| |
| |||||||
Log-Analyse und Auswertung: Wahrscheinlich InfiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.10.2012, 19:02
| #1 |
| |  Wahrscheinlich Infiziert Hallo, mein Pc fäng in letzter Zeit an zu ruckeln, die Windowsfirewall hat sich ausgeschaltet und lässt sich nicht mehr reaktivieren und nach ein paar tagen des ingorierens kam die fehlermeldung das mein Windows nicht mehr Aktiviert ist und eventuell eine kopie sei. Ich benutze Windows 7 Ultimate 64 Bit. Hier lad ich mal meine Log Files hoch, eventuell hilft es ja. Danke im Vorraus Hier die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03/10/2012 19:45:28 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Scott\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
5,99 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,63% Memory free
11,98 Gb Paging File | 10,40 Gb Available in Paging File | 86,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 198,99 Gb Total Space | 49,39 Gb Free Space | 24,82% Space Free | Partition Type: NTFS
Drive D: | 732,42 Gb Total Space | 354,14 Gb Free Space | 48,35% Space Free | Partition Type: NTFS
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020C690A-0FF4-44B3-97CB-70D63BB624CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{036EC953-80EE-4A38-8977-35AD918D8B12}" = lport=137 | protocol=17 | dir=in | app=system |
"{05387646-5AC6-47E0-B276-9B553874718E}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E8A2F5F-C43D-4A0E-B6F2-442D6B7EB420}" = lport=56363 | protocol=17 | dir=in | name=pando media booster |
"{0EDDAFD0-3775-4957-8FC3-3A6F167B4AC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{125CBA8D-BC7D-4A34-B8B8-B1739B0A27CE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{178E2FB9-F56A-42AA-8E8D-41D278EF3A6C}" = lport=56363 | protocol=6 | dir=in | name=pando media booster |
"{1C6F2C0B-F615-437C-8E51-021BFA7517DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{20062451-4AC6-474F-94B4-095533918CC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21682DDB-F33F-43CC-8EE9-4E4956E0C2AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{25622BE3-F100-4F1D-B131-3E67BB124217}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E485AB3-55AC-41D7-9065-6C69C6D4B4EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2ED9D92C-38DC-488A-98EF-2321E3F1D51B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ACA875D-E943-4F7C-8CB4-D7F12FB9D2EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5290944E-F611-4CF4-A16C-30B987CC1291}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5EDEED58-2FCD-4DEB-A17E-56B2893332CB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C7D3EC5-63BF-4B05-9853-038EED88732D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ED9BC7A-C688-4CAA-94C2-C8F16D369CC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{78AC230A-EA71-48FF-BD34-E88050EF4ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C31FCE3-40A8-4CD0-850E-C852C88B1A76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{878CFA6C-584D-48D9-B361-3A4F8F7A9FD2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{88C38A9A-A6A3-4117-992B-008CEFAEC3E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88FEC76C-A7A7-490E-8EC6-930B7BC950E9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B538F10-C7CB-4036-A554-B2EE9BD797E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BA463D7-AA15-4905-A8B9-6108E6ACA65B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9CA6EFCC-85DB-4A71-95B5-6328AFD4F930}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E0F0634-F682-4864-8D84-62F800FC1779}" = lport=56363 | protocol=17 | dir=in | name=pando media booster |
"{A1BD3772-8134-4AE0-8701-02DD5C8D9AD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A220B279-8C32-411F-B92B-EFF62011917C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC07D797-1590-4E6A-8C34-6C893E227955}" = lport=138 | protocol=17 | dir=in | app=system |
"{D162D3B8-E26A-4B0C-B6F2-2991FB796CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D81E8296-6A71-424E-9FB0-065612364FFD}" = rport=445 | protocol=6 | dir=out | app=system |
"{D95DA5AA-1AFB-462A-9AEF-2E0E5FB8A761}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC7B8C0C-6482-42E8-8278-582D9EF77611}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE0DB306-C239-4A04-B577-0E363E3788DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E67EF029-8AA6-47E4-905D-87F7A0D357B3}" = lport=56363 | protocol=6 | dir=in | name=pando media booster |
"{FB43902F-8CEC-40BB-91D9-28EB9784B17C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD66FD46-4864-40A6-BE97-6DE0DE2404BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0249712A-8616-45FA-A4F3-FA0570991684}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0274A60F-576A-4EDC-B77D-25D5BEC2F568}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06FF9BE4-8CDF-4939-96C0-39EF54906A7F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{09199D9B-33A6-4F2D-AE81-C6D2250730F0}" = protocol=17 | dir=in | app=d:\crysis\bin64\crysis.exe |
"{0B20EFC3-87B1-4C04-B6BB-8A2EDB5F1632}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0CDC89E3-B3AB-4E8B-9535-377BD3DD281C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0DB44AD0-F72B-46BB-97FD-5D92C6231181}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E49F941-D240-43F6-A277-50E6F3C46E4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F8C0499-F70B-41A5-A469-8661F1F40903}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{112EEEF4-4D53-45C3-8A52-67E333439D9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1461F0CF-F52D-4824-B05F-6516E8CCE388}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14F82F94-2E65-4459-9A6C-ADACCCA03628}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{1749BD56-B24D-4FB0-ABBE-4BD8F0660F63}" = protocol=17 | dir=in | app=d:\crysis\bin64\crysisdedicatedserver.exe |
"{1F97B7F3-2BAB-4593-9DC9-B26DC7B6C8C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{215CF9B5-8A2A-4A85-A748-69D14785672D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\darkhunter1988i\counter-strike source\hl2.exe |
"{262D683D-B752-4DB0-8736-6438F60B3F61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26ED95A2-0FCB-45DA-826B-252268439D54}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A4A33E6-98EC-490F-8A10-B0A5D16CB8FC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2F6C4095-CA79-4B37-AAFB-3CB1464C77E2}" = protocol=6 | dir=in | app=d:\assasins creed revelations\assassinscreedrevelations.exe |
"{30E44CAF-89D8-4CFF-9022-7718699A85B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\darkhunter1988i\counter-strike source\hl2.exe |
"{319935FD-0B3F-4ACD-B90B-0B3AA3F5AF41}" = dir=out | app=d:\la.noire\lanoire.exe |
"{355D4B38-1948-420A-B503-6ABB411517FD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{363A32C4-702D-4961-A649-8C4EE02DBF8E}" = protocol=6 | dir=in | app=d:\assasins creed revelations\acrsp.exe |
"{430F5FB1-3D61-4A7E-98C0-09B273373CBE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47E2AAC3-07A3-4CD1-84CA-0A49F9A48647}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{48611A23-76D3-4356-B97B-F81F6CB7A7A4}" = protocol=17 | dir=in | app=d:\assasins creed revelations\acrmp.exe |
"{48F53E15-E887-4AC8-AE3B-3B98479AF0E2}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{4EFD8D82-A228-476A-85EC-4D17C1C9C86D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4F1600D2-99E9-4CBD-970D-8C5125470DCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F603B9B-ADF5-40E4-97A2-7D948CDFF081}" = protocol=6 | dir=in | app=d:\assasins creed revelations\acrmp.exe |
"{535AB456-2B4C-4908-8412-4CBB60D1851B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{54A0FE96-9DCF-4449-BF70-068D9275290D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5A473B40-895A-4EE5-AE03-71B9050DDA88}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B03F3E9-502B-479C-AE8C-1B49EDF8E73A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5C19BFF6-BD47-49EC-94FA-694069F83E30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5E6DBFA9-E2F6-428A-B27A-D5BA1E53ABB7}" = protocol=6 | dir=in | app=d:\crysis\bin32\crysis.exe |
"{62CF5A09-59C3-4550-A0D4-91EDCEA321C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62D70A55-BFED-44FE-92AA-E83724F5266A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64422049-369E-46E2-AB52-F9A02E0797E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{65B86CB2-D2F9-4FBF-99EE-4466C8ED1DB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6ADB2311-8349-4111-87BE-A9052E4F75D9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D41FB50-86E3-4CEF-B24E-69FA9C5AD025}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72E0B5FB-AD9B-4D56-8226-5C6F8B50ADE3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{732FF746-B8D8-46E3-9B37-2559C20BAD81}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{75CC0425-E5FE-4805-A103-8FD6E8B548DB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76A59B12-1A2D-47DC-A50F-BFF1BCDF1D44}" = dir=out | app=d:\assasins creed revelations\assassinscreedrevelations.exe |
"{7A1384DB-5A05-4998-B514-F87DE09DBBDC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{7AC58A4D-5F23-47C1-A605-7AB30450E7ED}" = protocol=6 | dir=in | app=d:\crysis\bin64\crysisdedicatedserver.exe |
"{7D6D2F5E-D896-44A2-901B-F47AEA4E5B1C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{801FB649-1587-4166-BE62-40C48AC7621F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{8AAE5CBA-DD28-415A-8964-63C4302917EC}" = protocol=17 | dir=in | app=d:\gta iv\eflc\launcheflc.exe |
"{8CBB35F7-76A1-4D78-B0AF-6FE62F5A773A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EF15BF2-4FF0-4110-9345-A1F8A8A70EED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91229A4C-AC81-466B-A68E-AFE19948A627}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{93799C75-B63D-4AE2-94DD-45C7730DEE9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93D033D4-45A8-41B5-A868-94F6FE38F417}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{976CF2C1-C652-4C57-A468-89DE0825D9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{99E40603-4EAE-4A64-BCAA-27649A7CFE01}" = protocol=6 | dir=out | app=system |
"{9BF12CA4-4938-4C01-93BA-B581BEEC623D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0443999-B83D-48C8-B83D-6F382CB38135}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A2431616-0CF6-4ADD-A329-643D074ABDB7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A74500F2-09A9-40FD-8BF6-66A43EA24F56}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A8298BDB-69A2-4338-86B9-1ABD69F031A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA4A35C0-6730-451E-B422-9B7C56CBE5E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABAA5E7F-C734-4E09-84D6-C8A24DC4F5B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC55CA90-E77F-45C8-B371-4F73DE9EB7F0}" = protocol=6 | dir=in | app=d:\gta iv\eflc\launcheflc.exe |
"{ADBF824B-40DD-4EEF-AEEE-289299210CDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE8D8278-685B-44AB-97EC-728467A8A343}" = protocol=6 | dir=in | app=d:\anno 1404\tools\addonweb.exe |
"{AF1DF2D0-31FF-40BD-9160-22884A67DBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B278C97D-BCCD-477A-830A-8EA8580EF672}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2C9657E-422F-4B08-BAAD-7872BFA3CDF9}" = protocol=6 | dir=in | app=d:\anno 1404\addon.exe |
"{B4096458-D590-4FA2-ACA4-7295A229CABA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8736000-D035-472B-B721-5EEFDF1074A2}" = protocol=17 | dir=in | app=d:\anno 1404\addon.exe |
"{BB0F48D1-E752-4E2C-A784-9B63CBB3D6BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1AC8695-894D-4777-83CF-5C56894C3CFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C2BAD4F8-2CF1-4326-BD56-BDD01A77E046}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4F2263E-659C-4F68-8E76-348D69888E90}" = protocol=17 | dir=in | app=d:\gta iv\eflc\launcheflc.exe |
"{C5BCC978-9DF7-42C8-80DC-AA5F6084B506}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C86519FD-58A4-4265-9DD5-9B9911E1D5EA}" = protocol=17 | dir=in | app=d:\crysis\bin32\crysisdedicatedserver.exe |
"{CA63E89E-87C2-4114-8E00-4DD39B2A5232}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{CAB882B4-919C-4718-B5A1-2BE94CE2967F}" = protocol=6 | dir=in | app=d:\crysis\bin32\crysisdedicatedserver.exe |
"{CCDD1C7C-CD20-4002-B773-68F8B70D26FB}" = protocol=17 | dir=in | app=d:\assasins creed revelations\acrsp.exe |
"{CE1921D7-B083-424B-9D22-7AF4C45A2A71}" = protocol=6 | dir=in | app=d:\crysis\bin64\crysis.exe |
"{CEEBDE20-CFF6-4E43-94A2-A04C190B7046}" = protocol=17 | dir=in | app=d:\anno 1404\tools\addonweb.exe |
"{D73C1A7F-FF05-4151-B733-F3E4ADED52B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D88A35E6-0B0C-41B1-A785-678A930A5851}" = dir=out | app=d:\assasins creed revelations\acrsp.exe |
"{DA4D28A9-FC2A-46F0-86C2-5CF91757DDC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E56264AE-64ED-4C8C-880A-D54D89F375EB}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{E7207EEE-9962-4E32-88DE-9E2D35B2304B}" = dir=out | app=d:\assasins creed revelations\assassinscreedrevelations.exe |
"{E801BC7D-1CCA-4E3D-B0FE-E4C4C22131E5}" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{E8DABF6E-271D-461E-954F-98D1AB0FA949}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EADA54B8-A254-4A19-B689-885B702BD81C}" = protocol=17 | dir=in | app=d:\assasins creed revelations\assassinscreedrevelations.exe |
"{EF267691-0CF5-4A35-9F51-D5DD206CAB94}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{F02DFACA-3D41-4767-B68F-8654D7719F99}" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{F0AE4B56-B38C-4A5F-9D4E-BB67BD2A9DE5}" = protocol=17 | dir=in | app=d:\crysis\bin32\crysis.exe |
"{F239A41E-5A8F-416B-AF6F-B137CCDA1F67}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F76B039D-CF29-437C-996A-A4A043B7D132}" = protocol=6 | dir=in | app=d:\gta iv\eflc\launcheflc.exe |
"{F9AC7FD4-B02C-4639-BA51-289C5F25AB75}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FBD0F158-8281-4558-A21F-15A801AEC3F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC3C6130-6269-404D-9250-7D16E39D84FB}" = dir=out | app=d:\la.noire\lanlauncher.exe |
"{FDC0E031-B1FE-4C12-AE6F-03DCC0E98E0C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{007FD42B-7ACE-405B-B13C-61DE21D7497C}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{103C5197-4D84-44E7-BAE3-055F4A86E673}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{129A64CB-A73C-429D-9551-29865E4C5125}D:\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{1A27E961-9909-48E6-9EA2-DA9997FBBCFA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{29C5135E-0B3D-48C1-ADFE-F6F86E9F358E}D:\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\anno 1404\addon.exe |
"TCP Query User{2BB295AE-1427-4F85-BA91-7E0512C53BC6}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe |
"TCP Query User{491022D1-E282-4624-A3D1-3E9A0551C149}D:\installation spiele\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=d:\installation spiele\dead space 2\deadspace2.exe |
"TCP Query User{5D19BA42-1060-4853-B1FF-3DFA3114D244}C:\program files (x86)\frozen synapse\frozensynapse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frozen synapse\frozensynapse.exe |
"TCP Query User{64159EC8-4755-486D-9775-3019AAA0D446}C:\program files (x86)\steam\steamapps\darkhunter1988i\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\darkhunter1988i\team fortress 2\hl2.exe |
"TCP Query User{84C8410A-9A7E-4901-A8C4-C4A18F6B62FD}D:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"TCP Query User{95F713F6-2A26-444D-BE5B-9B4DEA8BDABD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{9A5EEABC-012C-431A-A9FC-8156B7110A5A}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe |
"TCP Query User{9AD5CEBA-394A-4707-BBA8-E0A0A462D029}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A39C2A7D-1865-4D3F-9B0A-E7FDAA840757}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C11C8494-4E56-4A93-BDBA-854331D8588B}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C909DA39-26FE-454B-958A-C78070D7F697}D:\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=d:\saints row the third\saintsrowthethird.exe |
"TCP Query User{CC0ED82E-62AA-4F6C-9DAD-AB13717F4B92}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{DA8DA854-6993-46B0-B20A-4B87453B8274}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{DE277CC9-305C-49C4-BB1E-892D7291CBAB}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{DE312F90-9B24-4E09-992C-A2B56FA40B28}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{E5D0D959-1763-4860-B793-A5DF7796EECB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{EC235DC2-75FA-4757-9FB7-E484DD708DEE}D:\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\anno 1404\tools\addonweb.exe |
"TCP Query User{F0D56795-BB8C-4DDD-BCCC-00C712BF6517}D:\gta iv\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\gta iv\eflc\eflc.exe |
"TCP Query User{F9EF58B5-96C4-4BEF-A81B-D6675A59D533}D:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\dead island\deadislandgame.exe |
"UDP Query User{0370D18B-0920-41DA-BACE-E35AF181E216}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe |
"UDP Query User{06DA69F6-E171-48C1-BDC3-668E2DA92FDE}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{0907CE7A-D0B9-4F3B-BA03-48DA398A4121}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{09D3A9AC-8857-436A-9A2B-BD3814E174B1}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0C530E04-5870-4CCC-BBDE-EE52B3EA8211}C:\program files (x86)\steam\steamapps\darkhunter1988i\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\darkhunter1988i\team fortress 2\hl2.exe |
"UDP Query User{2186C62F-88BD-4996-ACAD-FA4D6F15AC94}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{224CA41A-4E77-4B6C-934C-E92F82746446}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{229534E2-8AE7-48A3-9A05-D9A02B7691F0}C:\program files (x86)\frozen synapse\frozensynapse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frozen synapse\frozensynapse.exe |
"UDP Query User{5F61C7F4-EA78-41F0-8227-B7FC93923852}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{67FC82A2-079A-4953-B0A3-0C91E1C066A8}D:\installation spiele\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=d:\installation spiele\dead space 2\deadspace2.exe |
"UDP Query User{704E0014-F21E-4FD6-BF2A-0FB3934B60AF}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{82B7803D-8D68-4C51-9759-B2A57443E5DA}D:\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=d:\saints row the third\saintsrowthethird.exe |
"UDP Query User{89479B6F-9475-431D-A5D1-BA5BA79EFA75}D:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"UDP Query User{8BA8A5D8-9853-4F3C-ACF1-21B6E2608818}D:\gta iv\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\gta iv\eflc\eflc.exe |
"UDP Query User{9E9428C5-237C-4890-9FD3-09EFB827265A}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe |
"UDP Query User{A220109D-1076-4CE1-9340-C8CA393DBF88}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{AF612B6E-80FA-47C4-BDC6-E93AC6FC949E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{C537068B-C0BA-4ABF-A1EC-8D39432028E7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C6B60BEE-77B7-4071-A2E2-04AC722912DB}D:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\dead island\deadislandgame.exe |
"UDP Query User{F13B82A0-9FF7-4A90-BCF3-F9B6619BF296}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{F8D97248-E8D5-4DC2-89FA-387E57D8D652}D:\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\anno 1404\addon.exe |
"UDP Query User{FC12C466-B32C-4C3A-9B55-7D215295576A}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{FDFE0EB1-2EFA-47D9-A491-3BC2599B9C10}D:\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\anno 1404\tools\addonweb.exe |
"UDP Query User{FF873503-6D8E-477B-B7D7-3C811ED79CF5}D:\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\saints row the third\saintsrowthethird_dx11.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1802961D-2958-4665-A912-0B511025553A}_is1" = Sniper Elite V2 Version v1.0
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java(TM) 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{513F51D6-FDC4-4569-B482-761EA13A201D}" = The 3D Gamemaker Lite
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038705}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038706}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038707}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038708}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038709}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-11100003870A}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-11100003870B}" = Grand Theft Auto: Episodes from Liberty City
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DC53E4-8D6E-4C78-A8D6-C41A7C2BBAB2}_is1" = Max Payne Ultimate Edition v1.0
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB1187D4-91F4-4115-BB17-A1B1DBBE39C8}_is1" = Crysis GSC UnCut Patch (Update 1) 1.2 & 1.2.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E913F678-7BAC-4C3D-A8ED-C19E13D3BAD0}" = DayZ Commander
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alan Wake_is1" = Alan Wake
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead.Island.Game.of.The.Year.Edition_is1" = Dead.Island.Game.of.The.Year.Edition
"Desura" = Desura
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fallout New Vegas_is1" = Fallout New Vegas
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"foobar2000" = foobar2000 v1.1.11
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.21.908
"GamersFirst LIVE!" = GamersFirst LIVE!
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InfraRecorder" = InfraRecorder
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Jagged Alliance - Back in Action_is1" = Jagged Alliance - Back in Action
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.1.1
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mster" = Crysis Modification - Mster Config v3.01
"MySSID_is1" = Vtune 7.16
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"Saints Row The Third_is1" = Saints Row The Third
"Steam App 105600" = Terraria
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 218" = Source SDK Base 2007
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"Total War Shogun 2 - Fall Of The Samurai_is1" = Total War Shogun 2 - Fall Of The Samurai
"Trapped Dead" = Trapped Dead
"Trillian" = Trillian
"Trine 2_is1" = Trine 2
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VideoPad" = VideoPad Videobearbeitungs-Software
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26/09/2012 22:59:34 | Computer Name = Scott-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dasda.exe, Version: 1.0.0.1, Zeitstempel:
0x4fa99959 Name des fehlerhaften Moduls: user32.dll, Version: 6.1.7601.17514, Zeitstempel:
0x4ce7ba59 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003ba1c ID des fehlerhaften Prozesses:
0x172c Startzeit der fehlerhaften Anwendung: 0x01cd9c5c0e6c9079 Pfad der fehlerhaften
Anwendung: C:\Users\Scott\Desktop\Neuer Ordner (3)\dasda.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\user32.dll Berichtskennung: 5d2fced0-084f-11e2-a8fd-a7ea54e370b8
Error - 27/09/2012 16:54:12 | Computer Name = Scott-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 28/09/2012 17:58:49 | Computer Name = Scott-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3235,
Zeitstempel: 0x4fec7b3e Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00056b1d ID des fehlerhaften
Prozesses: 0x18f4 Startzeit der fehlerhaften Anwendung: 0x01cd9dc46ff580bc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
aebd2c5b-09b7-11e2-bee3-c62365e804c4
Error - 28/09/2012 17:59:47 | Computer Name = Scott-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3235,
Zeitstempel: 0x4fec7b3e Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00056b1d ID des fehlerhaften
Prozesses: 0x15f8 Startzeit der fehlerhaften Anwendung: 0x01cd9dc491a5ce54 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
d0f4fb6e-09b7-11e2-bee3-c62365e804c4
Error - 28/09/2012 18:02:47 | Computer Name = Scott-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3235,
Zeitstempel: 0x4fec7b3e Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00056b1d ID des fehlerhaften
Prozesses: 0x1954 Startzeit der fehlerhaften Anwendung: 0x01cd9dc4fd5f8652 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
3c99565c-09b8-11e2-bee3-c62365e804c4
Error - 28/09/2012 20:51:20 | Computer Name = Scott-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 28/09/2012 21:10:11 | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.97.448 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c30 Startzeit:
01cd9ddf0c4f62b9 Endzeit: 118 Anwendungspfad: C:\Program Files (x86)\Steam\SteamApps\common\arma
2 operation arrowhead\expansion\beta\arma2oa.exe Berichts-ID:
Error - 03/10/2012 12:37:48 | Computer Name = Scott-PC | Source = Windows Activation Technologies | ID = 14
Description = Fehler bei der Echtheitsprüfung: hr = 0x80070002
Error - 03/10/2012 12:58:29 | Computer Name = Scott-PC | Source = Software Protection Platform Service | ID = 1017
Description = Fehler bei der Installation des Kaufnachweises. 0x80070002 Teil-Pkey=BMFVV
ACID=?
Genauer
Fehler[?]
Error - 03/10/2012 13:00:49 | Computer Name = Scott-PC | Source = Windows Activation Technologies | ID = 14
Description = Fehler bei der Echtheitsprüfung: hr = 0x80070002
Error - 03/10/2012 13:45:08 | Computer Name = Scott-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.70.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit:
01cda18e2ad54ddf Endzeit: 0 Anwendungspfad: C:\Users\Scott\Desktop\Downloads\OTL.exe
Berichts-ID:
[ System Events ]
Error - 03/10/2012 13:10:12 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 03/10/2012 13:10:12 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 03/10/2012 13:12:43 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 03/10/2012 13:36:30 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet:
%%5
Error - 03/10/2012 13:36:30 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 03/10/2012 13:36:31 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%5
Error - 03/10/2012 13:36:33 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Pipe-Listeneradapter" ist von folgendem Dienst abhängig:
was. Dieser Dienst ist eventuell nicht installiert.
Error - 03/10/2012 13:36:33 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 03/10/2012 13:36:33 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5
Error - 03/10/2012 13:38:51 | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
Und hier die Otl.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 03/10/2012 19:45:28 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Scott\Desktop\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 5,99 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,63% Memory free 11,98 Gb Paging File | 10,40 Gb Available in Paging File | 86,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 198,99 Gb Total Space | 49,39 Gb Free Space | 24,82% Space Free | Partition Type: NTFS Drive D: | 732,42 Gb Total Space | 354,14 Gb Free Space | 48,35% Space Free | Partition Type: NTFS Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/03 19:29:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\Downloads\OTL.exe PRC - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/09/07 20:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/25 19:33:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2012/02/23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/12/23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe PRC - [2010/11/20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/04/27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe PRC - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012/08/13 21:13:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010/12/23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBManage.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/07 00:32:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/08/28 13:42:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/24 21:22:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/19 18:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/25 19:33:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2012/03/31 01:34:05 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2012/02/23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/06/06 18:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010/01/09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010/01/09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/07 20:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/09/07 20:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/09/07 20:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011/10/24 19:58:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/10/24 19:58:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010/04/27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/04/27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/12/25 09:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/03/16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) DRV - [2005/01/02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 B5 BD 6F AE 15 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={268B896D-6F9E-45AE-89B3-61DEC6C96C51}&mid=230b24f9c50b47d1bcfbd157a3fa1c22-e693d0a5d4c332793c82f8e239a53ad7b11661aa&lang=en&ds=tg025&pr=sa&d=2011-08-30 13:13:07&v=8.0.0.33&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{B0B633BC-CFFF-4BA0-8211-5EFD7352AA2D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=41584e0c-c56b-45c8-a562-3670b4e4637d&apn_sauid=8BAE3F3D-1424-475B-B472-DB8796F1D1CA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/16 23:09:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 00:32:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 16:28:50 | 000,000,000 | ---D | M] [2012/07/30 00:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions [2012/08/25 01:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\5baq07v6.default\extensions [2012/07/30 00:26:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\5baq07v6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/07 00:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/07 00:32:16 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012/09/07 00:32:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/07 00:32:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/07/14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/26 01:00:35 | 000,002,227 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/30 21:29:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E88379-892E-4112-95EA-BDA8655BF95A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF36068C-231D-438A-9C71-71CE86D46D24}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{6ad5f095-8204-11e0-a02d-bcaec52cdb56}\Shell - "" = AutoRun O33 - MountPoints2\{6ad5f095-8204-11e0-a02d-bcaec52cdb56}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/03 19:18:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2012/10/03 19:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/10/03 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012/10/03 18:33:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012/10/03 18:33:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012/10/03 17:45:41 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes [2012/10/03 17:45:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/10/03 17:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/03 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/03 17:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/01 16:47:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Neuer Ordner [2012/09/29 04:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2012/09/28 23:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/09/28 23:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/09/28 17:19:20 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/09/25 16:54:57 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012/09/25 16:54:20 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys [2012/09/25 16:54:18 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012/09/25 16:50:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Ad-Aware Antivirus [2012/09/25 16:49:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/09/25 16:49:13 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\CheckPoint [2012/09/25 16:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012/09/25 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Avira [2012/09/25 16:32:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/09/25 16:32:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/09/25 16:32:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/09/25 16:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/09/25 16:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/09/25 16:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore [2012/09/25 15:41:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\TeamViewer [2012/09/25 15:40:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\FIFA 12 [2012/09/16 03:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/09/13 23:08:44 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\BIS Core Engine [2012/09/12 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/11 17:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2012/09/11 17:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead.Island.Game.of.The.Year.Edition [2012/09/07 00:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/09/06 01:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2012/09/05 03:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/05 03:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/03 19:43:24 | 001,529,854 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/03 19:43:24 | 000,661,490 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/03 19:43:24 | 000,618,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/03 19:43:24 | 000,141,846 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/03 19:43:24 | 000,114,590 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/03 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/03 19:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/03 19:36:13 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2012/10/03 19:34:57 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 19:34:55 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 19:32:47 | 000,000,188 | ---- | M] () -- C:\Users\Scott\defogger_reenable [2012/10/03 19:25:05 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012/10/03 19:20:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012/10/03 19:18:41 | 000,001,097 | ---- | M] () -- C:\Users\Scott\Desktop\Kaspersky Security Scan.lnk [2012/10/03 17:45:37 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/25 18:09:14 | 000,001,422 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012/09/16 04:17:23 | 000,311,261 | ---- | M] () -- C:\Users\Scott\Documents\ts3_clientui-win64-1343657352-2012-09-16 04_17_23.644073.dmp [2012/09/16 04:02:13 | 000,311,261 | ---- | M] () -- C:\Users\Scott\Documents\ts3_clientui-win64-1343657352-2012-09-16 04_02_12.182262.dmp [2012/09/16 01:57:09 | 000,002,651 | ---- | M] () -- C:\Users\Scott\Desktop\Six Launcher.lnk [2012/09/16 01:34:25 | 000,001,088 | ---- | M] () -- C:\Users\Scott\Desktop\TeamSpeak 3 Client.lnk [2012/09/07 20:26:05 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/09/07 20:26:05 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/09/07 20:26:05 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/03 19:32:46 | 000,000,188 | ---- | C] () -- C:\Users\Scott\defogger_reenable [2012/10/03 19:18:55 | 000,001,097 | ---- | C] () -- C:\Users\Scott\Desktop\Kaspersky Security Scan.lnk [2012/10/03 17:45:37 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/25 15:38:39 | 000,000,616 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa 12.lnk [2012/09/16 04:17:23 | 000,311,261 | ---- | C] () -- C:\Users\Scott\Documents\ts3_clientui-win64-1343657352-2012-09-16 04_17_23.644073.dmp [2012/09/16 04:02:12 | 000,311,261 | ---- | C] () -- C:\Users\Scott\Documents\ts3_clientui-win64-1343657352-2012-09-16 04_02_12.182262.dmp [2012/09/16 01:57:09 | 000,002,651 | ---- | C] () -- C:\Users\Scott\Desktop\Six Launcher.lnk [2012/09/16 01:34:25 | 000,001,088 | ---- | C] () -- C:\Users\Scott\Desktop\TeamSpeak 3 Client.lnk [2012/09/06 01:23:22 | 000,001,422 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012/08/23 17:42:13 | 000,000,077 | ---- | C] () -- C:\Windows\SysWow64\Userdata.ini [2012/06/21 10:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/05/31 17:26:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/11/24 22:51:25 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/11/19 14:41:21 | 000,088,576 | -H-- | C] () -- C:\Users\Scott\AppData\Roaming\rbap550.dll [2011/11/19 14:41:21 | 000,029,184 | -H-- | C] () -- C:\Users\Scott\AppData\Roaming\RBInternetEncodings550.dll [2011/10/31 16:38:20 | 000,005,120 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/28 03:12:27 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011/10/26 04:10:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011/10/26 02:36:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/10/26 02:03:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/10/23 07:56:16 | 004,738,560 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011/09/07 19:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011/08/29 04:19:53 | 000,000,093 | ---- | C] () -- C:\Users\Scott\AppData\Local\fusioncache.dat [2011/08/24 16:28:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/07/21 16:55:29 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/07/12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/06/26 01:32:54 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/06/26 01:32:53 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011/06/26 01:32:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/05/20 17:55:58 | 001,503,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/19 01:10:05 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/19 00:47:07 | 000,045,456 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/05/19 00:46:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/05/19 00:46:29 | 000,031,064 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/08/29 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\.minecraft [2012/09/25 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ad-Aware Antivirus [2012/04/28 14:56:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ambet [2011/10/26 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\avidemux [2011/10/06 22:57:03 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Bump Technologies, Inc [2012/09/25 16:49:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CheckPoint [2012/09/25 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DAEMON Tools Lite [2012/05/03 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DarknessII [2011/06/25 00:03:51 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Day 1 Studios [2012/06/20 18:05:06 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DVDVideoSoft [2011/05/22 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers [2012/06/17 03:25:48 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\FOG Downloader [2012/09/28 23:53:38 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\foobar2000 [2012/07/16 19:55:57 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\gslist [2011/10/10 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\HU2011 [2011/05/23 18:00:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\InfraRecorder [2012/07/09 23:07:17 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mael [2011/11/24 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MAGIX [2011/09/06 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mount&Blade With Fire and Sword [2012/06/20 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Notepad++ [2012/09/28 23:57:32 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\OpenCandy [2012/10/01 16:45:09 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Origin [2011/11/24 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PunkBuster [2011/11/29 23:05:52 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Rovio [2012/04/29 13:09:47 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ryt [2012/05/28 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Samsung [2011/06/24 23:50:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\SecondLife [2012/09/13 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\six-updater [2012/06/07 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\six-zsync [2012/09/25 15:51:08 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TeamViewer [2012/05/31 23:39:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\The Creative Assembly [2011/12/11 03:14:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Trine2 [2012/09/25 22:07:46 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TS3Client [2012/07/25 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Tunngle [2012/06/25 19:27:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ubisoft [2012/09/25 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent [2011/10/26 14:37:20 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Win7codecs ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Scott\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys < End of report > bump  Geändert von Pokerface225 (03.10.2012 um 19:18 Uhr) |
|
04.10.2012, 11:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wahrscheinlich Infiziert Malwarebytes ist installiert aber du hast davon kein Log gepostet - warum?
__________________
__________________ |
|
04.10.2012, 18:24
| #3 |
| | Wahrscheinlich Infiziert Habe nirgendwo gelesen das ich Malware logs hochladen soll, hier tu ich es mal nachträglich.
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 04/10/2012 19:21:28 mbam-log-2012-10-04 (19-21-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236250 Laufzeit: 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.10.2012, 19:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich Infiziert Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.10.2012, 20:30
| #5 |
| | Wahrscheinlich Infiziert alles klar hier die logs.Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 03/10/2012 17:46:13 mbam-log-2012-10-03 (17-46-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 472103 Laufzeit: 1 Stunde(n), 7 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\blz-magix.video.deluxe.16.premium.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Scott\Desktop\Cryptload 1.1.8\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 03/10/2012 18:59:28 mbam-log-2012-10-03 (18-59-28).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 197325 Laufzeit: 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 03/10/2012 19:00:15 mbam-log-2012-10-03 (19-00-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236038 Laufzeit: 3 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 04/10/2012 19:19:06 mbam-log-2012-10-04 (19-19-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236270 Laufzeit: 2 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 04/10/2012 19:21:28 mbam-log-2012-10-04 (19-21-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236250 Laufzeit: 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Scott :: SCOTT-PC [Administrator] Schutz: Aktiviert 04/10/2012 20:17:49 mbam-log-2012-10-04 (20-17-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 470713 Laufzeit: 1 Stunde(n), 8 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2012/10/03 17:45:48 +0200 SCOTT-PC Scott MESSAGE Starting protection
2012/10/03 17:45:48 +0200 SCOTT-PC Scott MESSAGE Protection started successfully
2012/10/03 17:45:48 +0200 SCOTT-PC Scott MESSAGE Starting IP protection
2012/10/03 17:45:48 +0200 SCOTT-PC Scott ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/03 17:45:56 +0200 SCOTT-PC Scott MESSAGE Starting database refresh
2012/10/03 17:45:58 +0200 SCOTT-PC Scott MESSAGE Database refreshed successfully
2012/10/03 17:50:29 +0200 SCOTT-PC Scott MESSAGE Executing scheduled update: Daily
2012/10/03 17:50:30 +0200 SCOTT-PC Scott MESSAGE Database already up-to-date
2012/10/03 18:58:26 +0200 SCOTT-PC Scott MESSAGE Starting protection
2012/10/03 18:58:27 +0200 SCOTT-PC Scott MESSAGE Protection started successfully
2012/10/03 18:58:27 +0200 SCOTT-PC Scott MESSAGE Starting IP protection
2012/10/03 18:58:27 +0200 SCOTT-PC Scott ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/03 19:03:40 +0200 SCOTT-PC Scott MESSAGE Starting IP protection
2012/10/03 19:03:40 +0200 SCOTT-PC Scott ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/03 19:10:18 +0200 SCOTT-PC Scott MESSAGE Starting protection
2012/10/03 19:10:18 +0200 SCOTT-PC Scott MESSAGE Protection started successfully
2012/10/03 19:10:18 +0200 SCOTT-PC Scott MESSAGE Starting IP protection
2012/10/03 19:10:18 +0200 SCOTT-PC Scott ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/03 19:36:39 +0200 SCOTT-PC Scott MESSAGE Starting protection
2012/10/03 19:36:39 +0200 SCOTT-PC Scott MESSAGE Protection started successfully
2012/10/03 19:36:39 +0200 SCOTT-PC Scott MESSAGE Starting IP protection
2012/10/03 19:36:39 +0200 SCOTT-PC Scott ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/10/03 19:45:20 +0200 SCOTT-PC Scott MESSAGE Stopping protection
2012/10/03 19:45:20 +0200 SCOTT-PC Scott MESSAGE Protection stopped successfully
2012/10/03 19:45:20 +0200 SCOTT-PC Scott MESSAGE Protection stopped
|
|
05.10.2012, 11:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Wahrscheinlich InfiziertCode:
ATTFilter C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\blz-magix.video.deluxe.16.premium.exe
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ --> Wahrscheinlich Infiziert |
|
| Themen zu Wahrscheinlich Infiziert |
| 7-zip, ad-aware, avira, basisfiltermodul, bho, converter, desktop, document, error, excel, flash player, format, google, grand theft auto, helper, install.exe, installation, logfile, mozilla, mp3, nvidia update, origin, pando media booster, programm, reaktivieren, realtek, registry, richtlinie, rundll, scan, security, software, super, svchost.exe, teamspeak, udp, usb 3.0, windows-firewall |
Linear-Darstellung
