CDBEADD03}" = MEDION GoPal Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD9D0827-A6D6-4E2C-B31E-23F01577E27B}" = BlueStacks Notification Center
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alliance of Valiant Arms DE" = Alliance of Valiant Arms DE
"AstrumNival Allods" = Allods Online 4.0.00.63
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueStacks App Player" = BlueStacks App Player
"Brick-Force" = Brick-Force
"Diablo III" = Diablo III
"Drakensang Online" = Drakensang Online
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"Hi Suite" = Hi Suite
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"NosTale(DE)_is1" = Nostale(DE)
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Sphere" = Sphere (remove only)
"Steam App 113900" = World of Battles
"Steam App 215870" = Dungeon Party
"Steam App 240" = Counter-Strike: Source
"Steam App 50620" = Darksiders
"Steam App 55110" = Red Faction: Armageddon
"Steam App 570" = Dota 2
"Tale of a Hero" = Tale of a Hero
"VGEE" = Vista Game Explorer Editor
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3727294458-834492972-4203967504-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wizard101(DE)_is1" = Wizard101(DE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2013 07:01:43 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2013 13:00:07 | Computer Name = XX | Source = Windows Backup | ID = 4103
Description = Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort
"E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder
ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort.
(0x81000006)"
Error - 23.04.2013 17:03:02 | Computer Name = XX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NostaleX.exe, Version: 0.9.3.3008,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x1a7c Startzeit der fehlerhaften Anwendung: 0x01ce4065f08a7760 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\NostaleX.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 2f175fc0-ac59-11e2-b2e8-00241d699e74
Error - 23.04.2013 21:18:02 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2013 12:55:57 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2013 17:55:19 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2013 21:18:54 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 06:57:27 | Computer Name = XX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001000 ID des fehlerhaften
Prozesses: 0x17f8 Startzeit der fehlerhaften Anwendung: 0x01ce419450a7f1c0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ea5b5d20-ad96-11e2-8a7f-00241d699e74
Error - 26.04.2013 15:02:45 | Computer Name = XX | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2013 15:31:06 | Computer Name = XX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NostaleX.exe, Version: 0.9.3.3008,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x1018 Startzeit der fehlerhaften Anwendung: 0x01ce42b48bcdbd90 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\NosTale\NostaleX.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: d6b57d70-aea7-11e2-a4f9-00241d699e74
[ System Events ]
Error - 01.04.2013 03:38:06 | Computer Name = XX | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.04.2013 12:09:31 | Computer Name = XX | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.04.2013 12:52:17 | Computer Name = XX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?04.?2013 um 18:48:54 unerwartet heruntergefahren.
Error - 24.04.2013 12:53:19 | Computer Name = XX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Net.Tcp Port Sharing Service erreicht.
Error - 24.04.2013 12:53:19 | Computer Name = XX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Net.Tcp Port Sharing Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 24.04.2013 12:53:50 | Computer Name = XX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
PnkBstrA erreicht.
Error - 24.04.2013 12:53:50 | Computer Name = XX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 24.04.2013 17:52:12 | Computer Name = XX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?04.?2013 um 23:49:18 unerwartet heruntergefahren.
Error - 24.04.2013 21:19:41 | Computer Name = XX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 24.04.2013 21:19:41 | Computer Name = XX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
< End of report > --- --- --- |