| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: deo0_sar.exe in der Appdata\local\TempWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2012, 19:37
| #1 |
| |  deo0_sar.exe in der Appdata\local\Temp Hallo, mein antivir programm hat die datai deo0_sar.exe gefunden und auch in quarantäne geschickt. nun bekomme ich den fehler das in der appdata\local\temp die exe nicht gestartet werden konnte. ich habe hier schon ein wenig gestöbert und gesehen das ich nicht der einzige bin und jetzt wollte ich fragen ob mir jemand bei der auswertung von meinen log dateien helfen kann. Vielen dank für jede hilfe  hier schon mal das log von malewarebytes : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fabian :: DOLPHLUNDGREN [Administrator] Schutz: Aktiviert 16.08.2012 16:49:09 mbam-log-2012-08-16 (16-49-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 563492 Laufzeit: 1 Stunde(n), 35 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) lg fabian |
|
17.08.2012, 02:23
| #2 |
| /// Helfer-Team  | deo0_sar.exe in der Appdata\local\Temp 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
17.08.2012, 10:42
| #3 |
| | deo0_sar.exe in der Appdata\local\Temp erstmal danke für die antwort,
__________________hier die beiden logs von OTL: Code:
ATTFilter OTL logfile created on: 17.08.2012 11:30:00 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Fabian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,80% Memory free 7,93 Gb Paging File | 5,60 Gb Available in Paging File | 70,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 14,03 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive H: | 407,17 Gb Total Space | 40,01 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Computer Name: DOLPHLUNDGREN | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - H:\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - H:\Malwarebytes' Anti-Malware\anti virus\mbamservice.exe (Malwarebytes Corporation) PRC - H:\Malwarebytes' Anti-Malware\anti virus\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - H:\Steam\bin\libcef.dll () MOD - H:\Steam\bin\avcodec-53.dll () MOD - H:\Steam\bin\chromehtml.dll () MOD - H:\Steam\bin\avformat-53.dll () MOD - H:\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MBAMService) -- H:\Malwarebytes' Anti-Malware\anti virus\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 11 E9 2B 2A 72 CD 01 [binary data] IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?source=gama&hl=de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 10:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.14 20:13:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.14 20:13:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 14:09:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:52:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 19:55:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:52:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.14 19:55:35 | 000,000,000 | ---D | M] [2011.03.24 01:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2012.07.25 06:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\q2cw0yz0.default\extensions [2012.06.19 15:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.03 16:26:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.03 14:09:42 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2011.03.30 13:06:39 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2CW0YZ0.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.07.18 16:52:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.02 01:54:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 01:54:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.02 01:54:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 01:54:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 01:54:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 01:54:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - F:\Programme\ip vermixer\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] H:\Malwarebytes' Anti-Malware\anti virus\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SCC60.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001..\Run: [Steam] H:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D26259E3-D5B5-4B87-B025-F9F77994DD0A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.17 11:18:58 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.08.16 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2012.08.16 16:38:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.16 16:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.16 11:26:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 11:26:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 11:26:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 11:26:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 11:26:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 11:26:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 11:26:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 11:26:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 11:26:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 11:26:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 11:26:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 11:26:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 11:26:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 10:41:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 10:41:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 10:41:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 10:41:53 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.14 20:18:32 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\DayZCommander [2012.08.14 20:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2012.08.02 12:03:11 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Rockstar Games [2012.08.02 12:03:04 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.07.31 00:51:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Witcher 2 [2012.07.31 00:51:43 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\The Witcher 2 [2012.07.30 00:49:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\six-zsync [2012.07.30 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Downloaded Installations [2012.07.30 00:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.07.23 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\ArmA 2 OA [2012.07.23 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\ArmA 2 [2012.07.23 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.07.23 19:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.07.23 19:48:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.07.23 19:41:15 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Spirited_Machine [2012.07.23 19:39:02 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine [2012.07.23 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\LogMeIn Hamachi [2012.07.23 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.23 12:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.17 11:18:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.08.17 10:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.17 09:52:52 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 09:52:52 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 09:51:23 | 104,052,063 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.08.17 09:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.17 09:45:34 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys [2012.08.16 20:55:56 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.16 20:55:56 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.16 20:55:56 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.16 20:55:56 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.16 20:55:56 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.16 16:38:48 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.16 15:29:37 | 000,339,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.14 20:18:10 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012.08.14 19:59:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.14 19:59:43 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad [2012.08.04 12:16:14 | 000,027,520 | ---- | M] () -- C:\Users\Fabian\AppData\Local\dt.dat [2012.08.03 18:56:17 | 000,392,868 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.08.02 12:03:04 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.08.01 02:39:52 | 001,588,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.22 00:49:14 | 000,007,027 | ---- | M] () -- C:\Users\Fabian\Desktop\Dokument2.rtf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.16 16:38:48 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.14 20:18:10 | 000,001,334 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012.08.04 12:16:21 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad [2012.08.04 12:16:14 | 000,027,520 | ---- | C] () -- C:\Users\Fabian\AppData\Local\dt.dat [2012.08.04 12:16:05 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 00:51:13 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.22 00:49:14 | 000,007,027 | ---- | C] () -- C:\Users\Fabian\Desktop\Dokument2.rtf [2012.06.07 14:08:15 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.29 17:34:06 | 000,000,841 | ---- | C] () -- C:\Users\Fabian\.recently-used.xbel [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.10 23:43:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.11 18:12:58 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.03.27 15:12:28 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.27 15:12:27 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe [2011.03.27 15:12:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.24 21:15:19 | 000,007,604 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg [2011.03.24 02:43:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.24 01:59:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.12.13 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon [2012.05.07 15:24:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AquaNox [2011.03.29 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AtomZombieDemoData [2012.06.05 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AVG2012 [2011.07.19 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Bioshock [2011.07.19 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Bioshock2 [2011.07.08 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Command and Conquer 4 [2011.03.29 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DarksporeData [2012.02.09 17:35:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox [2012.03.28 09:47:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Firefly Studios [2011.07.31 15:26:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo [2011.05.29 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\go [2011.12.29 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0 [2012.04.25 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient [2012.01.30 10:09:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo [2011.05.02 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mount&Blade Warband [2011.05.04 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mount&Blade With Fire and Sword [2011.07.16 17:39:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org [2011.11.02 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Origin [2011.08.11 13:49:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Alert 3 [2011.08.10 20:42:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Alert 3 Demo [2012.05.31 20:17:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\runic games [2012.07.30 00:49:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\six-zsync [2012.07.23 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine [2011.12.19 09:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\The Creative Assembly [2012.07.23 15:34:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client [2011.06.21 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net [2011.05.18 12:54:58 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Windows Live Writer [2012.05.22 16:19:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.08.2012 11:30:00 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Fabian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,80% Memory free
7,93 Gb Paging File | 5,60 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 14,03 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive H: | 407,17 Gb Total Space | 40,01 Gb Free Space | 9,83% Space Free | Partition Type: NTFS
Computer Name: DOLPHLUNDGREN | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08ED5440-01C8-4A40-A8AE-7119B3BA5C70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C6F8A25-DE6C-498C-A933-2D3B950638DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E455D19-FA81-4912-9836-ADEE37F52E31}" = lport=445 | protocol=6 | dir=in | app=system |
"{1CF2C87D-2E53-40EA-B960-7A877C0F95C8}" = lport=58566 | protocol=17 | dir=in | name=pando media booster |
"{22BF2BF4-95C5-40A1-9CF5-DBB472235F44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{232575EE-B7E1-45AE-8AC1-F4213830A468}" = rport=445 | protocol=6 | dir=out | app=system |
"{34DB1516-3465-448D-A61E-ADC8272CE7FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E28C7B2-B113-4133-85F5-0CD7488120FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{415044D2-DCBA-43A6-99F4-44236E98DD13}" = lport=58566 | protocol=17 | dir=in | name=pando media booster |
"{43F3438A-3955-4FEC-B25B-182B29F065D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B0DD5DC-899C-477E-862C-14D2EFFA4FE5}" = lport=58566 | protocol=6 | dir=in | name=pando media booster |
"{771C45C0-3EC0-4259-8126-0D78E35F4313}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{786A1400-ED63-47B5-8A9D-B0D4E70EC8A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F0F7C5C-29A7-4574-9EC9-448DF186FE75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90C0C89B-6324-45FF-8FF1-F4E751FC3F46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91E1DA6F-06FB-4973-B4DD-D63AD03F5098}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94FF95D3-C409-4144-B419-7AA999F5A9FC}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B020A86-775D-438F-AB37-6D6A6D93BF6E}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7C0CB2D-BB9E-4688-968C-37F0A91B3F01}" = lport=137 | protocol=17 | dir=in | app=system |
"{AC0AFA32-A960-43FB-822C-62F5FCB11DDF}" = lport=58566 | protocol=6 | dir=in | name=pando media booster |
"{B1496D76-C1CB-41B2-A24C-11C6946FECAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4F1F386-C037-4DDA-9CFA-12DFB6E84400}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE967E63-A87C-4F51-8172-BECECF277862}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFCE9CEC-DFE2-4A17-A66A-1035A1F7E8BA}" = rport=138 | protocol=17 | dir=out | app=system |
"{C27F9857-7F36-477C-BF07-4B704FFBF875}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC1ED482-D9EE-472B-BB73-03E1EA722B31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E57A6E36-E9C0-4A84-8B17-A6C9362188A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAD93FC5-195C-47B2-8422-3CB17A96853B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F79BBC97-9D8A-46BD-A55E-28C28BD5656C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA4F14-1174-4BD7-A938-174BE6E84D4E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{041BBCC3-BA33-4BA2-AD7D-B25BCAFE7A95}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{0479812C-679D-43E6-A43D-D65120CBCE2F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{061542B0-C5A1-44A7-A9B8-F2B06D12096F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme.exe |
"{062425F9-292B-486B-BFB2-3508A11E84B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{073CD4C5-25E4-46E5-A309-EDEE5EF9D081}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{07DAFF56-54A8-4BCD-AC18-641485CF4D98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{080709DD-9328-40BE-864E-6C07CC08D935}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{083E277F-E3AA-4251-9B38-86073F51D08F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe |
"{0969A7DE-F082-40FC-A317-3746083D692C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{0B932FE3-8938-4EA0-B2EC-ED02A98D4525}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe |
"{0BCF25C8-0EC2-4074-9C09-EE7CCB1CE7BC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{0BDAD993-9586-45D6-A5AA-2619D9B8CC8F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{0C9D7687-B393-47AD-8249-AF98B7071341}" = protocol=6 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{0CF95E3A-B11F-4C2E-BA96-4FF7AC56A190}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0D14B677-6F91-4CEA-A402-27AFBFD54BF0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{0D1E0C75-CE52-47BF-992D-33A530F4B9DF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{0E2D0E93-2E70-4361-A373-CCE3F0B14153}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{0F560F54-BF08-4724-9890-B5E78A3DCA0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0FD4BF7A-319F-4FD1-A3AB-31EE6A0E3735}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\uplink\uplink.exe |
"{0FEE19F6-2892-491B-9289-388E9F6ABFAF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{10DE26AD-A5D4-4E00-8E6B-DA4034CA2A0F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game |
"{10F59F7A-BB5D-4DD3-876D-19F2D6F36A32}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{11459C6A-ED19-4CCB-A510-EF50E81E4A5E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{1351829E-C6FE-413B-8D86-64E536278865}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bastion\bastion.exe |
"{1378B70D-6D62-48FA-9F4E-9C21B1DFE0DA}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40k.exe |
"{13E03218-767C-44FB-B21E-A9BD4C6EFD6B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\mount and blade\runme.exe |
"{13FA8608-1685-4AC5-9BD8-8863B4B6CAD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{14893C96-1891-46FD-A147-C157AEDC49A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{152F54F7-7366-4E2F-A45D-3D776B28E119}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{17C802AD-1E18-4011-8A21-869BF9C4C41C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{193E3DC1-CF84-4F16-9B96-A775AC69E45D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{1CE7F28D-8873-44EE-8558-DC34D62783D2}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{20107D92-1D97-42D6-A57F-2BF5F5798C08}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"{2054F772-36D2-46A5-BE47-3C9B7B2D2EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{22DB9B29-88CC-4EE7-A7DD-0DC4E447E078}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war\mow_editor.exe |
"{24D0CAE6-B970-4B09-A321-C72CAA7F056B}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{24F8B7D9-232A-4A51-A957-604FA6CE32A6}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\alien swarm\swarm.exe |
"{288EFC54-9D90-41B5-BB30-C7BFC4E7E889}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{2A9A363E-D78C-4424-BDBC-D0D8A38B64CF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{2AE641A8-9ACE-4D87-BBB3-B2C9C2F1032D}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{2BE62302-C192-4F25-8021-1458E7AB4224}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{2D23970E-7ED2-45C9-96C3-8BF749E53B2E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{2E93CA8E-1F04-499C-B150-65C1189210B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{2E9ADE3D-056B-45BC-99D6-687F31F09E48}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{30A8ECD5-7AEC-46FE-B580-60F7AE4C1911}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{334A8F52-B087-42E0-A361-274E31C6636C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{37A9AEAD-E402-4856-A0DA-8D369D7413E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38F5F846-9847-464B-A508-3F98B32FEF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{391EBFB6-C06C-4E7A-A7F0-0E7184731EE8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\alien swarm\swarm.exe |
"{3931EF89-4872-462E-BA11-1D7BB413C0FD}" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe |
"{3CAC60D5-7133-4B64-9B03-B3C21733ED98}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\resident evil 5\launcher.exe |
"{3D4466FD-BDB4-4C15-BA52-7F8445A86675}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{40C58B78-9312-470F-A8E0-9A3C0C11DFAE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game |
"{41282BA0-D043-4DA8-9675-1B0F4C70E438}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe |
"{42AE1DDD-3F62-4E29-BD2A-AA0D8EE77AA8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\world in conflict\wic.exe |
"{44C02B70-2287-42DB-BFF4-939727B5ECFF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{44D93FAD-FB45-4756-A80D-EDDB0BE83AE8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dead space 2\deadspace2.exe |
"{45241F9E-75D3-4DCD-AC89-EA506E3F324C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{46C81C11-CA25-4D1B-9EDC-62C623F2B03F}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{4772615D-0E8D-46B8-85F5-F572B2627EAD}" = protocol=6 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe |
"{4B825170-9C45-4008-AEA0-6B03D20E9F74}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bastion\bastion.exe |
"{4BABD813-2E1B-4229-8C8F-FAF730342C55}" = protocol=6 | dir=out | app=system |
"{4BF1335D-4C27-4D52-8268-BF863EDA512E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{4C21C8E3-F07A-43F1-9C87-971CAFD23CB4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\uplink\uplink.exe |
"{4C8224F8-A5DE-44F9-98EC-442988ACC891}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{4EA61C90-A319-4F62-978D-14106B2EB8B9}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{4EE4FF94-06A2-4296-AABE-E2D51C6A46CF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{4EF2666F-C385-4652-AED4-25EA134648A1}" = protocol=6 | dir=in | app=h:\spiele\diablo iii beta\diablo iii.exe |
"{4FDD13EC-46FD-4932-AE44-1E13B3820EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5227EC52-A000-4805-81EC-DFA4BBAE694C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\aquanox 2 revelation\aquanox 2 revelation.exe |
"{527B2348-AB5E-4DD5-9EDF-0D41158B5C27}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{52B51AFD-325A-4705-8297-EF380B0333CC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{5419C04D-E9BA-4328-90DC-EEDD9522DFDB}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{5E31A03A-5F02-4E33-A3D1-94A57C14BF5A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5FEB02EC-769C-45AC-923A-5E37FDC6A667}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\endless space\endlessspace.exe |
"{615FDDE7-8BD7-4D9A-AFFD-C6608D323ECF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\ndsrv.exe |
"{61AF0EAB-EE8B-4FD0-91F7-9C2EB3135B7E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{631EF3FB-013D-4E8B-ABCA-EB55C0B53C4D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe |
"{632CF575-27FB-46FD-851F-C53F3163953C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{636B92D5-95DC-48FA-B5C4-151F80260CBB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{649899CF-5DCE-46BF-9F1C-DBC02D367DF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{661086DE-BFB2-40BF-9D1A-41EA137B69CF}" = protocol=6 | dir=in | app=h:\spiele\battlefield 3\battlefield 3\bf3.exe |
"{661A1563-CE1B-4B3C-9364-C77987FA12C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6640FF30-8398-4FCA-A252-73CB669BA2E1}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{690EEECC-CF1A-4E34-A651-BFE3E4B52446}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69F9A278-8E84-4B37-83D3-A8BD11763B07}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{6B7AE9F4-FEA6-4289-B919-5D5C00432918}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"{6C0D1571-3200-4D18-8AC6-20FE4184BB7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6C349C56-86AE-4BC2-B145-9505B754CC11}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{6C62C075-69EA-4684-A2DC-72112A0942CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{6D846D42-0564-408F-B9AF-3496254CC4CD}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{6E039A47-4B57-44A8-B843-3B31721D668E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme2.exe |
"{6FC5A47A-711A-4BD6-B39E-F0E17CD75E3B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\portal 2\portal2.exe |
"{7010F0ED-4878-4B0D-AF15-2FABDC92D3D1}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{71625203-AFFC-4216-8DC6-1421CF495482}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{72E5018A-DD79-463D-A849-86F9370AC4C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{73F0BA49-DA36-480B-A7CC-A73FDEC8B27D}" = protocol=17 | dir=in | app=h:\steam\steam.exe |
"{7431EF5C-C3E1-4F46-ABBB-0936E479441D}" = protocol=17 | dir=in | app=h:\spiele\battlefield 3\battlefield 3\bf3.exe |
"{7438F088-2F31-4267-BFD2-721B1C57FB26}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe |
"{768C0C27-0A5B-44BF-903B-98940E89AE03}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{77252F87-3372-4762-A28C-7F7BDF8E6EC4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\spellforce 2 gold edition\spellforce2.exe |
"{77885F19-CBFC-4F9C-80D5-34C85A9E6F82}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\endless space\endlessspace.exe |
"{779CC46E-488C-44A8-85D6-4922CAF27653}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{78855A26-7AAA-4B0B-A349-E79D9E9E5A72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{794A6E9B-8E22-4AC2-B094-F07587BF6DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{79617A50-5E3A-4DC3-B089-EB8EAE6990CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{79AA13A1-0576-4409-BAEB-E63FCAD617CC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\jabia\jaggedalliancebia.exe |
"{7A3BBCB3-16AD-493A-8D16-5FCA17320BD1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{7AF3D74F-4873-4215-87DD-59707059BEC0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{7B4624C7-98EF-42E7-9B65-7DA49DFB52EC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7B953BC0-0E29-4CB5-A9D2-618E78EB2E96}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\world in conflict\wic.exe |
"{7DCEAF85-C9B6-4438-A326-F1BB03C6088C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war\mow.exe |
"{7E0EA513-32DE-4914-8D86-520E2F1EEDFE}" = protocol=17 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe |
"{8033E5F3-969F-47D4-9295-D0CCF4B3B56A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{8035E6E5-D0C8-42F0-ADDE-3B1D163C9371}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\jabia\jaggedalliancebia.exe |
"{80DEE278-8FA2-474D-8D46-0222E34D1983}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{81BDD170-DEE2-455B-9ECF-3B84691E824A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{81CC7392-D3CB-4D16-9046-85A052EEDA64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{824965B5-F0D1-4458-9F66-D7443A49D906}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
"{84601283-5364-4997-9597-2A39DBFEFDD3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{84F4589C-8344-497B-A91C-DEA14F921167}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{87055DA8-61E7-4444-BDB2-C683035187D6}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{870728F2-B390-4D92-8727-5978EE522CE9}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{89BB46EC-4838-4910-91CD-21582425E8F0}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{8A7DBB31-D77D-47F0-9ED0-E40547993DE2}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
"{8B0ABF46-C1D3-4AA4-97EE-C95A5A6CB9C8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{8BAF1640-CAF0-4DC1-9732-EE06BBCE94A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CF0D0D2-B0EB-45E1-8883-1BDF3FD313FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\aquanox 2 revelation\aquanox 2 revelation.exe |
"{8E23BF66-5482-4680-8E82-AEB1A80285B0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{8E7F5399-5143-441E-884F-2D13243925AE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8F146568-C447-4B12-A38C-C48814E9BE5F}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game |
"{8F9A78CD-8E3A-4806-B819-FA2F97CE770D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91F52C52-9DB7-4611-B833-B77462F0C4EF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{93BD4BD8-21E6-45EE-9290-93306AEF3CD0}" = protocol=17 | dir=in | app=h:\spiele\riseoflegends\legends.exe |
"{943583E8-645B-42B1-AD59-117811DC5898}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{945B2D97-0240-4A46-8FFB-DBF13C1351B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95DD02C9-31FF-41B7-B8B3-3EE89731D568}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{95E76079-5499-4565-A272-4B6A149CB436}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2\arma2.exe |
"{96F60E36-6D8F-436E-BA65-2582AAEEB8A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{97A42EB3-3762-4C00-9051-3C8EA2E684D8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{98D62064-EAE4-4450-AF61-17941F209A07}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{99CC8DC0-CEB9-4A1D-9271-3DDE472DB94C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9B25CCE0-98A6-49DA-9D7D-FE96678E084E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9DE25322-2DB6-4C06-B929-4164F33EFE7C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40k.exe |
"{9DEB2FB9-5546-4183-8F10-FC53B1720289}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{9FFF4A56-6C41-40DE-A165-6260FCD87222}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{A3CC6865-185E-4CBA-9ACF-C787C3EA4A04}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{A3F48B95-9604-4218-8BC3-453CB365FBB1}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{A8CD662A-E961-4EA2-9D3E-21DFCAFA6C6B}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\spellforce 2 gold edition\spellforce2.exe |
"{A9268D7A-844E-4993-A52B-E756E2D80159}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game |
"{AAA36C42-91C7-454D-8343-DE7E50F8EFBB}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\alien swarm\srcds.exe |
"{ACE58FBD-C6F8-48E1-889E-EB9B6E42F766}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\magicka\magicka.exe |
"{ADA733B5-A47C-4184-AB50-683E99AFA2B0}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"{AE6A1B0E-4068-4612-85E1-A67EA46D0D03}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{AE7BFB69-FA94-4A3D-B1FC-E1A8028241A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AFD326E7-8A9F-4C84-B2CC-BD788D4874A9}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{B064AA7B-54A0-4BD0-880E-398385970325}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\magicka\magicka.exe |
"{B0BA49F1-5132-45DE-B113-3AE52846B5D1}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\mount and blade\runme.exe |
"{B1B9456B-678D-4657-B613-71E263A37E90}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B30331DC-014A-400A-B60F-FA698FA6CCF2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{B4DE34D2-03A4-46EE-B6EC-87DF224AD8A4}" = protocol=6 | dir=in | app=h:\steam\steam.exe |
"{B5185734-53BD-49BD-AD61-287C97EB6C24}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{B5E353C7-659D-405E-B11D-35D9DA1682EF}" = protocol=17 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{B5FDFDDB-3805-4361-B99E-993F914B02F8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B61834D3-27B2-4AC3-B23B-CAFBDEA5862C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\launcher.exe |
"{B7C0AF9A-49F8-49CF-A92A-2427BCCF9AEE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe |
"{B8324ABE-ED7C-447C-BE82-58C561426212}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B90F4923-2110-42BB-9737-BEAE4F24DC54}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{B92333F3-4984-454E-B551-5C420D048B17}" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe |
"{B936E0D3-9972-49A2-BD41-8CBDAFB3A973}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{BA47585E-EA39-4AE4-9F41-FCD55EB51ED0}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{BACC6F14-1D3E-41CF-BD55-F86C2D50521C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{BE4A8F5C-7052-4975-AF0F-C2E967EB1FDF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BF021BB8-BDA0-4FD8-8AF0-AA85058BA7CC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{BF38D7E4-8FEA-43E3-BF31-7992DEAA301D}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{BF9C5946-759B-4DCA-802A-B928DBEC4DFB}" = protocol=17 | dir=in | app=h:\spiele\diablo iii beta\diablo iii.exe |
"{BFAD2A9D-08B6-4A31-94F4-3B355FFEA4CA}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{BFC09437-DF62-40F3-B662-0F1DB603E291}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{C0633FBE-38E4-41BA-8ADE-B1A61D0AE60D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2\arma2.exe |
"{C1C7451F-7EEE-401E-BBE3-B0CB214C3BC4}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{C22B50BB-2BB6-4F6B-B900-8835E2ECB2F2}" = protocol=17 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{C3B20773-C103-4CFD-A9B7-8DFBF9361CFC}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\alien swarm\srcds.exe |
"{C674B5AF-A57E-494C-BAAF-1CDD2D901665}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{C6B00BFF-104D-4AA7-BD45-5DB4AB99E3E3}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\men of war\mow.exe |
"{C7ED05B9-43B3-4985-8FB6-5CD387A56940}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C84BEDEA-9B98-45F8-96E6-120FB3827CEB}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{C8A943DA-E2B2-4B2C-A8AF-6ECFCE5394B4}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{C9DDFDF8-CAB1-4590-8F9E-09EBF0B28C72}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{CA0BBCDC-0D2A-4E16-BC19-ECCFACD0922F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{CA65FCA3-E9F0-4AEE-9660-CA362B26DD12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CC117F4D-86A6-4A82-B011-4A321998B79E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{CEC490A2-DC5F-4B35-ADE8-58CB2F808AE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEF7E7EF-EF69-49BE-8588-37DF1A6B925A}" = protocol=17 | dir=in | app=h:\spiele\riseoflegends\legends.exe |
"{CF011651-CD82-4492-9B82-FFAA4FE83148}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CF01EC4A-3096-425D-B70D-56385F025125}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{CF095D8A-2A11-4C5E-927E-941C32DFB03E}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{CF86C85C-50B5-45BB-994E-06FB0AB04696}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{D0EC1757-F5E1-4D73-97F2-82374E668B92}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"{D0F96244-4F27-43C0-804D-EA89C5396BCD}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{D1149103-7178-4D29-B9EC-DAFF6DAE2AF8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{D11FC949-DB05-4647-9CC9-024884FCC7C8}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"{D2A060F3-4791-4DA0-92DA-AE8D43EC135D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D465A636-4275-4B54-93E7-D26931E220FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{D493DF0C-B3A2-446D-85EE-E18BE5904927}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D75F7C35-D96A-4410-A33B-3AF7EBA547F6}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\portal 2\portal2.exe |
"{D7D2725F-3A2A-4275-BF05-ED2E784E3A3E}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{D96D57BA-AACB-4316-9B44-1E15741063A7}" = protocol=6 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe |
"{DAD4F714-E2C1-46BD-876E-9788B5DFCE68}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCD71478-2FF6-47BF-8819-F0E5A22814C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DD6BE402-34A3-4412-B194-5E6ED9D4424B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{DE1151BC-DD7E-427D-A4AD-B691A551A7E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEDB8E87-48C7-42D0-9FBF-2F61124D5293}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{DF0693E3-0F3C-4BA7-A7E9-32D7EE0CEEF2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{DF129AA6-00C2-4ACA-A89E-45F0F5524851}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{E0704B9C-46D1-477D-B072-E15E9D7410C1}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E14B3C1B-50DC-474C-9330-BA8224BC115C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dead space 2\deadspace2.exe |
"{E1C75C26-8229-4707-B60F-53F038C2EAB5}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{E305F0CF-EF42-4F88-B7C4-A6F82EDAEBFF}" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe |
"{E3DDF888-6825-4685-864C-C6A5BA6D5A0F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E43A8DEB-3497-4FBF-AE8C-414ADC32A57C}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{E48AAD9E-31CD-44D8-AB55-2A044F83C316}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E4DD6C9D-D396-433B-9D8D-0E425F4357A7}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\men of war\mow_editor.exe |
"{E580CF47-8FC1-4821-B8D2-925DC8D25E43}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{E5923AEE-34A3-412A-8275-637ABC0ECA85}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E812634C-E3BC-4D0C-B8D0-2EFB0F57C901}" = protocol=17 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe |
"{E93EDF5F-CC12-4953-A75F-3435E86EF8FD}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme.exe |
"{E9A7F64C-BF57-483D-AE26-E8F8F45B7457}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"{EB23927F-7472-48DC-B9E6-251B47602DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC7E9F31-01A3-41E2-85E3-E609E12B4AED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ECB8AC13-57D5-4C1B-9791-E1D7B69F6886}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{EE6C7293-4C9B-4F5E-8EC6-9A14B7C26E3B}" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe |
"{EF0F896A-3F12-4D24-9F40-70FCF9B2C2DE}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{EFB20FBD-9F24-4F75-B616-0AA994095C46}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EFFFBAF3-3564-4F13-B3EB-B568E92BB407}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{F022F000-8D9E-42F3-AB80-EF59E5A181D2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{F0561BF7-6166-4416-A257-77FF5D328416}" = protocol=6 | dir=in | app=h:\spiele\riseoflegends\legends.exe |
"{F1222B9F-684F-46FD-8F98-FCACABB6D074}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{F192B376-68D2-4748-96AC-84E0F4BB3A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F2AEC6F8-2DAE-4763-9E0F-3A1D7038A9D1}" = protocol=6 | dir=in | app=h:\spiele\riseoflegends\legends.exe |
"{F2D43FDF-2463-4DBC-A06B-9FD557D8BD27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F39F79E4-F42D-4803-8D39-27FF8CEF46DD}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{F3BAED33-2FB5-4254-A629-83BA6A231161}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\resident evil 5\launcher.exe |
"{F3D7103E-B44D-4418-B950-C7B5FAB8CB78}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{F51C5CCA-3DB1-444D-8455-59968BEF1005}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{F7E74306-7315-47BC-B330-650555F4AB16}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\star wars empire at war\runme2.exe |
"{F7FE06F4-6CB0-43E1-B29D-4F5E2DAB3CD3}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{F830EDFC-9D80-430D-A049-6BF7DD235B7D}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{F9D04A00-AAAA-4C08-88C7-B7874A50C14A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\nuclear dawn\ndsrv.exe |
"{F9EDB6E2-8AD9-4D0C-9B95-CCDDD7609486}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{FB4D95D6-7EA4-4B9B-BC86-CCC424F29D09}" = protocol=58 | dir=in | app=system |
"{FEB6FA11-11A3-465B-B65D-510F7BFDF9C3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\launcher.exe |
"{FEE48C2B-139D-4835-887F-91A547654691}" = protocol=6 | dir=in | app=h:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{FF448381-051B-4AFA-A5B4-8F56E923E34C}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{3EB173E8-450A-43F7-AE6B-D6F202A2B59B}H:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{3F73644B-BFDC-439C-AAF0-5B7F0F60B339}H:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe |
"TCP Query User{474CE72F-F3C3-40D9-9047-EAB22E582B42}H:\spiele\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe |
"TCP Query User{5360E603-7A6F-4546-84AF-13CEA0C9F3AB}H:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{66E8484C-36B7-4A64-A7C6-46DBC943D04E}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{8059257A-42B1-4695-8016-147E27D4A196}H:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{806B0B03-EC9A-43C0-B271-CD08BDA110DD}H:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{8959B205-FEE8-4AF9-B41A-6EA618550B9B}H:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{90E3D97D-9F95-4D99-A03B-C3F2278EC4A1}H:\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\resident evil 5\re5dx10.exe |
"TCP Query User{97FA0EE7-3ACD-4E27-8AEB-A4DF79620361}H:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{99578384-FD7A-44F7-AE8B-9BE5473C2DCA}H:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{A96954F6-E537-4377-BFA1-8F212067114D}H:\steam\steamapps\common\metro 2033\metro2033benchmark.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe |
"TCP Query User{AA6F90C8-399C-4A69-A900-86B8748563A5}H:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"TCP Query User{AA86C264-EE75-45A6-8DC3-739E64FECE59}H:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game |
"TCP Query User{B62B41CC-502D-4212-9E96-C616276304A0}H:\spiele\hon\hon.exe" = protocol=6 | dir=in | app=h:\spiele\hon\hon.exe |
"TCP Query User{BA2C49F0-1352-4129-953B-87C7DD56FC25}H:\spiele\jagged alliance 2 1.13\ja2.exe" = protocol=6 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe |
"TCP Query User{BAE326F2-E3E4-4B9C-99C0-AD7EFD6A972A}H:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{C9D45886-1DCE-446B-9C34-C3230DFFFF19}H:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe |
"TCP Query User{D08E0577-CF6D-401B-8DCD-A9F87A9485D5}H:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe |
"TCP Query User{E558CE7C-61E8-42A1-BC3C-BD3F583C5B4A}H:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{EEF9C078-4F1F-487F-B240-EE357D889F2B}H:\spiele\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe |
"TCP Query User{EFFCE807-30C4-47B1-A579-F75688D5D872}H:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{0CC94B93-D525-4CB4-BB3E-AB5AB689BDD6}H:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{0D56274C-DDB4-45FA-86FF-E89B83513C52}H:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\mendix_fa\team fortress 2\hl2.exe |
"UDP Query User{166A4FBC-AF0D-4AF3-ACB6-5A1CD728A8F1}H:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game |
"UDP Query User{1E64C3D6-03BA-40C2-BF79-ADAFF48C45CC}H:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{58CEB475-5888-4F21-AD5D-CBEA5ECCE9C8}H:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{5BF6A894-ADA4-4DF4-8FC9-8A0002F861D4}H:\spiele\jagged alliance 2 1.13\ja2.exe" = protocol=17 | dir=in | app=h:\spiele\jagged alliance 2 1.13\ja2.exe |
"UDP Query User{63B0490F-C903-4144-870F-E51672408F09}H:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"UDP Query User{6AA8E06E-91E4-41D6-9FA5-30314A6D310D}H:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{76559B8F-1FB4-43D3-9A84-D223F9CEC028}H:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{88FC5085-34F2-4F64-9DF4-23334BBDF56F}H:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{913A8A12-0262-41D3-89E0-D08B824F6BF6}H:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{94748DF3-C2D8-40AB-A15F-A1F04B46E3E1}H:\spiele\hon\hon.exe" = protocol=17 | dir=in | app=h:\spiele\hon\hon.exe |
"UDP Query User{9528726D-C53E-4C9D-89E9-B743D5B5135C}H:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{BC281130-7788-44BE-89A1-E2088342883D}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{C1F49D16-BE2A-4C5C-B9EC-93A9A41DFFDC}H:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{C29240FF-DB0A-4179-8A9E-122DB2B4CD09}H:\steam\steamapps\common\metro 2033\metro2033benchmark.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\metro 2033\metro2033benchmark.exe |
"UDP Query User{C6A7681D-3487-45F8-9905-9EAF6F9B632F}H:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=h:\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{CABD14D7-0DB2-44CA-B776-B2CA4A150BAE}H:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\red faction guerrilla\rfg.exe |
"UDP Query User{D94B0E46-D5E7-4B00-B1EE-77A64B9B84C3}H:\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\resident evil 5\re5dx10.exe |
"UDP Query User{DFD18433-28C0-44CE-BEC5-33CFD9F35EBE}H:\spiele\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\wotlauncher.exe |
"UDP Query User{EDCE29E8-0262-44A2-B6CA-492999A938C3}H:\spiele\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=h:\spiele\world_of_tanks\worldoftanks.exe |
"UDP Query User{F688A9F9-4511-461B-A272-91E7FBB6B5CB}H:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=h:\spiele\dayz mod\sixupdater\tools\bin\rsync.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454085C-129F-416C-9C0B-8B1000048301}" = BioShock 2
"{56BBD647-0547-41FC-9245-AD7AC3CABF28}_is1" = Jagged Alliance 2 Wildfire
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DC1F4DB8-FC61-4669-93D3-80722348102D}" = DayZ Commander
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"Desura" = Desura
"DivX Setup.divx.com" = DivX-Setup
"Eastern Front" = Eastern Front
"ESN Sonar-0.70.4" = ESN Sonar
"FreeMat" = FreeMat
"Giraffic" = Veoh Giraffic Video Accelerator
"Homeworld2" = Homeworld2
"Homeworld2 v1.2 patch_is1" = Homeworld2 v1.2.16
"hon" = Heroes of Newerth
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 1510" = Uplink
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 17710" = Nuclear Dawn
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 204100" = Max Payne 3
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208140" = Endless Space
"Steam App 21760" = World in Conflict
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32470" = Star Wars: Empire at War Gold
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 39160" = Dungeon Siege III
"Steam App 39550" = Spellforce 2: Gold Edition
"Steam App 39640" = AquaNox 2: Revelation
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 47780" = Dead Space 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 64000" = Men of War: Assault Squad
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7830" = Men of War
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9340" = Company of Heroes: Opposing Fronts
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 06:49:55 | Computer Name = DolphLundgren | Source = MsiInstaller | ID = 11327
Description =
Error - 23.07.2012 06:51:38 | Computer Name = DolphLundgren | Source = MsiInstaller | ID = 11327
Description =
Error - 23.07.2012 07:17:23 | Computer Name = DolphLundgren | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 23.07.2012 13:43:36 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 166c Startzeit:
01cd68d2318b1365 Endzeit: 57 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
eb73a51e-d4ed-11e1-9909-6cf04971042f
Error - 26.07.2012 10:51:51 | Computer Name = DolphLundgren | Source = VSS | ID = 12305
Description =
Error - 29.07.2012 15:19:18 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm left4dead2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a1c Startzeit:
01cd6dbc77f31e08 Endzeit: 0 Anwendungspfad: h:\steam\steamapps\common\left 4 dead
2\left4dead2.exe Berichts-ID:
Error - 29.07.2012 18:31:20 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.95.248 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7d4 Startzeit:
01cd6dd9208850a7 Endzeit: 112 Anwendungspfad: H:\Steam\SteamApps\common\arma 2 operation
arrowhead\Expansion\beta\arma2oa.exe Berichts-ID:
Error - 29.07.2012 18:36:35 | Computer Name = DolphLundgren | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.62.95.248,
Zeitstempel: 0x500d59cb Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.62.95.248,
Zeitstempel: 0x500d59cb Ausnahmecode: 0xc0000005 Fehleroffset: 0x002a2063 ID des fehlerhaften
Prozesses: 0x5bc Startzeit der fehlerhaften Anwendung: 0x01cd6dd9e52cdf12 Pfad der
fehlerhaften Anwendung: H:\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Pfad
des fehlerhaften Moduls: H:\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
Berichtskennung:
d9b95aca-d9cd-11e1-998d-6cf04971042f
Error - 29.07.2012 18:51:13 | Computer Name = DolphLundgren | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e78 Startzeit:
01cd6dcfb50bdc24 Endzeit: 29 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
e3cea10b-d9cf-11e1-998d-6cf04971042f
Error - 04.08.2012 06:16:22 | Computer Name = DolphLundgren | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039952 ID des fehlerhaften
Prozesses: 0x1aa0 Startzeit der fehlerhaften Anwendung: 0x01cd722a2ff24ceb Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 705e86f2-de1d-11e1-921e-6cf04971042f
[ System Events ]
Error - 16.08.2012 04:33:24 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.08.2012 04:33:25 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.08.2012 04:33:51 | Computer Name = DolphLundgren | Source = bowser | ID = 8003
Description =
Error - 16.08.2012 09:29:27 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.08.2012 09:29:27 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.08.2012 15:30:24 | Computer Name = DolphLundgren | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.08.2012 16:11:09 | Computer Name = DolphLundgren | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 17.08.2012 03:45:37 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.08.2012 03:45:37 | Computer Name = DolphLundgren | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.08.2012 03:46:03 | Computer Name = DolphLundgren | Source = bowser | ID = 8003
Description =
< End of report >
|
|
17.08.2012, 15:16
| #4 |
| /// Helfer-Team | deo0_sar.exe in der Appdata\local\Temp Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gama&hl=de"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - F:\Programme\ip vermixer\Hotspot Shield\HssIE\HssIE_64.dll File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.04 12:16:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2012.06.05 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AVG2012
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
18.08.2012, 01:35
| #5 |
| | deo0_sar.exe in der Appdata\local\TempCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3147216635-1738779730-3799929888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.google.com/ig?source=gama&hl=de" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4\ deleted successfully.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\ras_0oed.pad moved successfully.
C:\ProgramData\23lldnur.pad moved successfully.
C:\Users\Fabian\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Fabian\AppData\Roaming\AVG2012 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Fabian\Desktop\cmd.bat deleted successfully.
C:\Users\Fabian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fabian
->Temp folder emptied: 263417264 bytes
->Temporary Internet Files folder emptied: 81411401 bytes
->Java cache emptied: 4489747 bytes
->FireFox cache emptied: 692711376 bytes
->Flash cache emptied: 28024 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 454306 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70195900 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 824637531 bytes
Total Files Cleaned = 1.882,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08182012_022618
Files\Folders moved on Reboot...
C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
18.08.2012, 14:44
| #6 |
| /// Helfer-Team | deo0_sar.exe in der Appdata\local\Temp Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> deo0_sar.exe in der Appdata\local\Temp |
|
29.09.2012, 20:56
| #7 |
| /// Helfer-Team | deo0_sar.exe in der Appdata\local\Temp Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu deo0_sar.exe in der Appdata\local\Temp |
| administrator, anti-malware, antivir, appdata, auswertung, autostart, code, dateien, explorer, fehler, frage, gelöscht, log, malwarebytes, microsoft, programm, quarantäne, roaming, service, speicher, temp, test, trojaner, version |
Linear-Darstellung
