Hallo! Ich hatte heute einen Ransom-Trojaner, der mich weder an den Taskmanager lies, noch in die Eingabeaufforderung. Ich hab dann OTLPE herausgefunden, welche Datei dafür verantwortlich ist und diese gelöscht. Nun komme ich wieder in den abgesicherten Modus. Leider sind immernoch Task Manager und alle Dateien auf dem Desktop unzugänglich. Ich kann das System aus Zeitgründen momentan nicht neu aufsetzen, das muss noch mind. einen Monat halten und ich würde gerne sicher gehen, dass erstmal alles weg ist MalwareBytes Vollscan läuft gerade, Log kommt dann. EDIT: Win7 64 Bit OTL.txt
ATTFilter OTL logfile created on: 31.07.2012 09:23:53 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Benni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,43% Memory free 15,97 Gb Paging File | 14,67 Gb Available in Paging File | 91,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 54,77 Gb Free Space | 28,06% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 338,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 09:20:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe PRC - [2012.07.31 09:16:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe PRC - [2012.07.13 01:56:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2012.07.13 01:56:37 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.10.22 11:16:18 | 000,070,424 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.30 21:10:01 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.07.13 01:56:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.19 14:36:32 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012.04.26 19:15:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe -- (CTech.License.Service.exe) SRV - [2012.01.24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.11.10 22:52:01 | 000,145,408 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 6 Service) SRV - [2011.11.10 22:51:58 | 000,174,008 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service) SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64) SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32) SRV - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.22 00:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.08.07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.02 21:59:44 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.08.22 18:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.08.22 18:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.08.22 16:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.08.22 16:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.08.22 00:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.07.04 20:35:59 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.13 13:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.04.28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64) DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2007.04.27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2007.04.27 07:40:00 | 000,056,872 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64) DRV - [2012.07.31 00:37:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.04.26 19:16:30 | 000,075,104 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2011.07.05 23:49:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2011.07.01 01:23:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2010.09.22 16:31:34 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002.07.17 03:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4F ED 94 75 37 CC 01 [binary data] IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = {4221ADAC-8331-47d8-8385-2CB3BB10B17A} IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.http: "" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost,, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.13 01:56:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 03:21:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.07.30 18:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions [2012.01.24 19:49:16 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions\npretoxlive@live.heroesandgenerals.com [2012.05.21 23:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.30 18:56:54 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDIZ7M1V.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.13 01:56:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.08 23:17:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.08 23:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.08 23:17:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.08 23:17:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.08 23:17:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.08 23:17:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.04 05:17:53 | 000,002,077 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: 15 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe () O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907F05D5-4F56-4E56-B226-B36102B34431}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F72A69-FFB5-455F-BDE6-D17CADF887C8}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 14:20:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.07.31 09:20:46 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe [2012.07.31 09:16:27 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012.07.31 09:13:39 | 000,000,000 | ---D | C] -- C:\logs [2012.07.30 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Roaming [2012.07.30 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 3dsMaxDesign [2012.07.30 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 Direct Connect [2012.07.30 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012.07.30 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\3dsMaxDesign [2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012.07.25 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2012.07.25 04:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.25 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.25 04:33:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes [2012.07.25 04:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 04:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.25 04:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.24 01:25:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\inkscape [2012.07.24 01:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2012.07.16 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LucasArts [2012.07.15 21:53:53 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\SimCity 4 [2012.07.12 07:05:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 07:05:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 07:05:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 07:05:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 07:05:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 07:05:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 07:05:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 07:05:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 07:05:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 07:05:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 07:05:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 07:05:02 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 07:05:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 16:28:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 16:28:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 16:28:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 16:28:40 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 16:28:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.09 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\FLiNGTrainer [2012.07.09 02:38:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\My Cheat Tables [2012.07.09 02:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2012.07.09 02:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2012.07.08 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Endless Space [2012.07.08 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive [2012.07.07 02:49:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\client_update1 [2012.07.06 02:42:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DT-Template-R8 [2012.07.02 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12 [2012.07.02 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex [2012.07.02 02:02:23 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\xm1 [2012.07.02 00:58:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\WinShell [2012.07.02 00:58:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\WinShell [2012.07.02 00:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinShell [2012.07.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinShell [2012.07.02 00:57:40 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.07.02 00:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.07.02 00:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.07.02 00:48:43 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LyX2.0 [2012.07.02 00:44:23 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\MiKTeX [2012.07.02 00:43:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\MiKTeX [2012.07.02 00:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.07.02 00:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2012.07.02 00:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9 [2012.07.01 23:42:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\backups [2012.07.01 23:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX20 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 09:20:48 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe [2012.07.31 09:16:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012.07.31 09:08:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 09:08:08 | 2134,396,927 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 00:37:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.07.30 21:18:57 | 000,212,335 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe [2012.07.30 21:09:46 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk [2012.07.30 15:42:41 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 15:42:41 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job [2012.07.28 01:05:22 | 000,003,048 | ---- | M] () -- C:\Users\Benni\.recently-used.xbel [2012.07.27 21:06:08 | 000,002,832 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.27 05:19:36 | 000,007,606 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2012.07.27 00:43:14 | 000,847,210 | ---- | M] () -- C:\Users\Benni\Desktop\ma002.pdf [2012.07.27 00:31:20 | 000,118,763 | ---- | M] () -- C:\Users\Benni\Desktop\surface-curvature.pdf [2012.07.26 23:54:14 | 000,108,078 | ---- | M] () -- C:\Users\Benni\Desktop\curvature.pdf [2012.07.25 15:26:42 | 000,001,602 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2012.07.23 14:54:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.23 14:54:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.18 04:28:51 | 001,627,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 04:28:51 | 000,701,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 04:28:51 | 000,656,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 04:28:51 | 000,150,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 04:28:51 | 000,123,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.12 22:48:01 | 000,000,382 | ---- | M] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf [2012.07.12 16:00:54 | 005,051,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.08 15:56:48 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.06 02:42:16 | 000,105,897 | ---- | M] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip [2012.07.04 23:44:18 | 000,002,199 | ---- | M] () -- C:\Users\Benni\.kdiff3rc [2012.07.04 16:41:23 | 003,207,754 | ---- | M] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.03 05:04:52 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.02 16:51:59 | 004,162,409 | ---- | M] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip [2012.07.02 16:42:46 | 000,001,543 | ---- | M] () -- C:\Users\Benni\Desktop\diploma.tex [2012.07.02 02:02:00 | 003,042,622 | ---- | M] () -- C:\Users\Benni\Desktop\tanerdiplom.pdf [2012.07.01 23:25:35 | 000,020,651 | ---- | M] () -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex.zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.30 21:19:01 | 000,212,335 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe [2012.07.30 21:09:46 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk [2012.07.28 01:05:22 | 000,003,048 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel [2012.07.27 00:43:14 | 000,847,210 | ---- | C] () -- C:\Users\Benni\Desktop\ma002.pdf [2012.07.27 00:31:20 | 000,118,763 | ---- | C] () -- C:\Users\Benni\Desktop\surface-curvature.pdf [2012.07.26 23:54:14 | 000,108,078 | ---- | C] () -- C:\Users\Benni\Desktop\curvature.pdf [2012.07.25 15:26:42 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2012.07.24 01:24:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2012.07.12 22:48:01 | 000,000,382 | ---- | C] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf [2012.07.06 02:42:15 | 000,105,897 | ---- | C] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip [2012.07.04 16:41:16 | 003,207,754 | ---- | C] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf [2012.07.03 05:05:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.02 16:51:56 | 004,162,409 | ---- | C] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip [2012.07.02 16:43:07 | 000,001,543 | ---- | C] () -- C:\Users\Benni\Desktop\diploma.tex [2012.07.02 02:02:00 | 003,042,622 | ---- | C] () -- C:\Users\Benni\Desktop\tanerdiplom.pdf [2012.07.01 23:25:35 | 000,020,651 | ---- | C] () -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex.zip [2012.07.01 23:24:34 | 000,001,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0.lnk [2012.05.20 17:24:04 | 003,145,746 | ---- | C] () -- C:\Users\Benni\Depth.tga [2012.05.14 03:40:06 | 002,275,328 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll [2012.05.14 03:40:06 | 001,719,808 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-d-2.dll [2012.05.14 03:40:06 | 001,111,040 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-2.dll [2012.05.14 03:40:06 | 000,294,400 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-d-2.dll [2012.05.14 03:40:06 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-d-2.dll [2012.05.14 03:40:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-d-2.dll [2012.05.14 03:40:06 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-d-2.dll [2012.05.14 03:40:06 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-2.dll [2012.05.14 03:40:06 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-2.dll [2012.05.14 03:40:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-2.dll [2012.05.14 03:40:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-2.dll [2012.03.29 19:25:09 | 000,000,748 | ---- | C] () -- C:\Users\Benni\.OpenFlipperOpenFlipper.ini [2012.03.20 20:56:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll [2012.03.18 00:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.19 08:12:28 | 000,000,352 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\Network Meter_Settings.ini [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.17 16:50:21 | 000,000,288 | ---- | C] () -- C:\Users\Benni\SciTE.session [2011.12.17 16:49:57 | 000,015,239 | ---- | C] () -- C:\Users\Benni\abbrev.properties [2011.12.08 03:02:58 | 000,000,045 | ---- | C] () -- C:\Users\Benni\.gitconfig [2011.10.17 05:45:29 | 000,034,225 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\gd.db [2011.10.17 05:45:29 | 000,000,283 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\groovedown.settings [2011.09.30 00:36:09 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.30 00:36:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.16 17:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.07.29 02:17:51 | 000,060,304 | ---- | C] () -- C:\Users\Benni\g2mdlhlpx.exe [2011.07.27 00:09:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll [2011.07.22 18:08:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.07.14 18:20:05 | 000,011,386 | ---- | C] () -- C:\Users\Benni\gsview32.ini [2011.07.05 22:36:55 | 000,007,606 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2011.07.05 02:22:02 | 000,002,199 | ---- | C] () -- C:\Users\Benni\.kdiff3rc [2011.07.05 01:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.07.04 22:45:50 | 000,000,698 | ---- | C] () -- C:\Users\Benni\Mercurial-kiln.ini [2011.07.04 22:45:50 | 000,000,170 | ---- | C] () -- C:\Users\Benni\mercurial.ini [2011.07.04 21:02:15 | 000,002,832 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.07.02 04:01:33 | 000,000,412 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\All CPU Meter_Settings.ini [2011.07.01 22:25:10 | 001,649,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.01 00:48:26 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.07.01 00:28:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.07.01 00:24:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939 < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 09:23:53 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Benni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,43% Memory free 15,97 Gb Paging File | 14,67 Gb Available in Paging File | 91,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 54,77 Gb Free Space | 28,06% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 338,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{050F2163-160F-4AF3-B20B-4EC9BF3025C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{08FDD9D8-6DAA-467C-A89D-FAD3966A13AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0DD162E5-BC6F-4CFF-BFF0-FFCAD7281239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{11082B37-2DC2-404A-99CD-814F9A5176EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14CFD933-EBC5-453F-978A-0AC3C838EC68}" = rport=138 | protocol=17 | dir=out | app=system | "{1C1CF7FD-D683-466C-9C13-3DA8C8881878}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{2813FB1D-1738-43CC-AEAD-F39A1BCDE6F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{377B910A-142A-4E59-968C-CB74990BED2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3A99CD10-5027-428C-AF88-BEE797FFC715}" = lport=10243 | protocol=6 | dir=in | app=system | "{49F203E7-F0A4-4322-A235-37503B165044}" = lport=2869 | protocol=6 | dir=in | app=system | "{5A941CFA-471D-47E4-8315-4C5D13A94559}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{68AAE5B1-DD6D-42AB-86FC-CC6550A7F145}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DD2E083-DC89-450A-B9DD-A2C605CF1F0F}" = lport=138 | protocol=17 | dir=in | app=system | "{79BDBA5C-567D-49B0-900D-8D60660A51F0}" = lport=445 | protocol=6 | dir=in | app=system | "{91C9847E-0E3E-4111-8BBE-9FC02881E631}" = lport=137 | protocol=17 | dir=in | app=system | "{9825E634-C037-41B0-A157-E4EEAB1C33F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AA043228-67D7-46AA-8FA7-0C5FC5B2E598}" = rport=139 | protocol=6 | dir=out | app=system | "{AA10421E-CD33-4E59-AE02-558C2604902F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B549C849-6C34-4072-9A47-CEBAECC0FEF0}" = rport=137 | protocol=17 | dir=out | app=system | "{BC40388C-2F97-4524-9109-4B42FCCA347D}" = rport=10243 | protocol=6 | dir=out | app=system | "{C41CCED4-1FC2-43A8-AFBD-C0C720A3182F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C45F9C9F-3E41-4FCB-9125-B4CAB63F7589}" = lport=139 | protocol=6 | dir=in | app=system | "{D03C7233-B35D-4AD9-9D4F-50382A190B1B}" = rport=445 | protocol=6 | dir=out | app=system | "{D867927B-0C79-4DC1-93E0-6E2401F6B22A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB3D5021-7A2D-454C-859F-A498BA8A044F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{011ED30E-C81D-4994-849C-97F5DAFD6A82}" = protocol=17 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe | "{01BD2F5F-960D-4B97-A04A-65D5D57A272B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{01EFB755-AD6F-406F-BF86-3818B8EFE900}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{01FE1864-A5A3-4186-9A1C-B86CEEB54E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{095E2A8D-7793-4C9D-82B2-2F78450DD1F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{09EA180D-4F4B-4ACB-8E4E-B3BBB68E08B5}" = protocol=17 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | "{0AB18D2A-81FA-48E9-A07E-19D2E63F13BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0BBA2446-A96E-4282-B4AC-E035A3154917}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0C015C96-5E0E-497D-B363-94C90A030034}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0F3FF05B-FC91-4F0F-BF3F-78F0561F13D0}" = protocol=6 | dir=out | app=system | "{0F6BBF88-AC67-42C2-882F-7E60652BAAE0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | "{0FD0AB6D-0D36-4BD8-B353-016942B550BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{11762703-CB84-4D57-9D0E-D4E179A007E6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\just cause 2\justcause2.exe | "{12334734-B639-4160-9C7B-7D3E92F70D8D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{134BBAD1-EDFC-4AFE-98CD-BBA51BAB3A1A}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{141F76A4-69AA-4ABE-8029-849B19C85D02}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | "{16161535-F422-401E-A748-9275CCE86E1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\hard reset demo\hardreset.exe | "{18F13C76-E89B-45A5-B74D-B4C840D30937}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{1996FCB8-F96E-444B-A481-1DC88CC579F1}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{1A9D1CD4-8A68-4DC7-BA0D-B2D2767A083A}" = protocol=17 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | "{1B1BC7D8-864C-4F46-B342-B923DF21D0CE}" = protocol=17 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | "{1B2CB72F-3EB1-4FBE-A99A-46F7AD55CF37}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe | "{1E7AEAF0-D89F-46EF-91D7-EF8CE397E5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{1EF95541-92F4-4F95-B2E2-DD12AA7D8989}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\runme.exe | "{2015F09B-71C7-4544-9DF2-8580BB19D4D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{203C164C-5AFF-421E-B65F-4873F669FA0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{20B0666D-5BD0-476D-8B5C-D905876B3C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{20D5D4C6-8087-46AF-BCBA-38F1F71D7338}" = protocol=17 | dir=in | app=d:\spiele\might & magic heroes vi\might & magic heroes vi.exe | "{2185AA12-3A0E-4437-A0FF-F821E6A3331A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{22866BFA-4821-48BD-B35B-D1463CEA6530}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{23A6DC78-9484-4E17-B986-31A3B130CF4A}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{23C74DD9-CDE6-4FE2-9C4B-021482E0DEF5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\hard reset demo\hardreset.exe | "{24D0775B-B661-42EE-BCDE-E3386253C778}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | "{24D75595-4698-4178-883B-60B38D9358FC}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom apocalypse\dosbox.exe | "{250857E2-96B9-44E7-AF23-9622C60BB6E2}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{2559255F-3687-4B46-A233-57B53B768A42}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{25D92F69-D106-457A-B60D-367A4FFD4D13}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe | "{270D0568-D02C-48D9-B6B0-C240D6AF87A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2854D0DF-5722-45CC-92CF-DBA487E730E0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{29281D73-26F0-4ABD-886E-D6D596B5C982}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{29E3FD5A-1F47-42D7-9025-3169EE787E7B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{2D759511-22CA-4DFD-8426-19F8A412F9F0}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\vessel\vessel.exe | "{2ED9BCEA-A3F5-4F39-99CB-C11D24C00D32}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\legend of grimrock\grimrock.exe | "{3065AC4F-8A1F-443C-B423-5459469C699D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\from dust\from_dust.exe | "{316C9C61-1B03-4D15-88B2-C198EF83DF90}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{31D16DC6-2F85-431A-85D3-EDBF5789FBA3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{32D934EE-BC62-4A7C-8B67-58A40FDEB7ED}" = protocol=6 | dir=in | app=d:\spiele\take on helicopters\takeonh.exe | "{39017484-A7A1-488B-8F31-D73F69E89AD1}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | "{392782FA-F436-4A2B-AB0A-1DF1D9A5B348}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{3A70744D-9972-4F10-9F59-D0186D59629F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3A982A76-6396-4D19-8EA6-6CA4162D20C0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | "{3DB9483B-FAA7-4FE2-B1BA-CC36690B2FE7}" = protocol=17 | dir=in | app=d:\spiele\tera\tera-launcher.exe | "{3EDCAED7-9762-4E87-A4C7-1A1C443E150E}" = protocol=6 | dir=in | app=d:\spiele\anteworld\outerra.exe | "{40CFB0B1-2C2C-4F19-B5E5-FE75DA2025D1}" = protocol=6 | dir=in | app=d:\spiele\might & magic heroes vi\might & magic heroes vi.exe | "{444EA588-75D0-4B86-84C4-61DB565B21EA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe | "{45C5C2B0-82A7-414D-8B80-3800F1053413}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{467820FD-491E-403C-B44A-C44275C24916}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | "{468F8E1E-9364-49A7-9795-185C9DC5A20F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{4920FEEB-6C52-43B3-AAA3-C1B505321529}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | "{4969599A-F93D-470B-9BBE-1F2F6A8BF389}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | "{4AE2BA88-8A5E-4C57-892E-557AE79CCC3B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{4AE3B9D7-1F77-460E-B14C-18937830AC70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe | "{4BB3195C-E5E3-4E2E-A562-801AEC0C8F8B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{4BE0CF5E-C927-461C-AD8E-2E16324CD5D2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\monkey2\monkey2.exe | "{4CB60189-011E-4408-8A87-F314FC817094}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom interceptor\interceptor.exe | "{4CF02E0A-A22B-448C-BEC6-2235C987C782}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{4DA45800-7CB7-4109-BEC3-7F9DFAA8FEF6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\spacechem\spacechem.exe | "{4E7A0A3E-1214-4F00-BC9B-54F1FAC65987}" = protocol=17 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | "{505BC5FF-3386-4791-9EB1-055317C4E7BB}" = protocol=17 | dir=in | app=d:\spiele\take on helicopters\takeonh.exe | "{50E8E98F-1E4B-4315-AA50-DBB8A7CCFE9A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{518C7C73-0B2E-47E2-8F40-8241A4A41988}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{51C98D94-E330-4F7F-AA90-26F022D3576A}" = protocol=6 | dir=in | app=c:\users\benni\appdata\roaming\dropbox\bin\dropbox.exe | "{549AF823-5543-47C9-A862-FC1E2653E5A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54A4114A-AC81-4D32-9BC7-2E1C227EC453}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom interceptor\interceptor.exe | "{55DCA8BB-FAFD-4F3E-B229-82D0A89BBD8D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{574B710C-4ECF-4DDE-8F75-EE8925B8BAC0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\stacking\stack.exe | "{5788C111-A9F3-4194-840C-74BED6CD5AC3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\dosbox.exe | "{57A3EB8E-2985-4A29-80F3-13373E015CA4}" = protocol=6 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | "{59B12EA0-725E-4DA6-BC4F-29AEFF554D80}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | "{5B0C1214-9584-4674-A13F-18CE9E9D1101}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{5B47FC99-080F-4F42-8E5A-C2875CAF449C}" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | "{5DDDD6F1-57CC-41B5-8656-7E624C068449}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | "{60D1A767-B05E-4798-87E5-84BA6F72C81A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{61AF87F8-FCBC-4276-8AD1-8736934D1802}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{6263F033-E069-427A-8016-F1F6DD5ADEFE}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | "{62F59407-6EEB-420D-A4EF-2EA3A49D2A65}" = protocol=6 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | "{65531AE6-445F-4C5B-841D-B5306E285D83}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{65AB7630-578C-44D9-A597-A7C388069007}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{66C9572C-FC01-4DA1-9A58-07428EAFF2FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66C98F11-F5EA-4A03-BFE7-350A78353FDD}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{66D3FF3D-5F1B-4430-BC04-27C5AD79CDB4}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{67E668A0-82E5-4C7A-99CE-3E6C895EBF26}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | "{6AF9EB01-77E3-4522-A262-3D2B50A18703}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{6B486C71-D61F-4E41-A334-C1372DE86D85}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe | "{6D5AC7E6-54E3-4B2E-9EFE-E030F26CEA7F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | "{71CCFA9B-011B-493C-A495-C10E33F4E60F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\spacechem\spacechem.exe | "{721B7388-F558-4040-804B-65DFFBD78184}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7271A317-2AAA-4750-AE28-B17B5E392CE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{740360BE-CFE2-4297-B76E-B712BC715DD8}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{745A5F6B-F280-4F68-95D9-C5F42620D395}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | "{74C8361D-D21B-4C19-8E4B-94FCB464089C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{768359E1-A234-457F-BD7B-F0EDB4A6EA7E}" = protocol=6 | dir=in | app=d:\spiele\diablo iii beta\diablo iii.exe | "{781914A2-C5BA-403F-B2C3-968205EAB066}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{794BA827-D876-4812-8452-62EEE1D101A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7A5F43CE-807E-4EAC-9729-53E96220FB24}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{7AC8343A-0A67-4D91-9F2B-EAF75EC1BEA2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | "{7BE09309-A105-4CA1-8689-CB4FDBD69E75}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\resonance\resonance.exe | "{7C9634CE-6505-4C40-895C-DE5818EB6944}" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | "{7E4893F8-0396-49AD-9C80-7900F83B3AC3}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{7FF5BF7B-08A0-4E38-B7CA-E0AC80AA3EA1}" = protocol=6 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | "{8190FAD8-BB95-447C-A869-EE3014FF6A56}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{83413A41-AA63-46BD-A90E-57D9BA608D70}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{8592542D-0CAF-41B6-B6C5-66E4957B0D93}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | "{87843BF7-4AA3-4D74-8CCD-35DE31F3EB56}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\srcds.exe | "{88FDC1CA-1C6E-46B5-A0BB-E6247AFEEDC3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\just cause 2\justcause2.exe | "{8BD349AB-0147-49DB-B304-B6C19E3BCBD0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{8C598C64-0FE2-44CB-A3A2-1791CEA0F073}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{8D040E41-EDA7-430F-A0B1-84C4FE15E2A4}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\nation red\nationred.exe | "{8D4B2AAB-88BB-449C-9EC7-5D5AF9BB4F35}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | "{8D5E74F6-5237-40CD-99E6-95DFE8CE0882}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{8DDE6043-FCD2-462A-9411-866F59DE3121}" = protocol=6 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | "{8E19F18C-91EF-43F9-BE01-F310CBE6E947}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{8ECE1995-D219-4D90-8FF9-AB11104362F5}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{8EDE27DF-3BE8-4B2A-BDE2-87AFCD6DA5FF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\runme.exe | "{8F8BC370-C27C-49DF-A7ED-AB4EC25DE9FD}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | "{90542FAD-5A34-4378-80CE-02671EDF3E14}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dc universe online\launchpad.exe | "{91774FAB-6059-49D4-B446-6F9830B5955A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91DCC942-0598-499C-A4C9-7A9569E4E998}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{923BEFB0-6490-495F-8A51-EA904415C100}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{9306BE3A-F85E-4AFC-ACC1-9BF8806EAD1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{95B53944-C9C8-441A-9C1A-C9CB677DBC37}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe | "{95D0EFA4-6DAD-489A-AF8B-972CFEFF44D9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | "{961383A2-646D-4641-9EEC-AD0D20290A68}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{980640FA-A2B3-4906-A29A-C83864A3F942}" = protocol=6 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe | "{985F7A24-A74B-4299-98CC-E88A736EB2FB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | "{98A31391-6BF1-4FAD-9A53-B1CAC25D1161}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{98CAC06B-B31D-4DE1-B353-FCB1770BF669}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom enforcer\system\xcom.exe | "{99E4BBC8-D244-4813-BAD6-05D39E4B9A3F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9A192550-F95F-47C2-855B-1DC9DC15AF1F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\monkey2\monkey2.exe | "{9BD901EA-27C3-434B-BEBB-00A32FE6440D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{9C03AB5E-E25F-4C12-82F4-DB9B8B95B975}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | "{9C99F074-812C-40F4-B0CB-6DD9A8925CDB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | "{9DCD12E4-92D9-49DC-8A37-01EAB07F6EC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9F6EFBD2-94E0-4BD0-937E-CF0188F1CDCA}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{A0D8D9CD-B360-4236-8F36-033E0244B64C}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{A0E5D81F-40D0-4E21-8EDA-F0A2A9D7E296}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | "{A0F6B44B-313C-4873-B547-B22384E77E23}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe | "{A3E58293-F9E1-4A12-A256-0BD5A8B1E853}" = protocol=6 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | "{A7B6D18C-F6CA-4677-8FD6-F52199B5D026}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | "{A8F11652-CC46-43E5-BCCA-D8579C00C576}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{AA5BABDC-1761-40CC-B282-C34932BC14DF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{AB503115-005E-455C-9A1F-CAD67756C3AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{ABA5CED3-799A-458B-92CC-61F76B31F80F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tinyandbig\tinyandbig.exe | "{AD48549D-F0D1-4F71-B109-23D83C43691F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tinyandbig\tinyandbig.exe | "{ADE3B1CB-CDEC-4D41-B60D-FE124D8F0B5B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | "{AFAD2F91-381A-438E-BC37-B606CD94783B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B09DA7BF-D4FC-48D1-B0E5-1A2B957FCB80}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{B481DA7B-E2C4-4BBA-983A-32ACB46E7721}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\solar 2\solar2.exe | "{B4862717-381C-4D28-9211-E8BCEA0BAC14}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\legend of grimrock\grimrock.exe | "{B49D6A6D-B713-4D3C-AD01-5C35E493E226}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{B5A85ADD-9D68-435C-A779-EEF184673A01}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B7512BD4-6424-44E0-BB9D-4F5326CD1317}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B96B4B5E-B781-4C30-863D-894B4217A82D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA374926-DA6F-466C-A561-F8BD407B3246}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{BA757EFF-B103-442E-9664-22D77237BE4C}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\chime\chime.exe | "{BAF3FC27-C9A9-4CA7-83FF-242F944C3CC2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\dosbox.exe | "{BB4C7510-D573-4521-8E49-F174913E6699}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{BE496571-EB25-4BC7-9406-D18BE3CB6945}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\chime\chime.exe | "{C1577DB6-6A63-4A6C-9EB9-4A8EC6B72700}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | "{C1AB5972-0300-47E2-AD38-C586A0B1DF85}" = protocol=17 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | "{C2CFF3C3-7552-4361-B978-5885219A510E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{C321DB4E-8366-4520-8148-0B638CD16D7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C39867CE-8DE9-4406-BCAF-7489200CC339}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | "{C52AE110-D7CD-4BF0-B6FD-B96C879CABED}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | "{C553840D-5BFE-4118-A2D5-52D231EFA4E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C96006FE-0F08-440E-A2CF-2DCA5D8974DB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dc universe online\launchpad.exe | "{C9C122D1-02ED-46AA-A981-B90DD157028D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{CA486A36-02D2-49DD-85D9-3DE9E2283552}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom apocalypse\dosbox.exe | "{CA9AAC05-604F-4E5E-A985-972A5D200E47}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\stacking\stack.exe | "{CD6BE47D-59EA-412D-888D-635B9088532C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF9E1B58-A362-45A6-AF07-DAA3F65F1D2F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe | "{D03D00CA-1C08-41E4-920A-EF5C7B42A50B}" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | "{D0D1E9DB-7D96-49B6-9624-0E0146AACC58}" = protocol=17 | dir=in | app=d:\spiele\anteworld\outerra.exe | "{D12CFFAE-5858-4C12-9409-CD82F0A759DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D23CC160-93C5-40B7-8905-B50BD0FD97BB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D305C843-F474-479F-8B82-586C638CE43E}" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | "{D3D364C2-C60E-4BCA-92FA-E68B2C89EF94}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{D46EBD78-4DCC-4D35-8793-A661F80A6474}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{D6367022-F574-4967-82E5-2933FE3CFB14}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{D659A274-D29E-4B23-A1A1-0637DFE91B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D704D557-BFC8-4FA9-BE26-6D0A7DE6725E}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{D80509AE-6EB0-4F0B-969C-7E3D21213549}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe | "{DB16EE6C-6EE0-464E-AED0-5C4BBA128F5D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe | "{DFB8A760-251D-462A-8A7F-DD05746A94F0}" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | "{E049019D-3FE3-4985-8813-AABD814512BB}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | "{E13BDD3E-A076-480F-8A2C-91B4B9A917BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E17A79DA-6FC7-4352-8DEF-22147BB5ECE5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{E2E0970D-1F82-44D3-A28B-42C947B156F5}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{E331F668-C17E-4AE5-8A46-D4C2598AD428}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe | "{E3A75527-D792-4FEC-AA6C-BD531D0D716E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\resonance\resonance.exe | "{E4DD63A2-57F0-4E5F-9AF5-237806B88F38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{E55CDCA0-15E6-4704-889F-A179BCFE6510}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\from dust\from_dust.exe | "{E5A402A5-8762-47B1-A055-F161C64E7E7F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{E6053EA5-BA4D-46E8-965D-44BF3C08AFC9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\srcds.exe | "{E92CA35F-C710-4124-A819-E192E2D4B70C}" = protocol=17 | dir=in | app=d:\spiele\diablo iii beta\diablo iii.exe | "{E96DD1F5-AB46-4F19-AF5C-90BE2E7493C8}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom enforcer\system\xcom.exe | "{E9A2D3CD-5DCD-4E9E-A47A-137E809629ED}" = protocol=17 | dir=in | app=c:\users\benni\appdata\roaming\dropbox\bin\dropbox.exe | "{EBA4E534-BF5E-4E26-9B1D-BBA2A576A709}" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | "{EC8D46ED-5CA8-45E3-8201-D7AFDFCF5FC4}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | "{F098ADB3-C661-483E-97A0-532A9848919F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\nation red\nationred.exe | "{F215ACD7-3D95-4434-BBD7-A44B6F53A4DE}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{F2E66C80-55A6-4ED1-8A4E-C2B3A90B2AAF}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | "{F434456C-AAF7-4BB1-8D03-08DC8F95B6A2}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{F46552E2-127C-407F-8BCB-2667A73FDF1D}" = protocol=6 | dir=in | app=d:\spiele\tera\tera-launcher.exe | "{F91FBADE-4E8E-40A1-BFF6-29DC23B7CB82}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\vessel\vessel.exe | "{FA8F5E22-9ADF-414F-9C27-E6D3B92E2B09}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | "{FC1123A8-946D-4354-96D9-876C250B4148}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "TCP Query User{051C1659-1328-4B91-A3EF-970C65E97F19}D:\spiele\kag\kag.exe" = protocol=6 | dir=in | app=d:\spiele\kag\kag.exe | "TCP Query User{09E5208F-99F0-46BF-81B6-960161797823}D:\spiele\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\spiele\age of conan\conanpatcher.exe | "TCP Query User{0A2908B2-0596-4568-A25A-308E9E1CA130}D:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "TCP Query User{0FDE44D2-EC94-43FE-90E9-487977C97286}C:\users\benni\desktop\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | "TCP Query User{1533989C-A69D-43AC-A30B-C3A26F0F2846}D:\spiele\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\spiele\tera\tera-launcher.exe | "TCP Query User{1D4EC543-D76A-49A9-B6CF-B3A171F309A3}D:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | "TCP Query User{228F16F1-BB03-414A-BA65-8795ADEFB8F3}D:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | "TCP Query User{2687FB81-9F5C-4E0D-BCF7-9229D835FC27}D:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | "TCP Query User{2B2CAB70-555E-4803-A845-65AC7EFCB6C4}D:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe" = protocol=6 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | "TCP Query User{3B323CE8-A204-4E45-87EE-2ED75322CABA}D:\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\spiele\saints row the third\saintsrowthethird_dx11.exe | "TCP Query User{3C71487A-9299-4556-BE41-6A1F60DBBC4F}C:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe | "TCP Query User{451D2986-633F-45EE-80CF-316A25A899E9}D:\spiele\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\altitude\altitude.exe | "TCP Query User{482B9C17-7FB2-45C3-AFD5-9466B817E1A0}D:\spiele\anteworld\outerra.exe" = protocol=6 | dir=in | app=d:\spiele\anteworld\outerra.exe | "TCP Query User{503813C1-6049-4398-BE0A-7C482C3B89FC}D:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "TCP Query User{55573922-833B-422C-B25C-A64D6A2175BC}C:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | "TCP Query User{5A802B1F-7AC5-4BD0-B095-62EC30847941}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe | "TCP Query User{5E1EF5FA-A127-434D-B3E5-BED57E8FADAF}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe | "TCP Query User{5FBF84EE-8E06-4574-A43F-0C13EFC7BF61}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{67D5A4FF-DB2A-4BF5-81FB-87BCC6AEC49A}D:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold 3\bin\win32_release\stronghold3.exe | "TCP Query User{6DB17523-9813-43CB-AAD2-05AD42AC86F7}D:\spiele\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\spiele\orcs must die!\build\release\orcsmustdie.exe | "TCP Query User{822672E2-A1E4-4993-8DE1-7AAB5D4C9BC6}D:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe | "TCP Query User{82FF820D-51A8-47AA-9659-A54E64D84298}D:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "TCP Query User{88552672-32FF-4F24-A4E7-EBDB9970CF33}D:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | "TCP Query User{93442E51-BB63-46B6-B088-D5504394EB02}D:\spiele\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\terraria\terrariaserver.exe | "TCP Query User{A49B292D-E751-4565-B1C6-BE799F994AB8}D:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | "TCP Query User{A7F24C25-6159-49BC-AA71-AA5FB4AA4A1E}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe | "TCP Query User{A911797D-387F-4741-BBFC-BB05E1135AE2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{ABD6CE65-4F23-4163-A209-E71C9ED7DADC}D:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe | "TCP Query User{B53B5503-FD39-4640-890A-66CD0818D486}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe | "TCP Query User{B6FAB781-E9D2-4C30-919A-E3E23F938E18}D:\spiele\steam\steamapps\common\dino d-day\dinodday.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\dinodday.exe | "TCP Query User{BD2ED279-D8D8-486A-8FA7-B7E8E0363A39}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "TCP Query User{BD5D10F8-FE92-4178-A997-A38356B86AED}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{D0194839-9709-4448-8AB8-85A514E766AC}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe | "TCP Query User{D03784DD-F712-4849-893D-AA601C52D948}D:\spiele\kagtest\kag.exe" = protocol=6 | dir=in | app=d:\spiele\kagtest\kag.exe | "TCP Query User{D9E80352-9F47-4E59-9F2E-867D89855548}D:\development\ctech\mvs\bin\system\evs_mvs.exe" = protocol=6 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | "TCP Query User{DD757D92-39F0-413F-BBFB-F6E84FA4846E}D:\spiele\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\spiele\dead island\deadislandgame.exe | "TCP Query User{DDC40C51-9863-4A78-8697-951165474EE1}C:\users\benni\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\dsoclient\app.n3app | "TCP Query User{EF4E3224-8FA5-4126-AF63-17902D565095}C:\users\benni\desktop\xm360v2.0d\server\xm360server.exe" = protocol=6 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | "TCP Query User{F2D9E335-EF3C-459B-822F-4C68E8A67A3F}D:\development\ctech\bin\system\evs_mvs.exe" = protocol=6 | dir=in | app=d:\development\ctech\bin\system\evs_mvs.exe | "TCP Query User{F54642E8-B55F-49CF-8280-C8F9BD0453B0}C:\users\benni\appdata\local\temp\hng\live\hng.exe" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | "TCP Query User{FA73F4D8-370F-4DE3-88B7-81E9AFC987EB}D:\spiele\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=d:\spiele\age of conan\ageofconandx10.exe | "TCP Query User{FD31CEF4-A0D3-4DC1-B160-98B7AFFD169F}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "UDP Query User{0825BF85-3B18-4D28-978D-1C27C1CFED13}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe | "UDP Query User{0A30CF24-ABC9-47B7-B22C-523E0488716C}C:\users\benni\appdata\local\temp\hng\live\hng.exe" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\hng\live\hng.exe | "UDP Query User{0B946A16-AFED-4BBF-8766-E2870474918A}D:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\betatest\retailclient\swtor.exe | "UDP Query User{0C3B1E14-D1EE-4BFC-BB2E-26294598B72C}C:\users\benni\desktop\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\gw2\gw2.exe | "UDP Query User{12ADB369-E1BF-4EB8-B86B-3D052D2AED8D}C:\users\benni\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\temp\dsoclient\app.n3app | "UDP Query User{1531D1EB-C18A-4B3A-AC9E-70444A7BDE38}C:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\diablo-iii-8370-dede-installer-downloader.exe | "UDP Query User{21DB8703-898C-4C51-9257-8AD9936D5455}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "UDP Query User{2E86551D-93A6-4819-8406-94DAE9D1E718}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe | "UDP Query User{2FCC7AB3-996C-485E-992F-3CD2E0E1196D}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "UDP Query User{3E6E8BF1-E49C-45EE-A314-E077ECBA953B}D:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "UDP Query User{42B3FA22-5DAF-4FBE-ADF0-7702C66DDAF7}D:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold 3\bin\win32_release\stronghold3.exe | "UDP Query User{464E0D04-461C-40D8-A1ED-5C8249A082FF}D:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\spiele\tribes ascend beta\games\tribes alpha\binaries\win32\tribesascend.exe | "UDP Query User{4879A9F7-79F4-4670-A81E-4573C4E4ACBA}D:\spiele\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\spiele\orcs must die!\build\release\orcsmustdie.exe | "UDP Query User{4D342385-3F3F-4713-B48E-143753EA03CF}C:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\coccinella_messenger-0.96.20win\coccinella messenger-0.96.20win\coccinella messenger-0.96.20.exe | "UDP Query User{4EFB09A7-7227-46A8-8B6D-72C8A5FC1F58}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe | "UDP Query User{57BF8A03-275E-4D49-8927-B0F1E905DDD7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{5BD80E15-B0D1-4AA2-885B-9752728612B5}D:\spiele\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\spiele\tera\tera-launcher.exe | "UDP Query User{5FC7BB1A-2631-44CC-BE5D-79719A890D34}D:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\quimbo\garrysmod\hl2.exe | "UDP Query User{681B44C0-511E-4F01-9963-AD1BBAF03B8D}D:\spiele\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\spiele\age of conan\conanpatcher.exe | "UDP Query User{701974C1-9FF8-478F-9169-BD4423217054}C:\users\benni\desktop\xm360v2.0d\server\xm360server.exe" = protocol=17 | dir=in | app=c:\users\benni\desktop\xm360v2.0d\server\xm360server.exe | "UDP Query User{708B9BB3-6854-4FEE-B7EC-B23E5A8BDF1A}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe | "UDP Query User{7908DE28-236A-415E-8423-80268D5A8DD6}D:\spiele\anteworld\outerra.exe" = protocol=17 | dir=in | app=d:\spiele\anteworld\outerra.exe | "UDP Query User{7CB54EEF-0ED3-4E68-A06C-C40F95ACAF29}D:\spiele\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=d:\spiele\age of conan\ageofconandx10.exe | "UDP Query User{81E461D1-1F4A-4787-9AA0-5DDBA9A2D936}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{8D738B8B-F45E-42D4-A35C-2F21F1AA1A87}D:\spiele\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\altitude\altitude.exe | "UDP Query User{91D45B74-8955-4CCB-98D2-3DDA7F750ECD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{A947E0EA-3A36-46F2-A869-CDC20114935F}D:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "UDP Query User{AFE1F158-D667-4147-B1E5-2EEE7326D71D}D:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | "UDP Query User{B24DB0DA-EABA-4DE6-B47A-6F4EBD9A33B9}D:\spiele\kagtest\kag.exe" = protocol=17 | dir=in | app=d:\spiele\kagtest\kag.exe | "UDP Query User{B2ED5692-7494-422D-ACEF-293B6D7CC26B}D:\spiele\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\terraria\terrariaserver.exe | "UDP Query User{CC7A06FD-07BD-4015-9876-B441EE3DFDA6}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe | "UDP Query User{CDBAD26A-6921-4969-9262-EF6DC96BA2B6}D:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | "UDP Query User{D8AB5FE2-B5F4-4C45-9F62-296B4E1C282F}D:\spiele\steam\steamapps\common\dino d-day\dinodday.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dino d-day\dinodday.exe | "UDP Query User{DF220C34-E6D1-4B8A-84D6-394F0B98A0A5}D:\spiele\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\spiele\dead island\deadislandgame.exe | "UDP Query User{E88E72CC-B6E8-4E60-AA3C-C39E7F2DC3BF}D:\development\ctech\bin\system\evs_mvs.exe" = protocol=17 | dir=in | app=d:\development\ctech\bin\system\evs_mvs.exe | "UDP Query User{EB63AB75-6001-429A-B79F-15C9E21CCF0E}D:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win64\udk.exe | "UDP Query User{EC7EAC00-C927-4CB1-BF60-4A2E4111D8CA}D:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\development\privat\tools\udk\udk-2011-11\binaries\win32\udk.exe | "UDP Query User{ECD03BB1-69DB-402E-B01F-AB1867F41CC5}D:\development\ctech\mvs\bin\system\evs_mvs.exe" = protocol=17 | dir=in | app=d:\development\ctech\mvs\bin\system\evs_mvs.exe | "UDP Query User{F3280AC7-756E-4770-9169-E39C2BCCEB08}D:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | "UDP Query User{F5285A2D-4947-44B5-87DE-1C5FA64F013D}D:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "UDP Query User{F787A6F5-3A5C-4E2D-81FC-613B8EEA84AB}D:\spiele\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\spiele\saints row the third\saintsrowthethird_dx11.exe | "UDP Query User{F87FA1DB-5E4A-4D92-9671-0720E6E3777A}D:\spiele\kag\kag.exe" = protocol=17 | dir=in | app=d:\spiele\kag\kag.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64) "{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit) "{2d3a814a-84d8-4551-8744-0713ff38084c}.sdb" = Ausnahmen "{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1) "{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit "{3C5380EC-1D8B-45D2-B38A-4544DD0036D9}" = TortoiseSVN (64 bit) "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{502EAA3C-5887-4B62-83BC-7FCE593A8A89}" = ANTS Performance Profiler 6 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5E87F2AC-AD65-41AA-A4BD-7690A1197063}" = Extreme Optimization Numerical Libraries for .NET 4.1 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English "{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) "{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{745C765E-D512-4CC7-89C1-6D0467A43698}" = AMD gDEBugger "{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) "{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) "{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514) "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64) "{88BCE644-077B-457D-8F38-AAA16EF838C8}" = TortoiseHg 2.1.2 (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIOR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIOR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIOR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIOR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{94A320D4-3535-4E43-8F42-AF0714120A4B}" = ANTS Memory Profiler 7 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514) "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client "{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64) "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "AD7AB2629F8514508E17FEDAF4E26A36107ECC2D" = Windows-Treiberpaket - PrimeSense (psdrv3) PrimeSense (02/16/2011 "Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit "Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit "Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit "Blender" = Blender "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.18 "DriverAgent" = DriverAgent Plugin for Netscape by eSupport.com "HardlinkShellExt" = Link Shell Extension "LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit "MatlabR2011a" = MATLAB R2011a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Office14.VISIOR" = Microsoft Visio Premium 2010 "R for Windows 2.13.1_is1" = R for Windows 2.13.1 "Sandboxie" = Sandboxie 3.62 (64-bit) "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "TeamSpeak 3 Client" = TeamSpeak 3 Client "The Secret World_is1" = The Secret World "UDK-1c0b2f4b-0a2b-4597-9605-c7a038e67278" = Unreal Development Kit: 2011-11 "Very Sleepy_is1" = Very Sleepy version 0.82 "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{03190AA6-34C6-455F-8B60-7678DA7F39B4}" = Telerik RadControls for WPF Q2 2011 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0548CCF2-2AED-4A66-81B3-FB3B5F89013D}" = Telerik RadControls for WPF Q3 2011 "{055FD05B-BF37-4DA8-9504-88E46552CF43}" = QuickTime SDK "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1 "{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{134A5765-D59B-4160-8C70-B84BF9F53DF9}" = GhostDoc "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{39FC5346-05D2-44C0-B350-CC01A00ED9B4}" = AutoMe "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8 "{3BDB3C8A-536D-423A-BE27-0CEF2A0819D3}" = Subversion "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1 "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{5061ACBA-7A0A-42FE-93FF-403B2099D200}" = Autodesk Essential Skills Movies for 3ds Max 2013 32-bit "{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy "{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = ThunderFix "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013 "{59F8CFA2-FFCB-4B3F-A086-E02888932DF5}" = OpenNI for Windows "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0 "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5F560088-E62D-4099-924D-ED7F241045E7}" = Mindscape WPF Elements "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{696BB53C-28E6-1632-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 32-bit "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{79130390-599A-0409-93EB-B6A759E2ABB0}" = Autodesk 3ds Max 2013 32-bit "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{816C1C1A-59E3-4F81-A99C-A21BCB0A2D8E}" = VisualHG 1.1.5 "{81ABC4A0-DE63-11DE-8A39-0800200C9A66}" = FreeCAD 0.11 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84A0E102-00FD-4E84-A40A-F02E9A7FEBD6}" = BlueStacks (beta-1) "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum "{90C5C0B5-923C-4BE0-9A0C-98266CA6E170}" = Path of Exile "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{92203FA0-7C43-429F-857C-0AE197D8199C}" = Composite 2013 "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{96B09983-73D9-4E4B-BCDE-67A1EDC6FD5C}" = Telerik RadControls for WPF Q1 2011 SP1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{ABFD2603-877A-474E-B595-339D900B4E60}" = ArcObjects SDK for the Microsoft .NET Framework "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.4-alpha-1 "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{C018B886-B05B-4B13-B750-AC5956465548}" = nFringe 1.1 ( "{C08257CE-4608-43FE-AFB9-241E6AD252D1}" = JetBrains ReSharper 6.1 "{C1EF1AC4-F1D1-40CD-B9FB-29F954AE23AC}" = EnterVol License Server "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "{C7D890CF-B8BC-41CD-8BCB-D86E1653CB54}" = EnterVol "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX "{E7959656-855A-4414-BEFE-4E79D37D927C}" = AnkhSVN 2.3.10838.1211 "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EBF0AFAA-F07B-4279-9EAF-652788B9CF6D}" = Draft IT "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A04242-C4E7-414C-9E57-C0351DAA87D3}" = StyleCop "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "1489-3350-5074-6281" = JDownloader 0.9 "abgx360" = abgx360 v1.0.5 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.1.0 "AMD GPU Clock Tool" = AMD GPU Clock Tool "ArcGIS Desktop 10" = ArcGIS Desktop 10 "ArcGIS Desktop 10 SP2" = ArcGIS Desktop 10 Service Pack 2 "ArcGIS License Manager 10" = ArcGIS License Manager 10 "ArcObjects SDK for the Microsoft .NET Framework" = ArcObjects SDK for the Microsoft .NET Framework "ArcObjects SDK for the Microsoft .NET Framework SP2" = ArcObjects SDK for the Microsoft .NET Framework 10 Service Pack 2 "Autodesk 3ds Max 2013 32-bit" = Autodesk 3ds Max 2013 32-bit "Autodesk FBX Plug-in 2013.1 - 3ds Max 2013" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 "AutoItv3" = AutoIt v3.3.6.1 "boost_1_44" = Boost C++ Libraries 1.44 "boost_1_46_1" = Boost C++ Libraries 1.46.1 "boost_1_47" = Boost C++ Libraries 1.47 "Botanicula_is1" = Botanicula "C Tech Software 9.64" = C Tech Software, Version 9.64 "CGAL-3.8" = CGAL-3.8 -- Computational Geometry Algorithms Library, version 3.8 "CGAL-3.9" = CGAL-3.9 -- Computational Geometry Algorithms Library, version 3.9 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "Cluster_is1" = Cluster 3.0 "CMake 2.8.8" = CMake 2.8, a cross-platform, open-source build system "CMINPACK" = CMINPACK 1.1.3 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CorsixTH" = CorsixTH Beta 8 "DAEMON Tools Lite" = DAEMON Tools Lite "Deponia" = Deponia "Diablo III" = Diablo III "DjVuLibre+DjView" = DjVuLibre+DjView "doxygen_is1" = doxygen 1.7.4 "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "Eigen" = Eigen 3.0.0 "Endless Space_is1" = Endless Space "EnterVol 1.5.0" = EnterVol "EnterVol License Server 1.4.0" = EnterVol License Server "ESN Sonar-0.70.0" = ESN Sonar "FileZilla Client" = FileZilla Client 3.5.3 "flann" = flann 1.6.9 "FLV Player" = FLV Player 2.0 (build 25) "FogBugz for Visual Studio_is1" = FogBugz for Visual Studio 3.0 "Git_is1" = Git version 1.7.7-preview20111014 "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.2 "GSview 4.9" = GSview 4.9 "ImgBurn" = ImgBurn "Inkscape" = Inkscape 0.48.2 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19 "KilnClient_is1" = Kiln Client ( "King Arthur's Gold (Alpha)_is1" = KAG 0.9A TEST "KProbe" = KProbe 2.5.2 "LEd_is1" = LEd Beta 0.53 "LyX20" = LyX 2.0.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MediaMonkey_is1" = MediaMonkey 4.0 "MeshLab" = MeshLab 1.3.0 "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010) "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.50 "Notepad++" = Notepad++ "ntfslink_is1" = NTFS Link 2.1 "OpenAL" = OpenAL "OpenMesh" = OpenMesh v2.1.1 "Opera 12.00.1467" = Opera 12.00 "Origin" = Origin "Outerra Anteworld" = Outerra - Anteworld - Outerra Anteworld Demo "ParaView" = ParaView-3.10.1 a cross-platform, open-source visualization system "PCL" = PCL-1.2.0 "Pidgin" = Pidgin "PunkBusterSvc" = PunkBuster Services "Qt Visual Studio Add-in 1.1.10 - C:_Program Files (x86)_Nokia_Qt4VSAddin" = Qt Visual Studio Add-in 1.1.10 "Sapphire TRIXX" = Sapphire TRIXX "SciTE4AutoIt3" = SciTE4AutoIt3 7/3/2011 "Spark" = Spark "Steam App 102600" = Orcs Must Die! "Steam App 104700" = Super MNC Invitational "Steam App 105600" = Terraria "Steam App 108500" = Vessel "Steam App 115110" = Stacking "Steam App 12210" = Grand Theft Auto IV "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 200210" = Realm of the Mad God "Steam App 205910" = Tiny and Big: Grandpa's Leftovers "Steam App 205929" = Tiny and Big Preorder "Steam App 207170" = Legend of Grimrock "Steam App 209080" = Guns of Icarus Online "Steam App 209870" = Blacklight: Retribution "Steam App 211" = Source SDK "Steam App 212050" = Resonance "Steam App 218" = Source SDK Base 2007 "Steam App 220" = Half-Life 2 "Steam App 22230" = Rock of Ages "Steam App 24200" = DC Universe Online "Steam App 24780" = SimCity 4 Deluxe "Steam App 32360" = The Secret of Monkey Island: Special Edition "Steam App 32460" = Monkey Island 2: Special Edition "Steam App 33460" = From Dust "Steam App 35130" = Lara Croft and the Guardian of Light "Steam App 39800" = Nation Red "Steam App 4000" = Garry's Mod "Steam App 440" = Team Fortress 2 "Steam App 48000" = LIMBO "Steam App 620" = Portal 2 "Steam App 62100" = Chime "Steam App 65800" = Dungeon Defenders "Steam App 7760" = X-COM: UFO Defense "Steam App 7770" = X-COM: Enforcer "Steam App 8190" = Just Cause 2 "Steam App 92800" = SpaceChem "Steam App 97000" = Solar 2 "Steam App 99900" = Spiral Knights "SystemRequirementsLab" = System Requirements Lab "Take On Helicopters" = Take On Helicopters "TDM-GCC" = TDM-GCC "Texmaker" = Texmaker "TrueCrypt" = TrueCrypt "Vessel_is1" = Vessel "VLC media player" = VLC media player 1.1.11 "VMware_Workstation" = VMware Workstation "VTK" = VTK 5.6 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinMerge_is1" = WinMerge 2.12.4 "WinPcapInst" = WinPcap 4.1.2 "WinShell_is1" = WinShell "Wireshark" = Wireshark 1.6.8 (64-bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GoToMeeting" = GoToMeeting "Qt SDK" = Qt SDK "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ System Events ] Error - 31.07.2012 03:17:41 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:17:41 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:22:11 | Computer Name = Benni-ITX | Source = DCOM | ID = 10005 Description = Error - 31.07.2012 03:22:11 | Computer Name = Benni-ITX | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.131.956.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8601.0 Fehlercode: 0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:22:39 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.07.2012 03:24:49 | Computer Name = Benni-ITX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Die Dateien EHeO58kG.exe hatte ich manuell in EHeO58kGu.exe umbenannt, danach konnte ich erst den abgesicherten Modus booten (hatte im Eingangspost fälschlicherweise behauptet, die gelöscht zu haben). Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.07.31.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Benni :: BENNI-ITX [Administrator] 31.07.2012 10:00:04 mbam-log-2012-07-31 (12-26-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1287508 Laufzeit: 2 Stunde(n), 26 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Administrator\AppData\Roaming\EHeO58kGu.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt. C:\Users\Benni\AppData\Local\Temp\deo0_sar.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt. C:\Users\Benni\AppData\Roaming\EHeO58kGu.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt. (Ende) Geändert von Killy80 (31.07.2012 um 04:28 Uhr) |
![]() | #2 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?![]() Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = {4221ADAC-8331-47d8-8385-2CB3BB10B17A} IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..network.proxy.http: "" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost,, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 [2012.07.31 09:20:46 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTS.exe @Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939 [2012.03.08 23:17:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.08 23:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.08 23:17:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.08 23:17:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.08 23:17:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.08 23:17:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml :Files C:\Users\Benni\AppData\Local\Temp\* ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
![]() | #3 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Anbei das Log vom OTL Fix. Hab immernoch keinen Zugriff auf den Taskmanager und sehe keine Symbole auf dem Desktop (im Abgesicherten).
__________________Kann ich nun erstmal wieder den Normalmodus starten? Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4221ADAC-8331-47d8-8385-2CB3BB10B17A}\ not found. Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A873D727-BDD3-487c-A6C2-920998CF6839}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A873D727-BDD3-487c-A6C2-920998CF6839}\ not found. Registry key HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BF34AD08-E060-485f-B582-CE2462B0F46C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF34AD08-E060-485f-B582-CE2462B0F46C}\ not found. HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "" removed from network.proxy.http Prefs.js: 80 removed from network.proxy.http_port Prefs.js: "localhost,, stealthy.co" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\Users\Benni\Desktop\OTS.exe moved successfully. ADS C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} deleted successfully. ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully. ========== FILES ========== C:\Users\Benni\AppData\Local\Temp\.NETFramework,Version=v4.0,Profile=Client.AssemblyAttributes.cs moved successfully. C:\Users\Benni\AppData\Local\Temp\.NETFramework,Version=v4.0.AssemblyAttributes.cs moved successfully. C:\Users\Benni\AppData\Local\Temp\0b0677b65bfa43a8860a3320a6dc665d.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\1489AFE4.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\1764e5dcdd2d4abf9c7ff837aa369855.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\1a947e093699414ab70893523ed36922.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\271f3e243ab84852a85ded8dfcc6f837.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\36c9428a0e5543d9ad383cf0351f725e.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\36ea57b079814119a4cc6a477bbcb9de.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\3cdd702e81914c089df8435cf7fb053c.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\3ds Max Design 2013 Setup.log moved successfully. C:\Users\Benni\AppData\Local\Temp\3tgljru4.gc0 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\3txxxhiz.err moved successfully. C:\Users\Benni\AppData\Local\Temp\3txxxhiz.out moved successfully. C:\Users\Benni\AppData\Local\Temp\4102e356626f478fbb80e0ae88bcb5a5.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\43b416913c14478c8e68a37b9b85c39e.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\4ea2c9b4d6f442c8ad7f6944cf28569b.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\5ef12f28a69545f1b7e2e6e47643a202.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\6d3cc5c1439042a39c693efbd938b393.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\759f0470e39d4c8dbc4549869b8ca70e.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\7ddc40692b014abea5751a6fb764c4a1.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\7dVq6qNW.odt.part moved successfully. C:\Users\Benni\AppData\Local\Temp\8f3046431a9542e19e399c06183f468b.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\9df6672b44ce4980b56a6c01070e529d.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\9e96581986b144a99cd1710513aa769a.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\9f3c5463f54143aeb34f249da94caacb.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\AcDeltree.exe moved successfully. C:\Users\Benni\AppData\Local\Temp\ACIS.ac$ moved successfully. C:\Users\Benni\AppData\Local\Temp\acro_rd_dir folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Adobe\Acrobat\10.0 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Adobe\Acrobat folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Adobe folder moved successfully. C:\Users\Benni\AppData\Local\Temp\AdobeARM.log moved successfully. C:\Users\Benni\AppData\Local\Temp\aecD139.xml moved successfully. C:\Users\Benni\AppData\Local\Temp\amt3.log moved successfully. C:\Users\Benni\AppData\Local\Temp\b651c9604f704bf7b95c3f4dbad4ad03.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\ba982e628bd1442fa26a0070e033801e.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\c353bf589feb41da86cd77e74bb7c0df.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\Cheat Engine folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CheatEngine62Clean.exe moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logEFA2.tmp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logD3FC.tmp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\logD0C0.tmp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\log550D.tmp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880\log1F47.tmp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting\880 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs\gotomeeting folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CitrixLogs folder moved successfully. C:\Users\Benni\AppData\Local\Temp\CivilView Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\COMPOSITE Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\comtypes_cache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Cookies folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Temp folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Summary folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Report folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\Profile folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner\setup folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\decleaner folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner\de-de folder moved successfully. C:\Users\Benni\AppData\Local\Temp\decleaner folder moved successfully. C:\Users\Benni\AppData\Local\Temp\DirectConnect2013Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\e50fc3dcffd64eabab43e1eec6088b7e.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\ESM Design_Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\events.log moved successfully. C:\Users\Benni\AppData\Local\Temp\f856d0a119cc4491afbb20743de64f1f.tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\fontconfig\cache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\fontconfig folder moved successfully. File move failed. C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. C:\Users\Benni\AppData\Local\Temp\gDEBugger-Benni.log moved successfully. C:\Users\Benni\AppData\Local\Temp\History\History.IE5 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\History folder moved successfully. C:\Users\Benni\AppData\Local\Temp\hsperfdata_Benni folder moved successfully. C:\Users\Benni\AppData\Local\Temp\HULFont000.ttf moved successfully. C:\Users\Benni\AppData\Local\Temp\incredibar_installer.exe moved successfully. C:\Users\Benni\AppData\Local\Temp\InventorRegistrationLog_20120730211208_00000029.log moved successfully. C:\Users\Benni\AppData\Local\Temp\InventorRegistrationLog_20120730211236_00000029.log moved successfully. C:\Users\Benni\AppData\Local\Temp\Inventor_Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\jna3941414430862403539.dll moved successfully. C:\Users\Benni\AppData\Local\Temp\jna5825776796242891858.dll moved successfully. C:\Users\Benni\AppData\Local\Temp\MaxDesInstall64.log moved successfully. C:\Users\Benni\AppData\Local\Temp\Mixamo.log moved successfully. C:\Users\Benni\AppData\Local\Temp\MozillaMailnews folder moved successfully. C:\Users\Benni\AppData\Local\Temp\MSBuild_7a2ab98d-eaac-4298-94fa-281c70bf1a2b moved successfully. C:\Users\Benni\AppData\Local\Temp\MSI9736.LOG moved successfully. C:\Users\Benni\AppData\Local\Temp\mx093DFB92E82B484695C866CFE03E9EB5.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx0CAD9E6C922A4B21BBA6039EF4D7FE78.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx1611E05D926749A8899C13822D12FE89.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx1883142C2E23480D965C20F0E23D33A1.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx1978AB4D172F4E8D9598F08E38927172.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx1B9A7905B29C41DBA823957DB9DE41D7.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx229EEEC257FE49A9A93CF3F854AB5D0A.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx2321B0DB7EA94A52AC91CDFCBFE3EE47.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx23B8B01524FB4EE2BC33B1DD7668A3A9.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx23EA1F593AD843ABA7E97101EC325C8F.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx4810508EDC644879B87045173D879A82.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx5C8DC44DC09F42C9892B2C4B0A65EC52.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx6F4B02E2D7804EE2BB4B548A0A240FB4.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx8EB8BF9E513346E8882D1CAEE4C4DF00.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx9A041B1F4C314713B8BE1877456F48C7.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mx9B4FC76483554E15966468734D6E2EC2.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxA23DE6497DFA4F76854808F38F4B944F.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxA365635277C74A45B40E0733EACA1A73.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxCE5E0039E59749E39DF7262FDFCC3F7E.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxE0DF299A900440BEB820C4F2433115F8.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxF99D09AD795F4D0490D6112EA7D77EDA.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\mxFDE422FF5CD449E4B062958DEC697A01.gdb folder moved successfully. C:\Users\Benni\AppData\Local\Temp\MyBabylonTB.exe moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs118764960\118764960_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs118764960 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs155065508\155065508_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs155065508 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs173984060\173984060_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs173984060 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs178526272\178526272_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs178526272 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs180963468\180963468_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs180963468 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs186786308\186786308_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs186786308 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs305998256\305998256_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs305998256 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs308127468\308127468_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs308127468 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs308873020\308873020_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs308873020 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs38537408\38537408_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs38537408 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs5298356\5298356_TextureCache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\ogs5298356 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\oobelib.log moved successfully. C:\Users\Benni\AppData\Local\Temp\opera-20120721234348 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\patchlist.xml moved successfully. C:\Users\Benni\AppData\Local\Temp\PDApp.log moved successfully. C:\Users\Benni\AppData\Local\Temp\ProductInformation.pit moved successfully. C:\Users\Benni\AppData\Local\Temp\prof.log moved successfully. C:\Users\Benni\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile moved successfully. C:\Users\Benni\AppData\Local\Temp\qtsingleapplication-44c1-1-lockfile moved successfully. C:\Users\Benni\AppData\Local\Temp\qtsingleapplication-5e9b-1-lockfile moved successfully. C:\Users\Benni\AppData\Local\Temp\rasterproxies folder moved successfully. C:\Users\Benni\AppData\Local\Temp\RevitCustom.log moved successfully. C:\Users\Benni\AppData\Local\Temp\Revit_Install.log moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir10024 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir10046 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir10247 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir10250 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir1035 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir10459 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir11798 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12118 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12352 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12372 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12532 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12643 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12724 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12775 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir12987 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir1406 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14107 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14202 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14205 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14368 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14453 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir14770 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir15671 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir15792 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir15914 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir15965 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir16016 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir16092 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir16244 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir16326 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir16794 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir1711 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir17232 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir17404 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir17750 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir17823 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir18137 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir18441 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir18817 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir18872 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir18964 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir19093 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir19386 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir19425 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir19677 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir19809 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir20038 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir20040 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir20074 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir20532 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir20568 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir21036 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir22041 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir22115 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir22145 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir22269 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir22552 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir24078 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir24173 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir24281 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir24615 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir2489 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25077 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25226 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25337 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25356 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25510 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25531 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25622 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir25641 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir26539 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir26630 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir26653 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir26846 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir26996 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27035 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27439 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27497 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27537 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27585 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27754 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir27763 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir28761 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir2880 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29089 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29114 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29201 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29395 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29454 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29527 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29538 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29603 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29739 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29759 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29877 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29884 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir29968 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir30927 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir311 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir314 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31534 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31671 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31753 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31889 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31913 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir31936 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32125 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32235 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32313 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32352 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32359 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32473 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir32486 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir3784 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir3849 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir3966 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir405 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir417 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir4754 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir4774 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir4836 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir4885 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir5659 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6231 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6316 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6357 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6419 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6425 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6428 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6498 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6677 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir6703 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir747 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir7663 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir7745 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir8068 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir8277 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir8425 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\scoped_dir8882 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\SingleClickMax.log moved successfully. C:\Users\Benni\AppData\Local\Temp\SingleClickMaxRevit.log moved successfully. C:\Users\Benni\AppData\Local\Temp\SUPERSetup folder moved successfully. C:\Users\Benni\AppData\Local\Temp\swtag.log moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZU373KAR folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\WQADR916 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\IUJ0VGJP folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0JCWSM0Y folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\Temporary Internet Files folder moved successfully. C:\Users\Benni\AppData\Local\Temp\tks_temp_Benni.tks moved successfully. C:\Users\Benni\AppData\Local\Temp\UCDebugger folder moved successfully. C:\Users\Benni\AppData\Local\Temp\UnityWebPlayer\log folder moved successfully. C:\Users\Benni\AppData\Local\Temp\UnityWebPlayer folder moved successfully. C:\Users\Benni\AppData\Local\Temp\UpdateCheckerSetup.exe moved successfully. C:\Users\Benni\AppData\Local\Temp\V.class moved successfully. C:\Users\Benni\AppData\Local\Temp\w1xyjqt5.rv1 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\whd1luxd.jxq folder moved successfully. C:\Users\Benni\AppData\Local\Temp\WPDNSE folder moved successfully. C:\Users\Benni\AppData\Local\Temp\_ADSK_(7724DE60).tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\_ADSK_(77252447).tmp moved successfully. C:\Users\Benni\AppData\Local\Temp\_esri_search_temp6428 folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{153FB2DD-A2CE-4A41-A632-23A7B045FC82} folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{90361D72-ACD0-4E28-AE78-F29EC32700D2} folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঠ爉ঠ䶠燠ঠ`\Cache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঠ爉ঠ䶠燠ঠ` folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঊ漙ঊ䶠滰ঊ`\Cache folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\dataঊ漙ঊ䶠滰ঊ` folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215}\data folder moved successfully. C:\Users\Benni\AppData\Local\Temp\{C700A8C1-9E65-1582-C2A8-00C7659E8215} folder moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF1B7846327AF4ADAB.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF22D0F34655F03B4D.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF24D7A81C44E07CA7.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF26EDA9788377B736.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF2B06AF5DA6747410.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF2EA1784EC22EE81D.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF316872F330C6159F.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF31B3C87F9000F6F1.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF33A06FAB7D50CFF9.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF3A4E27C9B2CA67BC.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF3CC2273931B39D81.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF3FC2B76380BD7B36.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF492B0C3ED21EF3A5.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF4DAD777D88B77365.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF51A1709E8F19834D.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF5A750632C962D371.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF763AC482CC5E5157.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF7AE1EF402E850EC2.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF7B8DD05B705FA099.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF9234BBFF32CE7CB1.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF93F3EF5A2C3C1225.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DF9B5F2B6A37400FE3.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFA58C96D5A8ABD070.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFA5F2A4971F38A1AC.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFA6352D9CF946A7E9.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFA989702261A77B39.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFBBEA2B02CF8E3CAA.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFBD221CFE82114471.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFC83EAA0D1B66BCAA.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFCFC92F82EB0BE2F5.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFDB7AFEF721B6A758.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFDFE5BAA9BEBA602E.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFEE240C73B4682BD6.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFEF4D2AD5DB5ADA20.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFFA45570FCAC02F5B.TMP moved successfully. C:\Users\Benni\AppData\Local\Temp\~DFFBEFA693DDB049D0.TMP moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Benni\Desktop\cmd.bat deleted successfully. C:\Users\Benni\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 281453 bytes ->Temporary Internet Files folder emptied: 432812 bytes ->Flash cache emptied: 57067 bytes User: All Users User: Benni ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5173190 bytes ->Java cache emptied: 5326492 bytes ->FireFox cache emptied: 54892080 bytes ->Opera cache emptied: 188 bytes ->Flash cache emptied: 58398 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 35845160 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 17479765695 bytes Total Files Cleaned = 16.768,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Benni ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version log created on 07312012_170039 |
![]() | #4 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Ja starte im normal Modus! Sehr gut! ![]() 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
![]() | #5 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Malwarebytes hat nichts mehr gefunden. Hier das Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:14:11 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Benni - BENNI-ITX # Running from : C:\Users\Benni\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\DT Soft [x64] Key Found : HKCU\Software\StartSearch ***** [Registre - GUID] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\tdiz7m1v.default\prefs.js [OK] File is clean. -\\ Opera v12.0.1467.0 File : C:\Users\Benni\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1259 octets] - [31/07/2012 17:14:11] ########## EOF - C:\AdwCleaner[R1].txt - [1387 octets] ########## |
![]() | #6 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Sehr gut! ![]()
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? |
![]() | #7 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Danke erstmal soweit. Hier das Log von Emsisoft. Dazu muss ich leider sagen, dass ich bei ca 50% von Festplatte D abgebrochen habe, da das Ganze ewig gedauert hat. Ausser den Dateien im _OTL Ordner sind die Anderen höchstwahrscheinlich False Positives. Das ist z.B. bei den Dateien im PCL Ordner schon länger bekannt. TemplateTestApp.exe ist sogar ein selbstgeschriebenes Programm. Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 31.07.2012 17:57:56 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 31.07.2012 17:58:27 C:\_OTL\MovedFiles\07312012_170039\C_Users\Bengt\AppData\Local\Temp\CheatEngine62Clean.exe gefunden: Trojan.Win32.CheatEngine.AMN!E1 C:\_OTL\MovedFiles\07312012_170039\C_Users\Bengt\AppData\Local\Temp\MyBabylonTB.exe gefunden: Riskware.Win32.Toolbar.Babylon.AMN!E1 C:\Users\Bengt\Documents\Visual Studio 2010\Projects\TemplateTestApp\Release\TemplateTestApp.exe gefunden: Trojan.Win32.Swrort!E2 C:\Users\Bengt\Desktop\Clustering\opencv\build\bin\Debug\opencv_test_gpud.exe gefunden: HackTool.Win32.Agent!E2 C:\Program Files (x86)\PCL\bin\convert_pcd_ascii_binary-gd.exe gefunden: HackTool.Win32.Agent!E2 C:\Program Files (x86)\PCL\bin\pcd_convert_NaN_nan.exe.vir gefunden: Backdoor.Win32.Poison!E2 C:\Program Files (x86)\PCL\bin\pcd_convert_NaN_nan-gd.exe gefunden: HackTool.Win32.Agent!E2 C:\Program Files (x86)\PCL\bin\pcd_viewer-gd.exe gefunden: Backdoor.Win32.Poison!E2 C:\Program Files (x86)\PCL\bin\pcl_features-gd.dll gefunden: Backdoor.Win32.Poison!E2 C:\Program Files (x86)\OpenFlipper\Debug\Plugins\Plugin-FileOVM.dll gefunden: Backdoor.Win32.Poison!E2 C:\Program Files (x86)\OpenFlipper\Debug\Plugins\Plugin-FileSKL.dll gefunden: Backdoor.Win32.Poison!E2 C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe gefunden: Trojan.Win32.CheatEngine.AMN!E1 C:\Program Files (x86)\AutoIt3\SciTE\AutoItMacroGenerator\TheHook.dll gefunden: Riskware.Monitor.Win32.Hooker.s!E1 C:\Program Files\Red Gate\ANTS Memory Profiler 7\Tutorials\VB\MandelbrotVB\MandelbrotVB.exe gefunden: Worm.Win32.Dorkbot!E2 Gescannt 1181027 Gefunden 14 Scan Ende: 31.07.2012 21:14:33 Scan Zeit: 3:16:06 |
![]() | #8 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Log vom adwCelaner? http://www.trojaner-board.de/120831-...tml#post879602 |
![]() | #9 | |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?Zitat:
EDIT: Sorry, hatte das Delete Log mit dem ersten Log verwechselt. Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:46:11 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Benni - BENNI-ITX # Running from : C:\Users\Benni\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\DT Soft ***** [Registre - GUID] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\tdiz7m1v.default\prefs.js [OK] File is clean. -\\ Opera v12.0.1467.0 File : C:\Users\Benni\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1382 octets] - [31/07/2012 17:14:11] AdwCleaner[S1].txt - [1163 octets] - [31/07/2012 17:46:11] ########## EOF - C:\AdwCleaner[S1].txt - [1291 octets] ########## |
![]() | #10 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Sehr gut! ![]() Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
![]() | #11 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? ESET Log (alle Laufwerke voll gescannt): Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=ff1d34abef7c9f4c919e81fed1ee0f41 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-01 02:12:29 # local_time=2012-08-01 04:12:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 12641783 95402065 0 0 # compatibility_mode=8192 67108863 100 0 151 151 0 0 # scanned=1061693 # found=1 # cleaned=1 # scan_time=14933 C:\_OTL\MovedFiles\07312012_170039\C_Users\Benni\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
![]() | #12 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
![]() | #13 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Hab ich gemacht, wie gehts weiter? Und wie krieg ich den Taskmanager und den Desktop wieder? ![]() Aber danke erstmal! ![]() |
![]() | #14 |
/// Helfer-Team ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Was ist mit dem Desktop? CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
![]() | #15 |
![]() | ![]() deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? Ich hab keine Symbole auf dem Desktop und der Task-Manager sagt, er sei durch einen Admin gesperrt (habe die Gruppenrichtlinien hierzu gecheckt, da scheint alles ok). EDIT: Sehe gerade, der Task-Manager geht wieder. Weiß jetzt nicht welcher Schritt geholfen hat, aber es geht ![]() Immernoch keine Desktopsymbole. OTL.txt: Code:
ATTFilter OTL logfile created on: 01.08.2012 16:17:13 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Benni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,03% Memory free 15,97 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 57,89 Gb Free Space | 29,65% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 383,51 Gb Free Space | 52,09% Space Free | Partition Type: NTFS Drive F: | 4,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BENNI-ITX | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.01 16:14:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe PRC - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe PRC - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe PRC - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.04.23 16:20:36 | 001,670,144 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 19:34:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.06.14 08:36:05 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.14 08:35:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:35:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.09 18:54:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.09 17:05:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 17:05:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.09 17:05:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.09 17:05:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.09 17:05:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.09 17:05:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.31 16:56:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.19 14:36:32 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.26 19:16:36 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012.04.26 19:15:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.04.24 20:28:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.24 23:46:53 | 000,374,272 | ---- | M] (C Tech Development Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\C Tech\CTech.License.Service.exe -- (CTech.License.Service.exe) SRV - [2012.01.24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.23 15:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.11.10 22:52:01 | 000,145,408 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 6 Service) SRV - [2011.11.10 22:51:58 | 000,174,008 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Programme\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service) SRV - [2011.09.15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32) SRV - [2011.08.22 18:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.08.22 18:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.08.22 17:34:52 | 011,837,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.08.22 16:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.22 00:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.08.07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.02 21:59:44 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.08.22 18:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.08.22 18:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.08.22 16:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.08.22 16:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.08.22 00:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.07.04 20:35:59 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.13 13:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.04.28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64) DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2007.04.27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2007.04.27 07:40:00 | 000,056,872 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64) DRV - [2012.08.01 15:43:12 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.04.26 19:16:30 | 000,075,104 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2011.11.23 15:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2011.07.05 23:49:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2011.07.01 01:23:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2010.09.22 16:31:34 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002.07.17 03:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 4F ED 94 75 37 CC 01 [binary data] IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: ", stealthy.co" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 16:56:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 03:21:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2011.10.01 21:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.07.30 18:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions [2012.01.24 19:49:16 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\tdiz7m1v.default\extensions\npretoxlive@live.heroesandgenerals.com [2012.05.21 23:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.30 18:56:54 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TDIZ7M1V.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.31 16:56:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2012.07.04 05:17:53 | 000,002,077 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: ***** O1 - Hosts: 15 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe () O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O7 - HKU\S-1-5-21-1698229701-1306037958-2253674869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907F05D5-4F56-4E56-B226-B36102B34431}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F72A69-FFB5-455F-BDE6-D17CADF887C8}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.02.22 20:35:36 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) MsConfig:64bit - StartUpReg: BlueStacks App Player - hkey= - key= - C:\Program Files (x86)\BlueStacks\HD-FrontEnd.exe (BlueStack Systems, Inc.) MsConfig:64bit - StartUpReg: hlRuESAqYEn6vel - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: vmware-tray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {1764AB49-1BBF-A8B3-EF99-A2BF1655B4E4} - Internet Explorer ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {3C637055-BA38-8D2E-E298-02909B416CFF} - Browser Customizations ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B18C9A71-2ACE-08F5-8A9C-DED18EC07167} - Themes Setup ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EA7D21E-5B80-2898-982D-7C56939508C3} - Browser Customizations ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {62844525-1D83-4F2E-8FB4-F90A85A4451E} - Internet Explorer ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9DEF786C-0309-5127-F12A-275952191F98} - Browser Customizations ActiveX: {BB6B3481-B35C-C1D8-A6E6-82A744E3C2AD} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EBB70E44-DF18-AE49-8EB9-E6EDA34C46C2} - Java (Sun) ActiveX: {F20A945C-5C10-21D9-A1F3-F63E15F54DC9} - .NET Framework ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {T9yd0xvX-wKoC-Odsf-7vSX-pYWA9BY4CApc} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.01 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.01 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.01 00:00:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe [2012.07.31 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.31 17:55:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Anti-Malware [2012.07.31 17:00:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.31 14:20:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.07.31 09:16:27 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012.07.31 09:13:39 | 000,000,000 | ---D | C] -- C:\logs [2012.07.30 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Roaming [2012.07.30 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 3dsMaxDesign [2012.07.30 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Inventor Server x64 Direct Connect [2012.07.30 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\3dsMaxDesign [2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012.07.30 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012.07.25 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2012.07.25 04:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.25 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.25 04:33:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes [2012.07.25 04:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 04:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.25 04:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.24 01:25:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\inkscape [2012.07.24 01:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2012.07.16 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LucasArts [2012.07.15 21:53:53 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\SimCity 4 [2012.07.09 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\FLiNGTrainer [2012.07.09 02:38:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\My Cheat Tables [2012.07.09 02:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2012.07.09 02:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2012.07.08 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Endless Space [2012.07.08 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive [2012.07.07 02:49:56 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\client_update1 [2012.07.06 02:42:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DT-Template-R8 [2012.07.02 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12 [2012.07.02 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\diplomarbeit-vorlage-latex ========== Files - Modified Within 30 Days ========== [2012.08.01 16:14:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012.08.01 15:51:12 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 15:51:12 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 15:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.01 15:42:36 | 2134,396,927 | -HS- | M] () -- C:\hiberfil.sys [2012.08.01 04:14:02 | 001,627,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.01 04:14:02 | 000,701,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.01 04:14:02 | 000,656,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.01 04:14:02 | 000,150,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.01 04:14:02 | 000,123,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.01 00:00:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe [2012.07.31 21:58:01 | 000,002,934 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.31 12:41:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 09:27:40 | 000,002,026 | ---- | M] () -- C:\Users\Benni\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 09:27:40 | 000,001,955 | ---- | M] () -- C:\Users\Benni\Desktop\Avira DE-Cleaner.lnk [2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Quark Updater.job [2012.07.28 01:05:22 | 000,003,048 | ---- | M] () -- C:\Users\Benni\.recently-used.xbel [2012.07.27 05:19:36 | 000,007,606 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2012.07.27 00:43:14 | 000,847,210 | ---- | M] () -- C:\Users\Benni\Desktop\ma002.pdf [2012.07.27 00:31:20 | 000,118,763 | ---- | M] () -- C:\Users\Benni\Desktop\surface-curvature.pdf [2012.07.26 23:54:14 | 000,108,078 | ---- | M] () -- C:\Users\Benni\Desktop\curvature.pdf [2012.07.25 15:26:42 | 000,001,602 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.21 23:46:04 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.12 22:48:01 | 000,000,382 | ---- | M] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf [2012.07.12 16:00:54 | 005,051,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.08 15:56:48 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.06 02:42:16 | 000,105,897 | ---- | M] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip [2012.07.04 23:44:18 | 000,002,199 | ---- | M] () -- C:\Users\Benni\.kdiff3rc [2012.07.04 16:41:23 | 003,207,754 | ---- | M] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 05:09:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.03 05:04:52 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.02 16:51:59 | 004,162,409 | ---- | M] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip [2012.07.02 16:42:46 | 000,001,543 | ---- | M] () -- C:\Users\Benni\Desktop\diploma.tex ========== Files Created - No Company Name ========== [2012.07.31 12:41:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 09:27:40 | 000,002,026 | ---- | C] () -- C:\Users\Benni\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 09:27:40 | 000,001,955 | ---- | C] () -- C:\Users\Benni\Desktop\Avira DE-Cleaner.lnk [2012.07.28 01:05:22 | 000,003,048 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel [2012.07.27 00:43:14 | 000,847,210 | ---- | C] () -- C:\Users\Benni\Desktop\ma002.pdf [2012.07.27 00:31:20 | 000,118,763 | ---- | C] () -- C:\Users\Benni\Desktop\surface-curvature.pdf [2012.07.26 23:54:14 | 000,108,078 | ---- | C] () -- C:\Users\Benni\Desktop\curvature.pdf [2012.07.25 15:26:42 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2012.07.24 01:24:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2012.07.12 22:48:01 | 000,000,382 | ---- | C] () -- C:\Users\Benni\Documents\ChatLog Meet Now 2012_07_12 22_48.rtf [2012.07.06 02:42:15 | 000,105,897 | ---- | C] () -- C:\Users\Benni\Desktop\DT-Template-R8.zip [2012.07.04 16:41:16 | 003,207,754 | ---- | C] () -- C:\Users\Benni\Desktop\Diplomarbeit.pdf [2012.07.03 05:05:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.02 16:51:56 | 004,162,409 | ---- | C] () -- C:\Users\Benni\Desktop\DA_SA-Tex-Vorlage-2010-05-12.zip [2012.07.02 16:43:07 | 000,001,543 | ---- | C] () -- C:\Users\Benni\Desktop\diploma.tex [2012.05.20 17:24:04 | 003,145,746 | ---- | C] () -- C:\Users\Benni\Depth.tga [2012.05.14 03:40:06 | 002,275,328 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll [2012.05.14 03:40:06 | 001,719,808 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-d-2.dll [2012.05.14 03:40:06 | 001,111,040 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-2.dll [2012.05.14 03:40:06 | 000,294,400 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-d-2.dll [2012.05.14 03:40:06 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-d-2.dll [2012.05.14 03:40:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-d-2.dll [2012.05.14 03:40:06 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-d-2.dll [2012.05.14 03:40:06 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-2.dll [2012.05.14 03:40:06 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-2.dll [2012.05.14 03:40:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-2.dll [2012.05.14 03:40:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-2.dll [2012.03.29 19:25:09 | 000,000,748 | ---- | C] () -- C:\Users\Benni\.OpenFlipperOpenFlipper.ini [2012.03.20 20:56:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll [2012.03.18 00:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.19 08:12:28 | 000,000,352 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\Network Meter_Settings.ini [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.17 16:50:21 | 000,000,288 | ---- | C] () -- C:\Users\Benni\SciTE.session [2011.12.17 16:49:57 | 000,015,239 | ---- | C] () -- C:\Users\Benni\abbrev.properties [2011.12.08 03:02:58 | 000,000,045 | ---- | C] () -- C:\Users\Benni\.gitconfig [2011.10.17 05:45:29 | 000,034,225 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\gd.db [2011.10.17 05:45:29 | 000,000,283 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\groovedown.settings [2011.09.30 00:36:09 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.30 00:36:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.16 17:16:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.07.29 02:17:51 | 000,060,304 | ---- | C] () -- C:\Users\Benni\g2mdlhlpx.exe [2011.07.27 00:09:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll [2011.07.22 18:08:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.07.14 18:20:05 | 000,011,386 | ---- | C] () -- C:\Users\Benni\gsview32.ini [2011.07.05 22:36:55 | 000,007,606 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2011.07.05 02:22:02 | 000,002,199 | ---- | C] () -- C:\Users\Benni\.kdiff3rc [2011.07.05 01:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.07.04 22:45:50 | 000,000,698 | ---- | C] () -- C:\Users\Benni\Mercurial-kiln.ini [2011.07.04 22:45:50 | 000,000,170 | ---- | C] () -- C:\Users\Benni\mercurial.ini [2011.07.04 21:02:15 | 000,002,934 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.07.02 04:01:33 | 000,000,412 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\All CPU Meter_Settings.ini [2011.07.01 22:25:10 | 001,649,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.01 00:48:26 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.07.01 00:28:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.07.01 00:24:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe ========== LOP Check ========== [2012.07.30 21:19:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Roaming [2012.05.22 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Subversion [2012.03.31 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.minecraft [2011.08.17 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.purple [2011.08.27 14:18:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\abgx360 [2012.04.25 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ACD Systems [2012.04.28 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Aquafadas [2011.12.17 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\asoftech [2011.10.11 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Atari [2012.07.30 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Autodesk [2011.08.12 22:38:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Blender Foundation [2012.01.18 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\BugAid Software [2012.07.11 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\C Tech [2011.08.06 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Chime [2011.08.08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Coccinella [2012.04.26 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.13 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\CorsixTH [2012.07.08 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DAEMON Tools Lite [2012.03.08 20:57:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Doublefine [2012.04.23 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DraftSight [2012.08.01 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Dropbox [2012.01.17 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ESRI [2012.04.17 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FileZilla [2011.07.02 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Firefly Studios [2012.06.25 00:58:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\fltk.org [2011.07.07 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Fog Creek Software [2011.11.02 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeCAD [2012.05.21 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gDEBugger [2012.04.01 05:35:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Groovedown [2012.04.25 04:45:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0 [2011.07.19 16:31:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ImgBurn [2012.07.24 01:25:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\inkscape [2012.06.28 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Inlage [2011.07.04 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JetBrains [2012.07.30 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\KeePass [2011.10.17 05:45:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\lang [2011.10.11 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech [2012.04.20 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LockHunter [2012.07.16 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LucasArts [2012.07.02 00:49:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LyX2.0 [2012.05.13 03:06:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MediaMonkey [2011.10.15 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Might & Magic Heroes VI [2011.08.16 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MinMaxGames [2012.06.11 05:20:56 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mp3tag [2012.07.28 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Nokia [2012.07.11 02:05:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Notepad++ [2011.07.18 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org [2011.07.01 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Opera [2011.12.13 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Origin [2011.10.10 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Panda Security [2012.03.13 06:52:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ParaView [2011.10.01 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism [2012.04.28 23:23:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Quark [2012.07.30 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roaming [2012.02.21 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production [2012.03.23 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rovio [2011.08.12 05:52:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Runiter [2011.08.09 02:21:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Spark [2011.07.01 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Splashtop [2011.07.02 03:26:47 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Subversion [2011.07.14 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Telerik [2011.07.01 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Thunderbird [2011.07.04 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TrueCrypt [2012.02.13 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TS3Client [2012.01.10 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ts3overlay [2011.08.04 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity [2012.07.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VisualAssist [2012.03.27 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Waveform [2012.07.02 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinShell [2012.06.15 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Wireshark [2012.07.02 02:02:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\xm1 [2011.12.17 18:20:09 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\AutoMe_SWTOR.job [2012.07.28 02:00:02 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\Quark Updater.job [2012.05.30 17:51:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.31 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.minecraft [2011.08.17 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\.purple [2011.08.27 14:18:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\abgx360 [2012.04.25 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ACD Systems [2012.04.26 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Adobe [2011.07.11 02:17:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Apple Computer [2012.04.28 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Aquafadas [2011.12.17 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\asoftech [2011.10.11 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Atari [2012.03.18 01:20:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ATI [2012.07.30 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Autodesk [2011.08.12 22:38:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Blender Foundation [2012.01.18 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\BugAid Software [2012.07.11 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\C Tech [2011.08.06 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Chime [2011.08.08 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Coccinella [2012.04.26 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.13 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\CorsixTH [2012.07.08 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DAEMON Tools Lite [2012.03.08 20:57:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Doublefine [2012.04.23 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DraftSight [2012.08.01 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Dropbox [2012.01.17 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ESRI [2012.04.17 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FileZilla [2011.07.02 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Firefly Studios [2012.06.25 00:58:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\fltk.org [2011.07.07 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Fog Creek Software [2011.11.02 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeCAD [2012.05.21 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gDEBugger [2011.11.02 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Google [2012.04.01 05:35:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Groovedown [2012.04.25 04:45:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0 [2011.07.01 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Identities [2011.07.19 16:31:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ImgBurn [2012.07.24 01:25:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\inkscape [2012.06.28 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Inlage [2011.07.01 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\InstallShield [2011.07.01 00:48:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Intel Corporation [2011.07.04 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JetBrains [2012.07.30 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\KeePass [2011.10.17 05:45:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\lang [2011.10.11 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech [2012.04.20 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LockHunter [2012.07.16 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LucasArts [2012.07.02 00:49:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LyX2.0 [2011.07.01 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Macromedia [2012.07.25 04:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Malwarebytes [2011.08.12 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MathWorks [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Media Center Programs [2012.05.13 03:06:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MediaMonkey [2012.02.29 14:57:08 | 000,000,000 | --SD | M] -- C:\Users\Benni\AppData\Roaming\Microsoft [2011.07.04 21:14:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Microsoft FxCop [2011.10.15 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Might & Magic Heroes VI [2012.07.02 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MiKTeX [2011.08.16 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MinMaxGames [2011.07.05 01:08:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mozilla [2012.06.11 05:20:56 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mp3tag [2012.07.28 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Nokia [2012.07.11 02:05:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Notepad++ [2011.07.18 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org [2011.07.01 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Opera [2011.12.13 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Origin [2011.10.10 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Panda Security [2012.03.13 06:52:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ParaView [2011.10.01 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism [2012.04.28 23:23:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Quark [2012.07.30 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roaming [2012.02.21 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production [2012.03.23 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rovio [2011.08.12 05:52:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Runiter [2011.07.07 18:16:57 | 000,000,000 | RH-D | M] -- C:\Users\Benni\AppData\Roaming\SecuROM [2012.08.01 00:03:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Skype [2011.08.09 02:21:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Spark [2011.07.01 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Splashtop [2011.07.02 03:26:47 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Subversion [2011.10.17 05:46:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Sun [2012.02.19 17:30:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\SUPERAntiSpyware.com [2011.07.14 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Telerik [2011.07.01 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Thunderbird [2012.08.01 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TortoiseHg [2011.11.08 18:56:35 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TortoiseSVN [2011.07.04 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TrueCrypt [2012.02.13 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TS3Client [2012.01.10 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ts3overlay [2011.08.04 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity [2012.07.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VisualAssist [2011.12.12 06:50:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\vlc [2011.12.21 00:21:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\VMware [2012.03.27 04:47:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Waveform [2011.07.04 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinRAR [2012.07.02 00:58:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinShell [2012.06.15 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Wireshark [2012.07.02 02:02:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\xm1 < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benni\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.02.15 04:21:37 | 000,903,168 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Groovedown\GrooveDown_Start.exe [2011.10.07 00:28:38 | 000,119,808 | R--- | M] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\Program Files (x86)\Common Files\C Tech:{42005500-5100-7200-6F00-650056007100} < End of report > Geändert von Killy80 (01.08.2012 um 16:23 Uhr) |
![]() |
Themen zu deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? |
7-zip, adobe, battle.net, bluestacks, calculator, cftmon.lnk, cleaner pro, deo0_sar.exe, desktop, document, exploit.drop.cod, format, go_0molg.pad, grand theft auto, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, hotspot, hotspot shield, install.exe, jdownloader, langs, monitor.exe, monkey island, mozilla, neu aufsetzen, nexus, origin, performance, plug-in, programme, ransom trojaner, registry, reveton.c, scan, senden, sketchup, software, spark, tan, taskmanager, usb, usb 3.0, visual studio, webcam gvu trojaner, webcamfenster, win64, win7 64, windows, wrapper |