Danke für deine schnelle Antwort. :)
Hier die beiden Scan Ergebnisse.
Die Extra:
OTL Logfile: Code:
OTL Extras logfile created on: 02.11.2012 20:25:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jul\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,93% Memory free
7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 58,24 Gb Free Space | 25,02% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,87 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive E: | 424,50 Gb Total Space | 28,11 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive F: | 506,91 Gb Total Space | 426,39 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PHENOMII | User Name: jul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E43A0A-618F-4AB9-B41A-7E9B0E6E6DFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{11E615CB-1CD4-4F5D-8A73-4AF240240219}" = lport=445 | protocol=6 | dir=in | app=system |
"{150775EF-1666-4919-A212-32385D5B1EA0}" = rport=137 | protocol=17 | dir=out | app=system |
"{158C9DA7-E91B-4DB8-BF20-9998E32C3BDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C8D5DE7-2834-448E-B761-B947E0D5B9FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F8BE43B-1BA6-449C-B9C7-1674010277BD}" = lport=56483 | protocol=17 | dir=in | name=pando media booster |
"{36F67383-525E-4785-9E7F-38A83D6F2C18}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F12C40C-141A-4C43-961F-97BC4BAC6AC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47D9DF54-505C-44FB-B374-73B28D6283AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{51B94DD7-2E58-435A-8E4C-6A8146D98F2C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{572F2899-C382-45E6-B881-32940EE5AA78}" = lport=56483 | protocol=6 | dir=in | name=pando media booster |
"{5DEDD829-4A91-4DCB-95F2-85F3AE7EB97F}" = rport=445 | protocol=6 | dir=out | app=system |
"{77FB1A07-3FEE-4D04-AC83-06264D9C7049}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{857AB757-AE57-4D75-9307-2C36ED5242C6}" = lport=56483 | protocol=6 | dir=in | name=pando media booster |
"{9242614F-DBCA-43E2-8029-6543E3EBA9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92D8BB08-B87A-45CA-B721-5C5207BC543C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{94230DCF-41D8-492C-8957-DADB25F3F690}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{94A5F3DB-DD2F-48A3-8C67-8E9FD4C245A5}" = lport=56483 | protocol=17 | dir=in | name=pando media booster |
"{A3E53241-1F77-47C9-842E-BD2F4988124D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF0A73FB-1F49-4051-8B71-E9875D37E25C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B360F7B7-4DAF-4890-8D60-648DAB11C005}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDDAE417-798A-4863-9317-4D66387FE512}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C28268C5-5C45-4C82-B956-796CA73BA07D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4809320-57A7-4A9C-90C6-9A71C6761311}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFCA9EC0-AA4C-4DF6-8B44-73586574278B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E68B32C9-6E14-4A0E-896C-F431B9423EFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AEC7E63-CDE5-4782-BB9A-2F7C1A348A78}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0B519F89-6B66-4C31-B8CE-03AC26085A03}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{0D0C9245-870F-434E-A587-0C566FE0BA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{12ECBDA5-D376-4169-91E2-259BF9D4759D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{149C5FFA-B3EC-4CA5-ABD9-D1EAA00BB7D2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1909B4AF-3DD2-47F3-B8E9-18C6CC7237E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{1A2FCAEA-F63C-427F-AEBC-F8416C072BE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe |
"{1A90AC85-7A3E-4291-AD86-51C88AFB4E21}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{1BD7ED09-E2D6-429D-9C57-9A24D5FF056C}" = protocol=6 | dir=in | app=f:\programme\sumah\game.dat |
"{20812958-D570-4259-969A-9F3537777152}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{20A9BE1B-D2FB-4234-A3BD-ED027E3B9657}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{225AFA5D-35D0-4670-BE3D-B2391A245E96}" = protocol=17 | dir=in | app=f:\programme\myphoneexplorer\myphoneexplorer.exe |
"{266277AC-1818-47A5-88E7-5E8A18AB1E1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{28310255-FCBA-4D78-A176-3228FF8C1B39}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C20C215-550D-464A-BEF2-3ED0193802E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counterstrike source beta\hl2.exe |
"{3278F8FC-2982-44A4-AFB5-B79922575C88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{35BC118D-D396-478D-B4C0-56838EBAAAF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{35E6FE25-1963-4D69-8F98-DCC8E3B880F6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{3C0975B7-ED9A-4259-80EA-0054D1999FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{3F491649-6964-4972-A404-CBE27371CCB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{444C9343-732E-4C71-9041-C2B57E529773}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{4614E3DE-8052-4EE7-B34B-8A7C694B684F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4684F630-8C7C-4997-BB8B-CC22A8062871}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{4B9F8CE9-5487-45A4-9780-6806FF9A3955}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4DA9A52D-E38E-45F0-AD16-0413AEA647BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{503F299C-A986-4F80-A4A0-D65D6F8F9922}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{53967D7E-4B27-49FC-B44B-53520FF38536}" = protocol=6 | dir=in | app=f:\programme\sum\game.dat |
"{56DC79F6-1D52-455A-8DD5-2509821DAC26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{573522ED-3D6B-40C1-B6AC-606F932CAA8D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{5A420B43-808F-4346-8853-ED84718714A8}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{5C60FD54-977A-4AF9-AB02-F2A84CAE513C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{5DC29120-1BC1-46D4-B084-596EAAB6D88F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{641774A2-9E02-46C5-9408-4FBF3C4013E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65F3DACA-885E-468F-B061-8DE1526376B0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe |
"{673AC08F-584B-4F67-87B3-8613B522F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{68955337-6860-48D9-B838-A5887CF67E32}" = protocol=17 | dir=in | app=f:\programme\sumah\game.dat |
"{698B0FBB-9D55-4079-83BC-59239E559FF2}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{6F4BECBE-E013-4844-83E8-A4007F955D56}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{71AF1A58-D1BE-4352-93C5-D292A2ADA6F7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{7410B423-A5EC-46CC-B438-B03004D9588E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{7428884E-8B70-4480-8073-A8D35702BE66}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{787F2B52-4FAD-4264-BC19-93CC77324522}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{7B8B69A9-B948-4808-95C4-CB60365FA0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{812A687D-0E4B-44FB-B76F-C38ECA2AD245}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe |
"{84C8A41F-6CCB-4CC9-A053-44318A46A54C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{86A5B58C-9BE6-47BA-85B7-5C87BCBED0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{8BA2A49C-FF73-4F8A-88F6-C2F20D3A82B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8C0D83ED-7551-484B-926B-76746A7433B1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8C466F66-A0AC-4752-82B1-854E79BB7D33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{8CAE4D0A-34E4-4F94-AB5F-DF3009653175}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{91571BDE-B93B-49C2-BF3C-8DBF754C2BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{93B298E9-8B71-45FE-A273-825ECF9B4143}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{98718522-FF59-4785-847E-0B1803BFD2F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe |
"{996794BF-31CB-411F-B508-9B23032FCBA7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{9B37E350-A3FD-4560-9015-F501CCBE2005}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{9C2F3460-1105-42DE-9882-8235BD9B4930}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counterstrike source beta\hl2.exe |
"{9CA3CE5B-F720-4A00-BAD8-01ECC36F0243}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A062CAA3-9C87-4AE6-A40C-B7694EDEDBB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{A6F73952-F93A-4FEF-810F-36BC86C0D3D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{A703B5E4-EE3D-451E-9225-B03ED9245C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{A962CB4D-640F-47AB-9E52-A0A5300F98D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe |
"{AB732EC7-DB53-4CE3-8AEC-77F1C66C045D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BDD4E825-6EE1-47E9-B385-459DB65B88BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C16A3664-5574-4E50-AAEF-3A8E16308F18}" = protocol=6 | dir=in | app=f:\programme\myphoneexplorer\myphoneexplorer.exe |
"{C610F5C4-34B3-4359-9838-94F743ED46F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{CAB0E10B-9952-4B83-9C7C-AB053E6B63B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEC3564C-4A46-4872-83A3-B99DD7A00609}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D6DE4291-D9DF-45FA-A1E7-AC7967DB2DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{DBFF8AAC-BEE7-4876-B4FA-04FD5FC587F7}" = protocol=17 | dir=in | app=f:\programme\sum\game.dat |
"{DCEC2576-2AB4-428F-B436-CC9F5332647E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{E129F2B1-6361-4DE3-8A46-976F20C885A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe |
"{E46A2971-59BE-423D-9368-C0F57129DFF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{E4E6A47C-32EA-4474-9DB8-C8BCB78AA900}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{E9696757-C260-4350-A963-0D9979405D07}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{F16BAD75-C530-4CCD-B945-8129632217CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe |
"{F2CEA361-774B-4366-99E4-43E8D3F53677}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{F4A364A1-1675-4245-99B8-3EBC424EC31E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{FC8BB9D9-2583-40B2-82EC-D9D7C406354B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe |
"{FE60E49D-D221-4041-99AB-159D54A3DA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{3270D13C-46D3-4E26-891C-57C8507A9D43}C:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe |
"TCP Query User{368479B6-9947-4067-9876-52F31EB1A8C0}F:\programme\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=f:\programme\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{37B7E6B9-7706-43FE-A6D6-BFCC9B6C05DA}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{44C4D997-D844-4B24-8089-29EDC2D8DA75}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe |
"TCP Query User{5A16633B-5412-4B40-B6DB-78A6E47F6164}C:\users\jul\appdata\local\temp\b03cebaf18cc4431826df2ecce7777f3\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\jul\appdata\local\temp\b03cebaf18cc4431826df2ecce7777f3\relicdownloader.exe |
"TCP Query User{5B82EEDC-F2C2-4473-9288-3ACCFAF18E3F}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{6548054D-0733-4957-997C-43AD0BC34966}F:\programme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\programme\guild wars 2\gw2.exe |
"TCP Query User{66DAA127-C8F5-4EC2-BE59-970BB671DF84}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{6856478A-4A58-4A9C-B73C-86B38F53757C}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{8CE75192-9A1A-449A-A334-C30ACB25B41C}F:\programme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\programme\guild wars 2\gw2.exe |
"TCP Query User{91F13075-C5E4-4951-B04D-F5599D5BCBAF}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{93168633-9841-471A-97BA-B0EB263AD789}C:\program files (x86)\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rfactor\rfactor.exe |
"TCP Query User{B93C58AC-89F3-4CEB-81F4-5EBB6BB1A8BC}C:\program files (x86)\steam\steamapps\haldir_haldus\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\age of chivalry\hl2.exe |
"TCP Query User{CC985529-9E1C-4AC7-B623-D491A13E152C}C:\program files (x86)\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rfactor\rfactor.exe |
"TCP Query User{D2C0C66A-4E9F-4D18-9C79-5C58E624413C}C:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"TCP Query User{DEF6B4C3-5C4B-4664-9169-105676513025}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe |
"TCP Query User{EC136F2F-153D-44F8-AE12-2C926C94B01D}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{F3139AFF-DA30-4827-A3B4-1FF7A97A6F22}C:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe |
"UDP Query User{0118CC13-6D4E-4519-82EE-48E9731C1E95}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe |
"UDP Query User{1C61C821-D949-41BD-9319-F4214AB58DD2}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{24E973ED-3095-4A9F-B619-57A8907F7290}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{346CA2F8-D69E-4E11-BCF7-331C4FD6ADA1}C:\users\jul\appdata\local\temp\b03cebaf18cc4431826df2ecce7777f3\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\jul\appdata\local\temp\b03cebaf18cc4431826df2ecce7777f3\relicdownloader.exe |
"UDP Query User{3CA28F49-AC94-488F-98BF-4226135E7535}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{3F976E1F-DE41-441A-87A9-1345BD27CD85}C:\program files (x86)\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rfactor\rfactor.exe |
"UDP Query User{5CD4D7F6-F08F-477F-BA6F-16905912BC5B}C:\program files (x86)\steam\steamapps\haldir_haldus\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\age of chivalry\hl2.exe |
"UDP Query User{76FA96C4-ED83-4B13-B2A1-3037997BE439}C:\program files (x86)\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rfactor\rfactor.exe |
"UDP Query User{82DDDFFF-BE5B-4D9F-9DAB-7E88ACCAB4E1}F:\programme\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=f:\programme\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{8648DC76-D362-4D8E-9CA4-A3373F45F159}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{9FEE0D15-C289-496A-804D-59D145E73C18}F:\programme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\programme\guild wars 2\gw2.exe |
"UDP Query User{A48B3B90-166B-4970-9138-771B6BE71167}F:\programme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\programme\guild wars 2\gw2.exe |
"UDP Query User{BA619B00-AF95-410D-A3F7-984B8E63066D}C:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\counter-strike source\hl2.exe |
"UDP Query User{D05DA403-7191-4CEF-832B-F55D1A666D15}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{D59B6901-A1B1-4FB7-9E3B-5A0539DF13E2}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe |
"UDP Query User{D8C724BD-5919-400A-8097-D141F0B8E44C}C:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{DA6A234E-C58D-49E6-86D2-C14B2F83BF60}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{E4A9698A-DB3F-44CF-905D-2846836177DC}C:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\haldir_haldus\day of defeat source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0705EEB6-2F15-4D19-B37D-84C953E93D18}" = aerosoft's - German Airports 2 X - FS2004
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07906CEC-22BB-46E4-A492-F92ED8BDA477}" = Typhoon Gold
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7AD425-1DF7-48B2-97CE-833B8454FEFE}" = aerosoft's - Mega Airport Munich
"{20A96613-3802-436C-842E-653C62FABA0D}" = aerosoft's - AES-Base&&AirportPack - FS2004
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216027F0}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4B2C32DE-2C82-4B16-B9D8-D7DEB98FEEF2}" = BlueStacks
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6744F26B-65BD-4D5D-AB43-DF0607659133}" = aerosoft's - Gibraltar
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CA1B5126-075A-4D40-B410-12B3A6326E20}" = Brother HL-3040CN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDEFD1A3-7837-4D6E-931E-6EC9DD8B309E}" = Brother HL-4040CN
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D86B6E8D-F224-4BB6-B959-C8EDC5300B5D}" = aerosoft's - Mega Airport Stockholm Arlanda
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"Android SDK Tools" = Android SDK Tools
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Blitzkrieg" = Blitzkrieg Mod
"CoH Community Mappack" = CoH Community Mappack
"Company of Heroes" = Company of Heroes
"DCS Black Shark" = DCS Black Shark
"Eastern Front" = Eastern Front
"F1 2011 DRS TrackPack 1" = F1 2011 DRS TrackPack 1
"F1 2011 DRS TrackPack 2" = F1 2011 DRS TrackPack 2
"F1RFT 2010 MP V1.0 Final" = F1RFT 2010 MP V1.0 Final
"F1RFT 2010 TrackPack 1" = F1RFT 2010 TrackPack 1
"F1RFT 2010 TrackPack 2" = F1RFT 2010 TrackPack 2
"F1RFT 2011 FINAL" = F1RFT 2011 FINAL
"F1RFT 2011 UPDATE" = F1RFT 2011 UPDATE
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"Formula One 1998 by GPTeam - Mod V 2.0" = Formula One 1998 by GPTeam - Mod V 2.0
"Formula One 1998 by GPTeam - Trackpack V 1.0" = Formula One 1998 by GPTeam - Trackpack V 1.0
"Formula One 1998 by GPTeam - Trackpack V 1.0 P2" = Formula One 1998 by GPTeam - Trackpack V 1.0 P2
"Foxit Reader_is1" = Foxit Reader 5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Hamburg-City Scenery " = Hamburg-City Scenery
"InstallShield_{07906CEC-22BB-46E4-A492-F92ED8BDA477}" = Typhoon Gold
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"LockOn Flaming Cliffs 2_is1" = LockOn Flaming Cliffs 2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Official Formula 1 Racing" = Official Formula 1 Racing
"paw·ned²" = paw·ned² v1.3
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"rFactor" = rFactor (remove only)
"rFactor2" = rFactor2
"RfcClient" = rFactorCentral Client 1.04
"ST6UNST #1" = Visual Basic 6.0 Runtime&Steuerelemente
"Steam App 107400" = ARMA 2: Free
"Steam App 17510" = Age of Chivalry
"Steam App 22100" = Mount & Blade
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 300" = Day of Defeat: Source
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Tunngle beta_is1" = Tunngle beta
"vETNH 1.0" = vETNH 1.0
"vETNH 1.0 Extra I (Comet)" = vETNH 1.0 Extra I (Comet)
"vETNH 1.0 Extra II Trw-Dock" = vETNH 1.0 Extra II Trw-Dock
"vETNH 1.0 Traffic-Pack I (Transall C-160)" = vETNH 1.0 Traffic-Pack I (Transall C-160)
"vETNH 1.0 Traffic-Pack II (GFD-Jets)" = vETNH 1.0 Traffic-Pack II (GFD-Jets)
"vETNH 1.0 Traffic-Pack III (Bell UH1D)" = vETNH 1.0 Traffic-Pack III (Bell UH1D)
"VLC media player" = VLC media player 2.0.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Android Screencast" = Android Screencast
"Eurofighter Typhoon AddOn" = Eurofighter Typhoon AddOn
"Mod VFR F1 2012" = Mod VFR F1 2012
"NH-90 tth German Pack for FS2004" = NH-90 tth German Pack for FS2004
"RNZAF NH-90 tth Helicopter for FS2004" = RNZAF NH-90 tth Helicopter for FS2004
"Saab 35 Draken" = Saab 35 Draken
"Scenery Rostock-Laage / AddOn" = Scenery Rostock-Laage / AddOn
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The German NH90 TTH Servicepack 2" = The German NH90 TTH Servicepack 2
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.10.2012 12:03:41 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 26.10.2012 20:58:18 | Computer Name = PhenomII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x688 Startzeit der fehlerhaften Anwendung: 0x01cdb36d1925d100
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
64bf060d-1fd1-11e2-b94a-6cf049e3c706
Error - 27.10.2012 11:54:36 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 27.10.2012 18:32:59 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 30.10.2012 21:34:11 | Computer Name = PhenomII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01cdb6d796238c18
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
117e9f0e-22fb-11e2-ab79-6cf049e3c706
Error - 31.10.2012 14:49:14 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.10.2012 22:45:33 | Computer Name = PhenomII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x660 Startzeit der fehlerhaften Anwendung: 0x01cdb7601621b7cb
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
34baea7c-23ce-11e2-ab7a-6cf049e3c706
Error - 01.11.2012 09:04:48 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 01.11.2012 22:35:19 | Computer Name = PhenomII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x68c Startzeit der fehlerhaften Anwendung: 0x01cdb829fd624d5a
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
f0b09b64-2495-11e2-a88a-6cf049e3c706
Error - 02.11.2012 12:43:10 | Computer Name = PhenomII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
Zeitstempel: 0x50882871 Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
Zeitstempel: 0x508827d6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00130ef7 ID des fehlerhaften
Prozesses: 0xf74 Startzeit der fehlerhaften Anwendung: 0x01cdb8ffbaf21bcb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
62a9b41d-250c-11e2-b9bb-6cf049e3c706
Error - 02.11.2012 14:29:32 | Computer Name = PhenomII | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\rFactor2\Core\ModMgr.exe". Fehler in Manifest- oder Richtliniendatei "" in
Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ System Events ]
Error - 26.08.2012 11:25:46 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.08.2012 11:39:18 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.08.2012 11:39:19 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 26.08.2012 11:55:08 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 26.08.2012 12:03:33 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.08.2012 22:10:21 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 27.08.2012 09:17:28 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 27.08.2012 22:02:19 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2012 08:00:40 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.08.2012 08:00:49 | Computer Name = PhenomII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
--- --- ---
Und OTL
OTL Logfile: Code:
OTL logfile created on: 02.11.2012 20:25:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jul\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,93% Memory free
7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 58,24 Gb Free Space | 25,02% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,87 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive E: | 424,50 Gb Total Space | 28,11 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive F: | 506,91 Gb Total Space | 426,39 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PHENOMII | User Name: jul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.02 20:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jul\Desktop\OTL.exe
PRC - [2012.08.16 16:46:12 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-FileSystem.exe
PRC - [2012.08.16 16:46:10 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.08.16 16:45:40 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2012.08.16 16:45:38 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2012.08.16 16:45:30 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2012.08.08 13:44:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 22:36:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 22:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.25 22:59:21 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.01 21:10:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.09.08 00:31:03 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.16 16:46:10 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.08.16 16:45:30 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.06.14 10:37:10 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.10 22:36:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.10 22:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.25 22:59:21 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.10 22:36:45 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 22:36:45 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.07.06 11:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.11.19 03:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 03:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.01 15:37:06 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2012.08.16 16:46:04 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14672
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F71BF60-9409-45D5-8EFD-799593020DF8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=fab14396-c439-4752-a39b-657003e10ce4&apn_sauid=908EEEC8-B575-49C0-89E7-A7DF273405CD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "google.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.9
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&q="
FF - prefs.js..network.proxy.http: "174.137.150.198"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 21:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.08.26 16:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jul\AppData\Roaming\mozilla\Extensions
[2012.10.26 17:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jul\AppData\Roaming\mozilla\Firefox\Profiles\njbs0rh3.default\extensions
[2012.09.20 19:25:29 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\jul\AppData\Roaming\mozilla\Firefox\Profiles\njbs0rh3.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.09.27 12:17:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\jul\AppData\Roaming\mozilla\Firefox\Profiles\njbs0rh3.default\extensions\firefox@ghostery.com
[2012.09.27 12:17:50 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\jul\AppData\Roaming\mozilla\Firefox\Profiles\njbs0rh3.default\extensions\ich@maltegoetz.de
[2012.10.26 17:09:52 | 000,530,068 | ---- | M] () (No name found) -- C:\Users\jul\AppData\Roaming\mozilla\firefox\profiles\njbs0rh3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 00:22:58 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\jul\AppData\Roaming\mozilla\firefox\profiles\njbs0rh3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.12 18:27:27 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\jul\AppData\Roaming\mozilla\firefox\profiles\njbs0rh3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\jul\AppData\Roaming\mozilla\firefox\profiles\njbs0rh3.default\searchplugins\askcom.xml
[2012.11.02 17:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 14:45:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 13:24:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:53:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 13:24:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 13:24:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 13:24:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 13:24:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\jul\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\jul\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F69340-67CF-49A7-A475-36E14040C2AA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3411E132-12B6-4967-AE56-86F6F2068110}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0fa40d4e-e156-11e1-9d73-6cf049e3c706}\Shell - "" = AutoRun
O33 - MountPoints2\{0fa40d4e-e156-11e1-9d73-6cf049e3c706}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.11.02 20:24:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jul\Desktop\OTL.exe
[2012.11.01 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.27 14:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 01:04:11 | 000,000,000 | ---D | C] -- C:\Users\jul\.mediathek3
[2012.10.23 22:26:24 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Roaming\.mono
[2012.10.23 22:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2012.10.23 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Roaming\Unity
[2012.10.23 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Local\Unity
[2012.10.20 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Local\Macromedia
[2012.10.20 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Local\AMD
[2012.10.20 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Local\ATI
[2012.10.20 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Local\LogMeIn Hamachi
[2012.10.20 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\jul\AppData\Roaming\InstallShield
[2012.10.14 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2012.10.14 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2012.10.07 00:22:48 | 003,862,224 | ---- | C] (Tunngle.net GmbH ) -- C:\Users\jul\Desktop\Tunngle_Setup_v4.4.1.5.exe
[2012.10.06 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.08.26 15:15:49 | 000,070,985 | ---- | C] (Google Inc.) -- C:\Users\jul\uninstall.exe
[2012.01.19 22:49:36 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\Users\jul\msinet.ocx
========== Files - Modified Within 30 Days ==========
[2012.11.02 20:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jul\Desktop\OTL.exe
[2012.11.02 14:40:53 | 000,000,213 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.11.02 14:27:39 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 14:27:39 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 14:27:04 | 001,639,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.02 14:27:04 | 000,706,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.02 14:27:04 | 000,660,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.02 14:27:04 | 000,152,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.02 14:27:04 | 000,124,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.02 14:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 14:19:56 | 3218,493,440 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.26 23:24:04 | 000,196,052 | ---- | M] () -- C:\Users\jul\Desktop\38BA7B1D-EF8B-488F-8520-80EA60FEFF8F.jpg
[2012.10.26 22:37:03 | 000,181,498 | ---- | M] () -- C:\Users\jul\Desktop\D4E1513A-FEAA-4020-B567-4FD4DC91DE23.jpg
[2012.10.25 15:04:06 | 000,013,265 | ---- | M] () -- C:\Users\jul\Desktop\1.png
[2012.10.25 14:48:56 | 001,507,328 | ---- | M] () -- C:\Users\jul\Desktop\ATE.iso
[2012.10.24 15:29:25 | 004,554,601 | ---- | M] () -- C:\Users\jul\Desktop\DSC_0016.JPG
[2012.10.23 23:19:32 | 003,535,806 | ---- | M] () -- C:\Users\jul\Documents\ROP4020-22x_Textheft.zip
[2012.10.20 22:13:49 | 000,105,121 | ---- | M] () -- C:\Users\jul\Desktop\Bild 1.jpg
[2012.10.20 22:13:07 | 001,864,422 | ---- | M] () -- C:\Users\jul\Desktop\30.05.12 028.jpg
[2012.10.20 22:12:59 | 001,834,829 | ---- | M] () -- C:\Users\jul\Desktop\30.05.12 008.jpg
[2012.10.20 00:11:51 | 1300,313,356 | ---- | M] () -- C:\Users\jul\ECHO_Klassik_2012-ECHO_Klassik_2012-121014_echoklassik2012_eds_1596k_p13v9.mp4.flv
[2012.10.16 20:51:42 | 000,067,586 | ---- | M] () -- C:\Users\jul\Desktop\aaaaaaa.jpg
[2012.10.16 20:40:33 | 000,090,354 | ---- | M] () -- C:\Users\jul\Desktop\problem.jpg
[2012.10.14 20:44:50 | 096,302,558 | ---- | M] () -- C:\Users\jul\Desktop\Wintersun - 2012 - Time I.zip
[2012.10.14 19:24:52 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2012.10.14 19:24:34 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[2012.10.11 21:26:06 | 000,133,581 | ---- | M] () -- C:\Users\jul\Desktop\2012-10-11_00001.jpg
[2012.10.11 20:59:14 | 000,191,861 | ---- | M] () -- C:\Users\jul\Desktop\4E267193-76CE-44E9-81F4-F2828DB6863B.jpg
[2012.10.11 18:38:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.10.10 21:02:03 | 000,136,683 | ---- | M] () -- C:\Users\jul\Desktop\7E1851B9-5182-40C4-BFC0-438221361690.jpg
[2012.10.07 00:25:34 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.10.07 00:22:52 | 003,862,224 | ---- | M] (Tunngle.net GmbH ) -- C:\Users\jul\Desktop\Tunngle_Setup_v4.4.1.5.exe
[2012.10.06 14:56:03 | 000,531,728 | ---- | M] () -- C:\Users\jul\Desktop\2012-04-18 20.42.51.jpg
========== Files Created - No Company Name ==========
[2012.10.26 23:24:01 | 000,196,052 | ---- | C] () -- C:\Users\jul\Desktop\38BA7B1D-EF8B-488F-8520-80EA60FEFF8F.jpg
[2012.10.26 22:36:45 | 000,181,498 | ---- | C] () -- C:\Users\jul\Desktop\D4E1513A-FEAA-4020-B567-4FD4DC91DE23.jpg
[2012.10.25 15:03:57 | 000,013,265 | ---- | C] () -- C:\Users\jul\Desktop\1.png
[2012.10.25 14:48:10 | 001,507,328 | ---- | C] () -- C:\Users\jul\Desktop\ATE.iso
[2012.10.24 15:29:24 | 004,554,601 | ---- | C] () -- C:\Users\jul\Desktop\DSC_0016.JPG
[2012.10.23 23:19:28 | 003,535,806 | ---- | C] () -- C:\Users\jul\Documents\ROP4020-22x_Textheft.zip
[2012.10.20 22:13:36 | 000,105,121 | ---- | C] () -- C:\Users\jul\Desktop\Bild 1.jpg
[2012.10.20 22:11:41 | 001,864,422 | ---- | C] () -- C:\Users\jul\Desktop\30.05.12 028.jpg
[2012.10.20 22:11:00 | 001,834,829 | ---- | C] () -- C:\Users\jul\Desktop\30.05.12 008.jpg
[2012.10.19 23:52:41 | 1300,313,356 | ---- | C] () -- C:\Users\jul\ECHO_Klassik_2012-ECHO_Klassik_2012-121014_echoklassik2012_eds_1596k_p13v9.mp4.flv
[2012.10.16 20:51:41 | 000,067,586 | ---- | C] () -- C:\Users\jul\Desktop\aaaaaaa.jpg
[2012.10.16 20:40:31 | 000,090,354 | ---- | C] () -- C:\Users\jul\Desktop\problem.jpg
[2012.10.14 20:08:21 | 096,302,558 | ---- | C] () -- C:\Users\jul\Desktop\Wintersun - 2012 - Time I.zip
[2012.10.14 19:24:52 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2012.10.14 19:24:34 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2012.10.11 21:25:52 | 000,133,581 | ---- | C] () -- C:\Users\jul\Desktop\2012-10-11_00001.jpg
[2012.10.11 20:59:10 | 000,191,861 | ---- | C] () -- C:\Users\jul\Desktop\4E267193-76CE-44E9-81F4-F2828DB6863B.jpg
[2012.10.10 21:02:01 | 000,136,683 | ---- | C] () -- C:\Users\jul\Desktop\7E1851B9-5182-40C4-BFC0-438221361690.jpg
[2012.10.07 13:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.10.07 00:25:34 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.10.06 14:56:00 | 000,531,728 | ---- | C] () -- C:\Users\jul\Desktop\2012-04-18 20.42.51.jpg
[2012.09.27 13:24:45 | 000,001,219 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2012.08.09 21:17:32 | 000,357,814 | ---- | C] () -- C:\Users\jul\SDK Manager.exe
[2012.08.09 21:17:32 | 000,357,814 | ---- | C] () -- C:\Users\jul\AVD Manager.exe
[2012.06.12 13:32:04 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012.03.09 21:56:54 | 001,617,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.25 21:49:20 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.25 21:49:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.17 09:04:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat
[2012.01.17 09:04:13 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.17 09:04:11 | 000,020,605 | ---- | C] () -- C:\Windows\HL-4040CN.INI
[2012.01.17 08:59:59 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.17 08:59:58 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.01.17 08:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.01.17 08:59:56 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2012.01.17 08:59:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.01.17 08:59:54 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.01.17 08:58:50 | 000,000,213 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.01.16 22:24:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.10.23 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\.mono
[2012.10.19 18:54:38 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\.purple
[2012.08.27 23:43:02 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Foxit Software
[2012.08.26 18:02:12 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\gtk-2.0
[2012.08.26 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\LibreOffice
[2012.09.28 16:52:54 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012.09.14 18:29:05 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Mount&Blade Warband
[2012.08.26 18:02:14 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\MyPhoneExplorer
[2012.08.26 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\PunkBuster
[2012.08.26 18:02:14 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Thunderbird
[2012.10.07 02:22:07 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Tunngle
[2012.08.26 18:02:14 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Ubisoft
[2012.10.23 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\jul\AppData\Roaming\Unity
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.02.17 14:44:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.17 14:42:02 | 000,000,000 | ---D | M] -- C:\AMD
[2012.01.16 22:21:09 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.16 22:15:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.26 17:58:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.02 18:27:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.23 22:26:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.16 22:15:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.16 22:15:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.17 15:21:51 | 000,000,000 | ---D | M] -- C:\scenery
[2012.11.02 20:26:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.26 16:26:02 | 000,000,000 | ---D | M] -- C:\Temp
[2012.03.04 14:29:39 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012.08.26 18:01:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.26 22:12:18 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.09.27 13:24:51 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.08.09 21:17:32 | 000,357,814 | ---- | M] () -- C:\Users\jul\AVD Manager.exe
[2012.10.20 00:11:51 | 1300,313,356 | ---- | M] () -- C:\Users\jul\ECHO_Klassik_2012-ECHO_Klassik_2012-121014_echoklassik2012_eds_1596k_p13v9.mp4.flv
[2009.03.24 12:52:32 | 000,136,008 | ---- | M] (Microsoft Corporation) -- C:\Users\jul\msinet.ocx
[2012.11.02 20:29:03 | 002,621,440 | -HS- | M] () -- C:\Users\jul\ntuser.dat
[2012.11.02 20:29:03 | 000,262,144 | -HS- | M] () -- C:\Users\jul\ntuser.dat.LOG1
[2012.08.26 16:39:21 | 000,000,000 | -HS- | M] () -- C:\Users\jul\ntuser.dat.LOG2
[2012.08.26 16:55:05 | 000,065,536 | -HS- | M] () -- C:\Users\jul\ntuser.dat{27f57f39-ef94-11e1-a6ed-6cf049e3c706}.TM.blf
[2012.08.26 16:55:05 | 000,524,288 | -HS- | M] () -- C:\Users\jul\ntuser.dat{27f57f39-ef94-11e1-a6ed-6cf049e3c706}.TMContainer00000000000000000001.regtrans-ms
[2012.08.26 16:55:05 | 000,524,288 | -HS- | M] () -- C:\Users\jul\ntuser.dat{27f57f39-ef94-11e1-a6ed-6cf049e3c706}.TMContainer00000000000000000002.regtrans-ms
[2012.08.27 03:10:18 | 000,065,536 | -HS- | M] () -- C:\Users\jul\ntuser.dat{8d05c85c-ef97-11e1-9fd5-6cf049e3c706}.TM.blf
[2012.08.27 03:10:18 | 000,524,288 | -HS- | M] () -- C:\Users\jul\ntuser.dat{8d05c85c-ef97-11e1-9fd5-6cf049e3c706}.TMContainer00000000000000000001.regtrans-ms
[2012.08.27 03:10:18 | 000,524,288 | -HS- | M] () -- C:\Users\jul\ntuser.dat{8d05c85c-ef97-11e1-9fd5-6cf049e3c706}.TMContainer00000000000000000002.regtrans-ms
[2012.01.16 22:15:29 | 000,000,020 | -HS- | M] () -- C:\Users\jul\ntuser.ini
[2012.08.09 21:17:32 | 000,357,814 | ---- | M] () -- C:\Users\jul\SDK Manager.exe
[2012.08.26 15:15:49 | 000,070,985 | ---- | M] (Google Inc.) -- C:\Users\jul\uninstall.exe
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
< End of report >
--- --- --- |
