Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Anständig hohe Ram Auslastung (https://www.trojaner-board.de/136759-anstaendig-hohe-ram-auslastung.html)

Mexeroser 17.06.2013 16:09
Anständig hohe Ram Auslastung
 
Hallo Leser/Leserinnen!
Seit gestern habe ich ein etwas größeres Problem:
Mein neuer Laptop (Medion Erazer X7819) rennt unter ständiger 80-90% RAM auslastung, auch gleich nach dem Start, obwohl ich nichts mache.
Im Taskmanager hab ich schon nachgesehen, dort finden sich aber nur wenige Prozesse vor und wenn man den dort angezeigten Arbeitsspeicher zusammenrechnet komme ich gelegentlich auf 2 GB RAM, dabei hat mein PC eigentlich 16!!! (Ja ich weiß das Betriebssystem braucht auch etwas aber dass das 14 von 16 braucht scheint mir komisch)

Nun habe ich schon einen Antivira Virenscan durchgeführt und nichts gefunden, und da das Problem immernoch besteht und es beim Gaming doch extremst nervt, wollte ich euch fragen, ob ihr mir da weiterhelfen könnt.

Ich hoffe auf baldige Antwort und schon einmal ein großes Dankeschön an alle, die sich Zeit nehmen um mir Hilfe zu erstatten!

aharonov 17.06.2013 16:12
Hi,

kann natürlich mehrere Ursachen haben.. Aber da wir hier ein Malwarebereinigungsforum sind, können wir mal diesen Aspekt genauer unter die Lupe nehmen:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

Mexeroser 17.06.2013 18:18
Okay, hier sind die erstellten Logfiles:

Inhalt von OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 17.06.2013 17:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,89 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 6,93% Memory free
31,89 Gb Paging File | 15,52 Gb Available in Paging File | 48,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 636,92 Gb Total Space | 422,16 Gb Free Space | 66,28% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 39,34 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MEXEROSERS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.17 17:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2013.06.17 17:25:54 | 000,050,477 | ---- | M] () -- C:\Users\Markus\Downloads\Defogger.exe
PRC - [2013.06.14 13:21:11 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013.06.07 18:28:06 | 001,302,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013.06.07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013.06.07 00:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.04.26 14:07:32 | 001,374,096 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
PRC - [2013.04.15 20:23:10 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.21 05:33:38 | 000,806,784 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2013.03.19 20:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.15 18:45:18 | 005,202,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Asc.exe
PRC - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
PRC - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
PRC - [2012.09.25 17:38:08 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\SCM\MSIService.exe
PRC - [2012.09.06 06:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.09.01 20:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.08.27 10:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.07.30 09:17:20 | 000,258,576 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2012.07.17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.13 17:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
PRC - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.17 17:25:54 | 000,050,477 | ---- | M] () -- C:\Users\Markus\Downloads\Defogger.exe
MOD - [2013.06.15 01:54:19 | 013,140,872 | ---- | M] () -- C:\Users\Markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013.06.14 13:15:51 | 000,358,056 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013.06.14 13:15:49 | 000,313,000 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013.06.07 00:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.06.05 19:21:59 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8da760064c3905955f238581c0745323\System.IdentityModel.ni.dll
MOD - [2013.06.05 19:21:57 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\e1128d7f077daee61910ff4f86cc1227\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013.06.05 19:21:55 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\019e322f0b91c88501f2d308b1a70315\IAStorCommon.ni.dll
MOD - [2013.06.05 19:21:11 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\342ba26f59d438da1b1136e3e07628e4\IAStorUtil.ni.dll
MOD - [2013.06.05 19:21:01 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6dbc4794082bffd0ad3e2dcc750a2035\SMDiagnostics.ni.dll
MOD - [2013.06.05 19:21:00 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\98bf7d68f19f0a2dd15b26f97771ec24\System.ServiceModel.Internals.ni.dll
MOD - [2013.06.04 20:50:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.06.04 20:50:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll
MOD - [2013.06.04 20:50:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.06.04 20:50:17 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.06.04 20:50:10 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2013.06.04 20:50:00 | 007,562,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bacedff71df875743daa9064b85c4e66\System.Xml.ni.dll
MOD - [2013.06.04 20:49:55 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1bc35bb3e6a392c0fef52bc289e6d3d9\System.Windows.Forms.ni.dll
MOD - [2013.06.04 20:49:46 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ea94ce8e71afd55226ced104e6e832ce\System.ServiceModel.ni.dll
MOD - [2013.06.04 20:49:34 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\065a34657d599a218b43196a1be4c8d2\System.Runtime.Serialization.ni.dll
MOD - [2013.06.04 20:49:30 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9eff07ed10b6ae9f9b1159a7d3612fcb\System.Drawing.ni.dll
MOD - [2013.06.04 20:49:24 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\15cfd8d46cc19704f61dac68b2378760\System.Configuration.ni.dll
MOD - [2013.06.04 20:49:01 | 006,998,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b3d842ef956729e3ca0a3bc5e37ea6d8\System.Core.ni.dll
MOD - [2013.06.04 20:48:57 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\eaa570735a52e0010d3e9caa9ba50124\System.ni.dll
MOD - [2013.06.04 20:48:51 | 016,547,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93689d115589e64dd4912f7113a11656\mscorlib.ni.dll
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.05.07 03:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
MOD - [2012.10.15 10:53:40 | 001,229,696 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Scan.dll
MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
MOD - [2012.09.05 18:55:28 | 000,516,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\sqlite3.dll
MOD - [2012.08.28 04:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.06.08 13:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.04.14 15:42:02 | 000,224,600 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\Scan\smartscn.dll
MOD - [2011.11.22 10:50:56 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\trufos.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.06.07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.06.05 05:36:40 | 000,031,448 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe -- (RzOvlMon)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.04.26 14:07:40 | 001,498,000 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2013.03.19 20:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe -- (ASCAntivirusSrv)
SRV - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe -- (AdvancedSystemCareService6)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.19 13:27:10 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2012.09.25 17:38:08 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\SCM\MSIService.exe -- (Micro Star SCM)
SRV - [2012.09.25 01:08:16 | 000,490,496 | ---- | M] () [Auto | Stopped] -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV - [2012.09.21 14:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.13 06:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.09.06 06:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.27 10:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.08.15 19:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.18 14:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.07.18 14:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.07.18 14:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.07.18 14:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.07.17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)
SRV - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.10 17:28:37 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013.06.05 05:24:14 | 000,128,856 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013.06.05 05:24:14 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.05.12 23:42:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.04.18 22:45:48 | 000,021,320 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\droidpad.sys -- (droidpad)
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.25 01:09:26 | 000,074,096 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\bwcW8x64.sys -- (BfLwf)
DRV:64bit: - [2012.09.25 01:09:24 | 000,164,720 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e22w8x64.sys -- (Ke2200)
DRV:64bit: - [2012.09.20 11:50:39 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.17 16:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.13 08:26:34 | 004,293,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.09.01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.29 10:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.08.27 10:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.08.07 17:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2012.08.07 17:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RTL8192cu)
DRV:64bit: - [2012.08.06 13:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.23 18:35:44 | 000,295,760 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.19 07:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB5C0802-5901-49F3-A8BC-DD6D0E2280C3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0BDBA2AC-AEB5-4DB8-842A-AC40764EBF8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKCU\..\SearchScopes\{BB5C0802-5901-49F3-A8BC-DD6D0E2280C3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Markus\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Yahoo! Suche ? Websuche & Suchmaschine
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Docs = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Speed Dial 2 = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe (MSI)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe (MSI)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [GNE_SwapScreen] C:\Users\Markus\AppData\Local\Temp\Rar$EXa0.455\SwapScreen.exe (GNE)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Markus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B323494-3757-4F48-8708-4458ABC701A8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA9F76B-F49D-4ACD-9C09-321C60C9797E}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.17 15:58:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\NVIDIA
[2013.06.17 15:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.06.17 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.17 15:53:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.06.17 15:53:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.06.17 15:51:28 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013.06.17 15:23:01 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.06.16 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013.06.16 18:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013.06.16 18:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
[2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013.06.16 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.06.16 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Apple Computer
[2013.06.16 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.16 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\IObit
[2013.06.16 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.06.16 17:52:29 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira
[2013.06.16 17:48:19 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.16 17:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.16 17:46:26 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.06.16 17:46:26 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.06.16 17:46:26 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.06.16 17:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.16 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.06.13 15:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013.06.10 17:28:37 | 000,090,624 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2013.06.10 17:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2013.06.10 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2013.06.08 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidPad
[2013.06.08 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\droidpad
[2013.06.08 15:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\DroidPad
[2013.06.08 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Stardock_Corporation
[2013.06.08 11:19:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Stardock
[2013.06.08 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\DisplayFusion
[2013.06.08 11:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Binary Fortress Software
[2013.06.08 11:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[2013.06.08 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
[2013.06.08 11:00:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\DisplayFusion Backups
[2013.06.08 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\BitTorrent
[2013.06.07 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\raidcall
[2013.06.07 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.06.07 20:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.06.07 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.06.07 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Mumble
[2013.06.07 19:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2013.06.07 19:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2013.06.07 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\MotioninJoy
[2013.06.07 19:08:48 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2013.06.07 19:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2013.06.07 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2013.06.06 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Razer
[2013.06.06 19:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013.06.06 19:07:13 | 000,128,856 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013.06.06 19:07:13 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013.06.06 19:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013.06.06 19:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.06.06 19:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013.06.06 16:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.06 16:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.06.06 16:46:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.06.05 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013.06.05 20:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013.06.05 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013.06.04 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\iWisoft Free Video Converter
[2013.06.04 22:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWisoft Free Video Converter
[2013.06.04 22:15:40 | 000,139,264 | ---- | C] (Xvid.org: Home of the Xvid Codec) -- C:\Windows\SysWow64\xvid.ax
[2013.06.04 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWisoft Free Video Converter
[2013.06.04 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Meine empfangenen Dateien
[2013.06.04 09:15:02 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.06.04 09:15:00 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.06.03 20:41:54 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.06.02 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\ElevatedDiagnostics
[2013.06.01 14:57:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\LolClient
[2013.06.01 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\League of Legends
[2013.06.01 13:08:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\PMB Files
[2013.06.01 13:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.06.01 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.05.31 16:29:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Black_Tree_Gaming
[2013.05.31 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013.05.31 16:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013.05.31 16:24:46 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Skyrim
[2013.05.31 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Unity
[2013.05.31 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Unity
[2013.05.31 10:02:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\GNE
[2013.05.30 23:30:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.30 18:31:23 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\SCE
[2013.05.30 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Media Player Classic
[2013.05.30 18:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
[2013.05.30 18:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013.05.30 18:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2013.05.30 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2013.05.30 18:16:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Programs
[2013.05.30 17:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.05.30 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.30 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.05.30 17:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.30 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.30 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Adobe
[2013.05.30 16:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.05.30 16:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.30 16:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.05.30 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Lenovo
[2013.05.30 14:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.05.30 14:15:11 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.05.30 13:56:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2013.05.30 13:36:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\CyberLink
[2013.05.30 12:22:35 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\ms-drivers
[2013.05.30 12:22:34 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\MetaGeek,_LLC
[2013.05.30 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2013.05.30 12:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2013.05.30 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Diagnostics
[2013.05.30 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Benutzerdefinierte Office-Vorlagen
[2013.05.30 10:09:51 | 000,000,000 | R--D | C] -- C:\Users\Markus\SkyDrive
[2013.05.30 10:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.05.30 10:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.05.30 10:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.05.30 09:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.05.30 09:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013.05.30 09:11:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\NVIDIA
[2013.05.30 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\.minecraft
[2013.05.30 08:39:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TS3Client
[2013.05.30 08:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.05.30 08:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013.05.30 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013.05.30 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2013.05.30 01:26:26 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.30 01:26:16 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.05.30 00:55:31 | 000,000,000 | -H-D | C] -- C:\$SysReset
[2013.05.30 00:00:23 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Skype
[2013.05.30 00:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.05.29 23:58:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\WinRAR
[2013.05.29 23:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.29 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.29 23:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.29 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.05.29 23:55:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\LogMeIn Hamachi
[2013.05.29 23:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.29 23:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.29 23:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013.05.29 23:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2013.05.29 23:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2013.05.29 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.29 23:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.29 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google
[2013.05.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Deployment
[2013.05.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Apps
[2013.05.29 23:39:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.05.29 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Medion usw
[2013.05.29 23:39:27 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Intel Corporation
[2013.05.29 23:38:46 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\CyberLink
[2013.05.29 23:38:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\MSI
[2013.05.29 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Power2Go8
[2013.05.29 23:37:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\Searches
[2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.29 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Adobe
[2013.05.29 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\VirtualStore
[2013.05.29 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Intel
[2013.05.29 23:33:21 | 000,000,000 | --SD | C] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\Favorites
[2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\Desktop
[2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Vorlagen
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Verlauf
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Temporary Internet Files
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Startmenü
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\SendTo
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Recent
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Netzwerkumgebung
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Lokale Einstellungen
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Videos
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Musik
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Eigene Dateien
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Bilder
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Druckumgebung
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Cookies
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Anwendungsdaten
[2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Anwendungsdaten
[2013.05.29 23:33:21 | 000,000,000 | -H-D | C] -- C:\Users\Markus\AppData
[2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Temp
[2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\Roaming
[2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft
[2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.28 17:10:29 | 000,000,000 | ---D | C] -- C:\Games
[2013.05.28 17:08:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Nexus Mod Manager
[2013.05.27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\my games
[2013.05.27 18:59:33 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.05.27 18:18:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\.swt
[2013.05.26 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Avatar
[2013.05.26 19:05:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.26 18:59:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\CyberLink
[2013.05.26 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Guild Wars 2
[2013.05.26 16:36:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.05.26 16:22:29 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Youcam
[2013.05.26 16:20:52 | 000,000,000 | R--D | C] -- C:\Users\Markus\Contacts
[2013.05.26 16:19:52 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Packages
[2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Pictures
[2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Music
[2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links
[2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Downloads
[2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Documents
[2013.05.26 16:19:31 | 000,000,000 | R--D | C] -- C:\Users\Markus\Videos
[2013.05.26 16:19:31 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Markus\Documents\*.tmp files -> C:\Users\Markus\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.17 17:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable
[2013.06.17 16:47:23 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.17 15:55:04 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.06.17 15:18:15 | 000,007,621 | ---- | M] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
[2013.06.17 15:07:56 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.17 15:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 22:14:04 | 000,137,216 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\RZR_00705e9a40c9ab19f89c8d6c5e35.db
[2013.06.16 18:53:46 | 000,001,250 | ---- | M] () -- C:\Users\Markus\Desktop\Razer Comms.lnk
[2013.06.16 18:12:17 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
[2013.06.16 18:02:58 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013.06.16 18:02:58 | 000,000,000 | ---- | M] () -- C:\prefs.js
[2013.06.16 17:48:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.16 17:46:39 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.13 20:25:41 | 000,791,060 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.06.13 20:25:41 | 000,786,588 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.06.13 20:25:41 | 000,782,014 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.06.13 20:25:41 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.13 20:25:41 | 000,731,582 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.06.13 20:25:41 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.13 20:25:41 | 000,456,714 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.06.13 20:25:41 | 000,427,352 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.06.13 20:25:41 | 000,174,554 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.06.13 20:25:41 | 000,159,122 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.06.13 20:25:41 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.13 20:25:41 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.06.13 20:25:41 | 000,153,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.06.13 20:25:41 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.13 20:25:41 | 000,081,986 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.06.13 20:25:41 | 000,079,958 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.06.13 20:25:40 | 006,521,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.10 18:25:08 | 004,818,070 | ---- | M] () -- C:\Users\Markus\Documents\Too Many Dicks On The Dancefloor - Flight Of The Conchords.mp3
[2013.06.10 17:28:37 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2013.06.08 15:35:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.06.08 11:19:32 | 000,002,030 | ---- | M] () -- C:\Users\Markus\Desktop\Customize Fences.lnk
[2013.06.08 11:03:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2013.06.08 10:52:10 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013.06.07 20:04:56 | 000,001,011 | ---- | M] () -- C:\Users\Markus\Desktop\RaidCall.lnk
[2013.06.07 20:04:56 | 000,001,011 | ---- | M] () -- C:\Users\Markus\Desktop\RaidCall (2).lnk
[2013.06.07 19:48:02 | 000,002,385 | ---- | M] () -- C:\Users\Markus\Documents\MumbleAutomaticCertificateBackup.p12
[2013.06.07 19:08:49 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2013.06.07 18:58:59 | 038,826,181 | ---- | M] () -- C:\Users\Markus\Desktop\hammerwatch_beta_1.04.zip
[2013.06.06 23:24:36 | 007,078,480 | ---- | M] () -- C:\Users\Markus\Documents\Raubkopierer Werbung Video Pirating Commercial.avi
[2013.06.06 21:48:28 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.06 21:48:28 | 000,002,187 | ---- | M] () -- C:\Users\Markus\Desktop\Google Chrome.lnk
[2013.06.06 19:24:58 | 005,069,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.06 19:24:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.06 19:24:27 | 767,967,229 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 19:07:23 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013.06.06 19:07:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013.06.06 16:46:55 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.06 16:46:55 | 000,002,517 | ---- | M] () -- C:\Users\Markus\Desktop\Skype.lnk
[2013.06.05 20:36:39 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013.06.05 05:24:14 | 000,128,856 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013.06.05 05:24:14 | 000,074,456 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013.06.04 22:15:41 | 000,001,077 | ---- | M] () -- C:\Users\Markus\Desktop\iWisoft Free Video Converter.lnk
[2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.06.02 17:00:19 | 000,000,000 | -H-- | M] () -- C:\Users\Markus\Documents\Default.rdp
[2013.06.01 14:56:09 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.31 20:47:58 | 000,002,812 | ---- | M] () -- C:\Users\Markus\Desktop\Skyrim.lnk
[2013.05.31 16:29:07 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.05.31 10:01:48 | 000,216,550 | ---- | M] () -- C:\Users\Markus\Desktop\DualMonitorTools-1.8.zip
[2013.05.30 18:21:02 | 000,001,716 | ---- | M] () -- C:\Users\Markus\Desktop\MPC-HC x64.lnk
[2013.05.30 18:03:09 | 000,001,079 | ---- | M] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2013.05.30 17:18:48 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.05.30 16:47:38 | 000,000,222 | ---- | M] () -- C:\Users\Markus\Desktop\PlanetSide 2.url
[2013.05.30 16:41:06 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.30 14:15:14 | 000,000,566 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.05.30 12:22:35 | 000,000,037 | -HS- | M] () -- C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
[2013.05.30 12:21:35 | 000,002,935 | ---- | M] () -- C:\Users\Markus\Desktop\inSSIDer 3.lnk
[2013.05.30 08:27:37 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.30 08:27:37 | 000,000,971 | ---- | M] () -- C:\Users\Markus\Desktop\TeamSpeak 3 Client.lnk
[2013.05.30 08:21:54 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.05.30 08:21:54 | 000,000,936 | ---- | M] () -- C:\Users\Markus\Desktop\Guild Wars 2.lnk
[2013.05.29 23:33:40 | 000,024,768 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013.05.29 23:33:40 | 000,024,768 | ---- | M] () -- C:\Windows\diagerr.xml
[2013.05.26 17:42:21 | 000,263,186 | ---- | M] () -- C:\Users\Markus\Desktop\Minecraft.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Markus\Documents\*.tmp files -> C:\Users\Markus\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 17:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable
[2013.06.17 15:55:04 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.06.17 15:15:21 | 000,007,621 | ---- | C] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
[2013.06.16 18:53:46 | 000,001,250 | ---- | C] () -- C:\Users\Markus\Desktop\Razer Comms.lnk
[2013.06.16 18:12:17 | 000,001,274 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
[2013.06.16 18:02:58 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013.06.16 18:02:58 | 000,000,000 | ---- | C] () -- C:\prefs.js
[2013.06.16 17:46:39 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.10 18:25:03 | 004,818,070 | ---- | C] () -- C:\Users\Markus\Documents\Too Many Dicks On The Dancefloor - Flight Of The Conchords.mp3
[2013.06.08 15:35:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.06.08 11:38:14 | 000,002,517 | ---- | C] () -- C:\Users\Markus\Desktop\Skype.lnk
[2013.06.08 11:37:40 | 000,000,971 | ---- | C] () -- C:\Users\Markus\Desktop\TeamSpeak 3 Client.lnk
[2013.06.08 11:37:24 | 000,001,011 | ---- | C] () -- C:\Users\Markus\Desktop\RaidCall (2).lnk
[2013.06.08 11:36:50 | 000,000,936 | ---- | C] () -- C:\Users\Markus\Desktop\Guild Wars 2.lnk
[2013.06.08 11:36:37 | 000,002,187 | ---- | C] () -- C:\Users\Markus\Desktop\Google Chrome.lnk
[2013.06.08 11:19:32 | 000,002,030 | ---- | C] () -- C:\Users\Markus\Desktop\Customize Fences.lnk
[2013.06.08 11:03:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2013.06.08 10:52:10 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013.06.07 20:04:56 | 000,001,011 | ---- | C] () -- C:\Users\Markus\Desktop\RaidCall.lnk
[2013.06.07 19:48:02 | 000,002,385 | ---- | C] () -- C:\Users\Markus\Documents\MumbleAutomaticCertificateBackup.p12
[2013.06.07 19:08:49 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2013.06.07 18:55:58 | 038,826,181 | ---- | C] () -- C:\Users\Markus\Desktop\hammerwatch_beta_1.04.zip
[2013.06.06 23:24:27 | 007,078,480 | ---- | C] () -- C:\Users\Markus\Documents\Raubkopierer Werbung Video Pirating Commercial.avi
[2013.06.06 19:34:36 | 000,137,216 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\RZR_00705e9a40c9ab19f89c8d6c5e35.db
[2013.06.06 19:24:39 | 005,069,520 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.06 19:07:23 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013.06.06 19:07:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013.06.06 16:46:55 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.05 20:36:39 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013.06.04 22:15:41 | 000,001,077 | ---- | C] () -- C:\Users\Markus\Desktop\iWisoft Free Video Converter.lnk
[2013.06.04 22:15:40 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.06.04 22:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.06.02 17:00:19 | 000,000,000 | -H-- | C] () -- C:\Users\Markus\Documents\Default.rdp
[2013.06.01 14:56:09 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.31 19:47:13 | 000,002,812 | ---- | C] () -- C:\Users\Markus\Desktop\Skyrim.lnk
[2013.05.31 16:29:07 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.05.31 10:06:00 | 000,216,550 | ---- | C] () -- C:\Users\Markus\Desktop\DualMonitorTools-1.8.zip
[2013.05.30 18:21:02 | 000,001,716 | ---- | C] () -- C:\Users\Markus\Desktop\MPC-HC x64.lnk
[2013.05.30 18:19:06 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013.05.30 18:19:06 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013.05.30 18:03:09 | 000,001,079 | ---- | C] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2013.05.30 18:01:07 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013.05.30 17:59:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013.05.30 17:58:17 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013.05.30 17:57:25 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013.05.30 17:51:02 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013.05.30 17:50:54 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013.05.30 17:18:48 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013.05.30 17:18:48 | 000,001,522 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.05.30 16:47:38 | 000,000,222 | ---- | C] () -- C:\Users\Markus\Desktop\PlanetSide 2.url
[2013.05.30 16:41:06 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.05.30 14:15:14 | 000,000,566 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.05.30 12:22:35 | 000,000,037 | -HS- | C] () -- C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
[2013.05.30 12:21:35 | 000,002,935 | ---- | C] () -- C:\Users\Markus\Desktop\inSSIDer 3.lnk
[2013.05.30 10:09:50 | 000,002,289 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013.05.30 08:27:37 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.30 08:21:54 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013.05.29 23:49:52 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.29 23:43:06 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.29 23:42:34 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.29 23:42:32 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.29 23:37:08 | 000,001,442 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.29 23:33:18 | 000,024,768 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013.05.29 23:33:18 | 000,024,768 | ---- | C] () -- C:\Windows\diagerr.xml
[2013.05.26 17:42:21 | 000,263,186 | ---- | C] () -- C:\Users\Markus\Desktop\Minecraft.exe
[2012.12.21 20:08:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.12.21 19:07:15 | 011,387,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.21 02:28:28 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.12.21 02:28:26 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.21 02:28:25 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.05 19:17:55 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013.05.30 18:30:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.30 09:50:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\.minecraft
[2013.06.17 17:04:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\BitTorrent
[2013.06.08 11:08:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DisplayFusion
[2013.06.08 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\droidpad
[2013.06.16 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\IObit
[2013.05.30 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Lenovo
[2013.06.01 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\LolClient
[2013.06.07 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\MotioninJoy
[2013.06.07 19:48:13 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mumble
[2013.06.07 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\raidcall
[2013.06.08 11:19:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Stardock
[2013.06.16 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TS3Client
[2013.05.31 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 17.06.2013 19:33
Ok, fehlen noch die Extras.txt von OTL und das Gmer-Log.

Mexeroser 17.06.2013 20:06
Ahja:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.06.2013 17:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,89 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 6,93% Memory free
31,89 Gb Paging File | 15,52 Gb Available in Paging File | 48,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 636,92 Gb Total Space | 422,16 Gb Free Space | 66,28% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 39,34 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MEXEROSERS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0176E249-7535-43DF-BAD8-54777C7507CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{03896F01-CC8B-486E-B303-4676A5592604}" = lport=2869 | protocol=6 | dir=in | app=system |
"{090A1DC6-BBB4-4B4B-9CE1-0927F37F7750}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F1A4D1-B44B-4867-A07D-1881C36BE4AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{192405AE-D54E-4A86-A70E-042CB457C543}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F6AEC3B-2881-4E80-AF09-F9DA89AFB107}" = rport=137 | protocol=17 | dir=out | app=system |
"{3ED74EEB-8282-4EE1-8411-2FB04DCBF532}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{455D9AD6-F6E9-4487-A3D7-EF5CC13EE333}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{48236E57-1BA0-420C-8D42-002FD75F0D3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4BBC257A-1661-49BA-ADD4-C3F97D29C697}" = rport=139 | protocol=6 | dir=out | app=system |
"{52F166AB-C284-402C-AB2B-53D8627A0C5C}" = lport=139 | protocol=6 | dir=in | app=system |
"{53CF33F9-CC66-44F2-8743-214497617712}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D520BDF-88CD-4C69-8BB1-62523F292D78}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5EA62F86-D0FF-469D-AA98-8BFC214FE9A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61F4FF39-5760-4927-A693-EDC21E116CAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E244CF6-0550-40A3-8B25-F1037C907DF7}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0B8C32B-919B-4053-849B-4DE6169B6ED0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B274B431-3CBB-47C2-89F3-97D6FEB85E85}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD30B51D-7BB7-4596-80B5-2C2AB94D2F85}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC93626F-97D7-4FCB-9945-B1174AFA77FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED4E753F-1784-4EA9-8652-336F024DB73E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4581076-A732-4B35-BB2A-84F927C223D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7218085-98A7-483D-8F82-31BF21913E71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD25F954-8A9C-4390-A540-17EC69F3A746}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024AB87A-3FA9-469D-B27D-975F106D4C51}" = dir=out | name=tuneup incredilock |
"{054C91EF-8480-44A3-8885-BB7B10B93DCD}" = dir=out | name=windows_ie_ac_001 |
"{0C835C73-3403-46EC-BD85-E6BDB4EBD0B1}" = dir=in | name=@{magix.musicmakerjam_1.6.1013.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/appname} |
"{136D9CB5-3FCD-4BEB-B982-CFF274296EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16EEFFD0-AD86-4274-8A0B-6849339068FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{196941B5-A6B2-46F1-BD4D-516721E47F53}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1A1423BB-F114-46FB-B999-83F82E74C664}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1E33B2D1-9DE6-47DD-AD80-C07BE9557568}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{210285A7-CA84-4E31-894C-08484E714EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{26BDE0EF-55EC-4906-BF26-BBCCC344BBFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27E3B9C1-4C70-489F-9EE8-C46E26E9715A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{27F770EB-133C-4A28-B36B-C261BD0447D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32F824ED-7095-456D-9E77-AB0FBB668090}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{333DA4B5-61FB-4632-97F9-4BA36D5919F2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{345A2000-106A-47B1-8413-04F0A23E4311}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{34C04AA5-5503-49B9-8134-6339CEF2FAD9}" = dir=out | name=microsoft solitaire collection |
"{3674AD3C-7036-44B3-84CA-2DA2219C6488}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3839F2B6-01A0-4BB5-832F-500E447349DB}" = dir=in | name=mitchribarytube |
"{3D3A0CF4-F45A-4B6D-82F0-BCFD67FB4AA6}" = protocol=6 | dir=out | app=system |
"{3D3D8E66-1097-4ABE-8D1A-E314AF19C2D5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3D9B63AC-ABC9-4237-ACFA-B9EDA41DB8E2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3E00E9DB-46E5-46D5-B9D9-A0ACA3974C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{403D0122-3820-4E81-A288-D80CD4B97507}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{40FE3C53-C8B4-43EF-84E2-C97EB4A8534D}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{460515BC-D26E-4ACF-B5BA-33436FB98561}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{464951D5-C2E1-4A32-9279-D50BA051D998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{4E1955CF-98DA-4930-AE47-284EE5BA708D}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{5261DAFC-F03D-4AE9-A439-B850B8E0EC69}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe |
"{5DCB7D45-6F30-4217-BC4D-B732EF51EF5F}" = dir=out | name=windows_ie_ac_001 |
"{5EF70F1D-BE77-4032-8543-81FDBEF4D10C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{616BDAE8-E8DC-4AB7-A317-191AA644369D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64584F93-0B93-4FC3-A74D-1195EB6FB568}" = dir=out | name=@{magix.musicmakerjam_1.6.1013.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/appname} |
"{646F188E-7C04-4FB0-B96E-3FAF902D437D}" = dir=out | name=accuweather for windows 8 |
"{67AE0434-FBA7-48F8-8E09-6B39A49F923D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B0C2E5E-C34A-493F-BA84-F25F727343E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D1B87AF-B605-4228-B3C9-270740F7E3DE}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\bittorrent\bittorrent.exe |
"{6E2805FA-C937-40F2-969A-38709DE8675F}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{70B08987-70BE-48F4-BA6D-6E15B7B62FB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79D006E0-3196-4826-91BA-0A988B9DC480}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{7CE5AB18-FE79-498E-9A04-22E0E5856CAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CE6A78C-52A8-4274-88E1-1A5BC50AACA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{875550CF-6321-4D44-A7F3-C277A18B487E}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{87D774F1-7828-48E7-9E19-8C09EAB5EBB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D974A14-BFA3-4323-BACD-7F7646EE2DD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9092AC50-548F-4B0F-8958-D4B4503620BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90DF79FC-4DCA-4983-9A16-C01072AE85E8}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{96FC6A67-6086-463D-B6B5-2D5D7DEB3CEF}" = dir=out | name=adera |
"{99111A73-54D7-43CA-9DB6-F2126F7955AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{997ECF0E-3637-417B-9E9B-75F24536D2E0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9D1DBBFB-893E-4976-A031-BE4BDA8320C0}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9D95E550-67F4-4A3E-B05D-0E6D52C16274}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9F60C772-C95F-4756-B2C1-81AF137C74C9}" = dir=out | name=taptiles |
"{A00407A2-A6C4-436B-9EA4-825C96D06D80}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\bittorrent\bittorrent.exe |
"{A0BE2A53-8055-496E-AA40-DBCE0896ADCD}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A539853C-C2FD-490E-8668-4078C02ED5A0}" = dir=out | name=fresh paint |
"{A5FA93B3-B8E9-40E0-A5A2-0C39E4092285}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{A6BBF51F-406C-4C7A-A4D2-FC9386D1EE27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A7C408A6-5AC0-4203-8EE1-5E0077B6C915}" = dir=out | name=microsoft minesweeper |
"{AA34B494-A756-4A2D-8901-804BA1922137}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF080FC4-E060-4661-ADCF-FC7B217344EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B4BD58C5-B8DC-450D-9062-04246C859940}" = dir=out | name=microsoft mahjong |
"{B50CBC5C-3157-4DBC-AC75-8687DC937D3A}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C59C8722-243E-43C6-A39B-C24CD11574D8}" = dir=out | name=windows_ie_ac_001 |
"{CD948FA2-A0A1-4D96-B7C2-6C42C2F335A8}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{CF45BC30-32FC-40A5-A771-0A834FBDFCCD}" = dir=out | name=pinball fx2 |
"{D3FED8B4-F7C2-469F-A9BD-BBBA5ACE4A1C}" = dir=in | app=c:\users\markus\appdata\local\microsoft\skydrive\skydrive.exe |
"{D4D9AEAE-69DD-4C7C-9E21-BA4D5A950641}" = dir=out | name=powerdvd for medion |
"{D5DEB5D4-C936-45FB-B673-A633EB544B20}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D6FB08AC-8565-421C-833C-FF8A6BAE1DB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB136698-924E-4D5F-80AD-EDE7EFDA26F3}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{DB961404-9C1E-45BA-8A03-B51910FB84FD}" = dir=out | name=wordament |
"{E0AF375D-3F9B-4F0A-B7EC-96A6A499D97E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E479083D-320A-4D93-809C-367FC69004D2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E47A1BD0-885B-4D25-94E9-0BCA546BC50E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{E4F048CE-5D33-49D8-B1A4-696A3B0C3C9B}" = dir=out | name=youcam for medion |
"{E63C47EB-FD94-4276-82FE-8485573F453F}" = dir=out | name=windows_ie_ac_001 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7F02DF5-034F-4419-A981-1F6D4A005393}" = dir=out | name=windows_ie_ac_001 |
"{E99E9840-D1EE-42E9-89A1-A2ED5F087010}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0B98F11-50E7-4449-B08F-218AAEC8A60F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F4357D13-8D92-42C0-956B-9A9E185CE28D}" = dir=in | name=pinball fx2 |
"{F7BF8DD8-BF1D-4BC0-A737-C6CA62171E4E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FFDD6C17-5D0A-4AF1-A37D-3EBA73AC4C46}" = dir=in | name=nolag youtube, twitch |
"TCP Query User{2486BB4B-BAE5-4678-BEAF-51F7D2228552}C:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{2C56C524-39C3-4E09-AB7B-16F73B791CDD}C:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe |
"TCP Query User{304AD12B-B3DE-4A04-BCF7-24265EC44FD2}C:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe |
"TCP Query User{494BE46F-557B-4196-B97B-D1954178537D}C:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{5FF1EFC7-58C4-42B2-8B15-D43CA9F95D43}C:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{62DEE25F-7097-4EE6-AC9F-42E753A3B494}C:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe |
"TCP Query User{76C61276-A39F-4BF3-BA7F-2C1ABCC71955}C:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{77B69F94-E51A-4044-B014-1E78F12D63CC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{864E3B86-AF06-4A93-913B-69EB69532C1D}C:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{9120C40B-E680-468B-976E-9275306269C1}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{99A9AD24-6431-4225-BCBC-DF87B2D2EA5B}C:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{9C581774-3818-4797-B6A3-2778CE37303F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{B014FD09-A108-48DA-9798-D8B4F80C2FEF}C:\program files\droidpad\droidpad.exe" = protocol=6 | dir=in | app=c:\program files\droidpad\droidpad.exe |
"TCP Query User{B36DDFD5-F46D-4136-B638-5E52C58AC6CC}C:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe |
"TCP Query User{B8EE9453-A440-4AE5-BAE3-60FF92B303EF}C:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{D298DD5D-6A77-43C0-8C87-2D615C6E3FCD}C:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{DDCB84C4-F453-4CE6-AC0E-63D1F8844CB9}C:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe |
"TCP Query User{E57D148F-4F28-4C10-9742-ED33562CD01A}C:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{0D9D98CC-9049-4EDD-95E7-C9E7EF12EB9E}C:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe |
"UDP Query User{1253DCEC-DA8F-46EA-BCD5-975EA39E80C4}C:\program files\droidpad\droidpad.exe" = protocol=17 | dir=in | app=c:\program files\droidpad\droidpad.exe |
"UDP Query User{1436B0A0-3E0A-404D-84FE-9425FAB2394B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{16B2C2D0-F3E4-437D-8352-ED0DC5E6BC5E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{1D7C37F7-7D38-402E-B4F9-D8503A19AB14}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{1DF5CBEB-95C3-4BF7-8D9E-7342AA2A6DA9}C:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{54ED0F53-AEFC-491D-93CE-01E8418ECCDE}C:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{58AB4201-A4FC-4F1C-804E-A45CE96FB34C}C:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{6013A1D1-A052-4278-80CC-5DE15045E542}C:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{60EB85AA-AA54-4B9E-8AB4-20C678F18C11}C:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{6941D28A-AA5E-4755-A0BE-42AA4FFEBA00}C:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{AD04C0AE-7885-45E7-A215-262D220F8FF5}C:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{B87C4ECB-47FC-4F02-A932-A4615BF9F338}C:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{CFDA404B-71F3-4F9E-AB25-811768258A9B}C:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe |
"UDP Query User{D80F1880-2910-4081-88A5-E5EDCBFFEEA1}C:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe |
"UDP Query User{EB65A736-F811-4E76-9BC2-C48ACE4D1D91}C:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe |
"UDP Query User{EE327490-9CA3-4D93-9A36-57ED277C9B73}C:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe |
"UDP Query User{F915CC5E-45C8-4617-BDFA-421216087834}C:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.7.7114 (9eb64ec) (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E671D411-5F2E-45D6-957C-EB78641192AB}" = Intel® PROSet/Wireless WiFi Software
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F8FCD5D3-B610-4F59-9567-D25DF42D4ED3}" = SCM
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251" = KB9X Radio Switch Driver
"Elantech" = ETDWare PS/2-X64 11.13.0.2_WHQL
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.0 (64-bit)
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.12" = Virtual Audio Cable 4.12
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AE2B7D4-2BAA-4B9D-A4F4-282D3D30F1D0}" = IObit Apps Toolbar v7.2
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AF348C2E-7596-481B-92E0-B211836AB949}" = Mumble 1.2.4
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CDF246AE-C6E3-438F-AA76-21700DCC15F6}" = inSSIDer 3
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 6
"Avira AntiVir Desktop" = Avira Free Antivirus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 5.0.1
"BitTorrent" = BitTorrent
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"RaidCall" = RaidCall
"Razer Comms" = Razer Comms
"Razer Core" = Razer Core
"Stardock Fences 2" = Stardock Fences 2
"Stardock Start8" = Stardock Start8
"Steam App 218230" = PlanetSide 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2013 14:00:43 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1a80    Startzeit: 01ce5fbb13f2df76    Endzeit: 1    Anwendungspfad:
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: 565cf364-cbae-11e2-be97-84a6c8d1bfcc

Vollständiger
 Name des fehlerhaften Pakets:    Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 03.06.2013 15:04:11 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002
Description = Programm Gw2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14bc    Startzeit:
 01ce608d03002c7c    Endzeit: 2271    Anwendungspfad: C:\Program Files (x86)\Guild Wars
2\Gw2.exe    Berichts-ID: 5bb79001-cc80-11e2-be98-84a6c8d1bfcc    Vollständiger Name des
 fehlerhaften Pakets:    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 04.06.2013 13:25:37 | Computer Name = Mexerosers-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 04.06.2013 13:25:43 | Computer Name = Mexerosers-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“
 ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.06.2013 15:29:23 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002
Description = Programm Gw2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d4c    Startzeit:
01ce6157306d5b08    Endzeit: 383    Anwendungspfad: C:\Program Files (x86)\Guild Wars 2\Gw2.exe

Berichts-ID:
 09fda575-cd4d-11e2-be98-84a6c8d1bfcc    Vollständiger Name des fehlerhaften Pakets:
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 05.06.2013 14:52:45 | Computer Name = Mexerosers-PC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 05.06.2013 15:03:22 | Computer Name = Mexerosers-PC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 06.06.2013 13:06:23 | Computer Name = Mexerosers-PC | Source = RzOvlMon | ID = 0
Description =
 
Error - 06.06.2013 13:32:51 | Computer Name = Mexerosers-PC | Source = Perflib | ID = 1023
Description =
 
Error - 06.06.2013 13:34:05 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002
Description = Programm RazerCore.exe, Version 1.0.1.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 3d4    Startzeit:
01ce62dbb538e9e7    Endzeit: 21    Anwendungspfad: C:\Program Files (x86)\Razer\Core\RazerCore.exe

Berichts-ID:
 3e7b0fcf-cecf-11e2-be99-84a6c8d1bfcc    Vollständiger Name des fehlerhaften Pakets:
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
[ System Events ]
Error - 05.01.2013 15:25:28 | Computer Name = WIN-SNSKCS72U9K | Source = DCOM | ID = 10010
Description =
 
Error - 29.05.2013 17:28:42 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
 mit folgendem Fehler beendet:  %%2147770990
 
Error - 29.05.2013 17:28:43 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:  %%1058
 
Error - 29.05.2013 17:28:45 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
  %%21
 
Error - 29.05.2013 17:29:15 | Computer Name = Mexerosers-PC | Source = DCOM | ID = 10010
Description =
 
Error - 29.05.2013 17:33:35 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.05.2013 17:33:35 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 29.05.2013 17:36:12 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
 
< End of report >
--- --- ---
Gmer kommt sofort

Hatte 2,3 Mal die Fehlermeldung, dass der Pc auf gewisse Ordner (C://Windows/System/...) nicht zugreifen konnte, da diese Datei in einem anderen Programm geöffnet sei, wobei ich vorhin ansich alles geschlossen habe... Nun ist mir also bei dem Gmer Scan nur dies herausgekommen:
GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-17 21:10:17
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000048 HITACHI_HTS727575A9E364 rev.JF4ZD0H0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwriyfob.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988      fffff80340e6341c 1 byte [31]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable      fffff960001b6c00 7 bytes [40, A3, 82, 01, 00, 52, F2]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8  fffff960001b6c08 7 bytes [01, 04, C2, FF, 00, A4, DC]

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

aharonov 18.06.2013 00:09
Hallo,

schauen wir mal..


Schritt 1
  • Gehe in die Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • IObit Apps Toolbar v7.2
    • Advanced SystemCare Ultimate 6
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL

Mexeroser 18.06.2013 18:17
Soo, also vielen, vielen Dank für die Hilfe, mein PC hat sich gestern halt leider plötzlich gar nicht mehr hochgefahren(lag aber an einem anderen Grund) und nun habe ich eine Systemwiderherstellung gemacht und dadurch hat sich auch mein Arbeitsspeicher Problem gelöst.... Trotzdem, danke, ich melde mich, falls das Problem wieder auftritt, aber dann weiß ich schon was zu tun ist (welche Logs zu posten sind) :))) Übrigens war ich wirklich überrascht über die extrem schnelle Antwort!! :D

aharonov 18.06.2013 20:24
Ok, danke für die Mitteilung.


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131