| |
| |||||||
Log-Analyse und Auswertung: Zirkumflex ^ direkt doppelte Ausgabe, kein Trojaner Fund mit MBAM, trotzdem präventiver Scan + LogauswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.01.2013, 17:52
| #1 |
 |  Zirkumflex ^ direkt doppelte Ausgabe, kein Trojaner Fund mit MBAM, trotzdem präventiver Scan + Logauswertung Guten Abend liebes Trojaner Board,, Also mein Problem ist: Wenn ich einmal auf ^ drücke, kommt gleich zweimal das Zeichen ^^. Somit ist das Zeichen nichtmehr nutzbar um es auf ein Buchstaben zu setzen, wie es ja eigentlich gedacht ist. Und wenn ich selber auf die Taste zweimal drücke, um den Emoction ^^ zu erzeugen, kommt das Zeichen gleich 4mal ^^^^ Dieses Problem tritt überall auf, im Editor bei IM, im Browser etc. Auch ist nicht nur der Zirkumflex betrofen, auch andere Akzent Zeichen wie ´ und ` sind betroffen. Nun hab ich etwas gegoogelt, und meist war die Lösung ein verdächtigen Prozess zu beenden (was schonmal stark nach Trojaner stinkt), oder direkt ein Keylogger der solche Tastenleichen übrig lässt. Sonst habe (bisher) ich keinerlei Probleme am PC. Anbei die Logs von Mbam und OTL: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 18.01.2013 17:16:04 mbam-log-2013-01-18 (17-16-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 577437 Laufzeit: 18 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL Extras logfile created on: 18.01.2013 17:40:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Voigt\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 12,81 Gb Available Physical Memory | 80,25% Memory free
31,92 Gb Paging File | 28,99 Gb Available in Paging File | 90,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476,84 Gb Total Space | 52,39 Gb Free Space | 10,99% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 32,08 Gb Free Space | 3,44% Space Free | Partition Type: NTFS
Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00903539-AA3F-477A-93FD-91279D646E36}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0AB3AD42-FFC5-4BB4-9AF6-84A92C5FE004}" = lport=3389 | protocol=6 | dir=in | app=system |
"{1499EFDC-4321-48C7-80B6-489B0CBCF96C}" = lport=445 | protocol=6 | dir=in | app=system |
"{21111717-66CD-4B19-9133-8F858EECB580}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26ED9B01-86DA-4BDA-B860-4B468C4D9E25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C9B4F27-8B76-4C9D-9A40-E7A14AEA2C4B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2E5CF3E3-8EFD-4F96-B59B-E07D17C8730C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3232898C-75E8-45A4-8E70-A4DBC87EA018}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{3412D80C-D3D8-45C7-8A3D-6B62614F820B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{361684FD-C685-462B-A16D-549086F517BE}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{3C2C2A5D-5FA2-4BF0-BA88-4C73B3EF56FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63E736F8-7E5B-426D-B15D-017BB4FD987E}" = rport=445 | protocol=6 | dir=out | app=system |
"{82BAC6D9-3927-4A8B-B85E-A54963706CD5}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{8BF210D3-3F34-4EF6-8242-D2133A3C2B05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{953E76C5-B680-4C03-A9C3-99781431AAC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A07A8399-D22A-4CBD-B2DA-7D44BA973216}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A58B0EB3-B0F9-4655-8713-6591D3C14D87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBC7890A-5AFB-4D4B-BCED-01A921609A11}" = lport=137 | protocol=17 | dir=in | app=system |
"{D43D6102-6BFE-42DC-A171-B312E39F988B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D74EEE95-B51E-4F3C-81F6-620A9B772028}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC51E477-D72B-451B-BFD1-7BC1A5F47279}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{E0DEA301-A272-48E4-9C58-9835F1FE8B79}" = rport=139 | protocol=6 | dir=out | app=system |
"{E69C40F3-BCDA-416C-90BF-E5C0D5A41657}" = rport=138 | protocol=17 | dir=out | app=system |
"{F35D6F66-6E51-4964-B763-A8194986BED8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC08D970-71D9-445B-AE91-E157430DD3B6}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC09E39C-C198-4495-A179-A0E4A91D6A32}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B88628-F5F6-4DAD-A690-9F2DAB8067C4}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{02C34E89-A41E-4863-8B61-1CC17F09FEAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{094B8D62-A439-410E-9A79-0B81C7250595}" = dir=out | app=%systemdrive%\spiele\fifa 13\game\fifa13.exe |
"{09B53751-866A-43A1-9594-C547B45CDF72}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\star trek online\star trek online.exe |
"{0E1E8DB3-165A-4269-99C5-D63139856F5A}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{0F25BF50-9E79-445A-A16D-807AFAF7CE93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10569807-FD06-4946-8A22-33F19D26C2AE}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{1097B88B-EC5D-4642-8ACF-3119F90BFF55}" = protocol=6 | dir=in | app=c:\spiele\dirt2\dirt2_game.exe |
"{1396C915-3446-4CC4-82CF-FC15661BDBCB}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{15E032A9-6AF5-43D3-9174-87FF722965C7}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\monkey2\monkey2.exe |
"{170F270E-FB8D-49A5-B9B0-25D444C8CB21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18EE8087-52B5-4881-BC6D-494179E6685F}" = protocol=6 | dir=in | app=c:\spiele\anno 1404\anno4.exe |
"{19F2C0B4-D2C3-4F5C-8937-1EB71B59AAE2}" = protocol=17 | dir=in | app=c:\spiele\origin\battlefield 3\bf3.exe |
"{1AF2D9EF-76F1-4D59-B95B-E7F1D22EA829}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\tropico 4\tropico4.exe |
"{1E0271D9-DCB7-4688-A1A2-92F7BFF6B9E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{1EE5C526-9FBF-49D8-9B57-D9EB34335411}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{1FA865D7-7BE0-43F5-96A5-7FB1239F51AC}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{2163795A-9866-4697-A987-A2BEFD697A32}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{218C1E63-11EB-466A-8469-C46857DCEED6}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{220AD2D2-A8AB-4C32-B357-C751603F8090}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\edna and harvey harvey's new eyes\visionaireconfigurationtool.exe |
"{22C49C17-F201-4C51-9B0B-1234DB087DDA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{245E8DC7-81F7-4A58-B0C2-CFC7233AD481}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{2641302D-D68C-468E-855B-D3FCF3727503}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{2738B0E7-F122-4C1D-9EF0-FA2FF197D541}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{2B2D7823-9DAA-4404-B5AD-C00641567CDB}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{2B9DEFD4-04EC-4424-B8F2-100BFCAEFC7A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2C0B2C50-DFC5-489D-99ED-2FDC97417C28}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{2C4354EE-1232-4058-BF05-D1B2D5B68094}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{2C9DFEA3-14C8-439D-9495-616612538706}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe |
"{2E619C92-A3FD-4205-B4B2-2E4056E56770}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{30117F66-A35E-46EC-B170-D8DC279C4635}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{330E34D4-D852-493A-91C6-1FE0591AB5E9}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{3316BD13-B7BF-4E6C-AB4F-6D2C238BB249}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\edna and harvey harvey's new eyes\harvey.exe |
"{350DF2F4-88EA-4270-9656-3FBC12759EE4}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{351CF27D-50B2-41FD-9674-D05E11C92EDC}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{36441A86-1B60-408F-991E-92C32E3236CF}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\custom.exe |
"{376A86A3-D0CA-4F96-877C-39BEEA299BC0}" = protocol=6 | dir=in | app=c:\spiele\anno 1404\tools\anno4web.exe |
"{398B7D0D-8F7D-4D6C-9B84-8F59A4DDC6D1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\custom.exe |
"{3A7B538D-20F3-4FFF-B443-B3A1BCBA6D12}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{3AC965F0-8638-47C5-85EE-CD2F0B020BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{3D26159C-7668-4949-A540-87AD8AE91204}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{3F3C04B8-7F3D-4BEE-8912-868A29394934}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crysis\bin32\crysis.exe |
"{406092D4-DD49-406F-B94C-E1F5F4B1338C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{4130D2A0-76C1-49EF-893D-75169AEFA537}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41602644-E7C0-4864-A9A4-5748B512B704}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\the binding of isaac\isaac.exe |
"{41F0352D-2934-4E26-967D-2B05C13EC1A3}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{42976E3F-1D08-44AB-949A-B870CA35FD69}" = protocol=6 | dir=out | app=system |
"{42BDB6A9-8B65-4FD9-8D01-65FE1ED701DC}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{447BB8EC-C839-4E25-B1DC-CE9D0B019F05}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{455DD30A-73E1-43DB-9990-CF79F7D0FFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{45A716E9-936F-481B-B7BB-61CC92CB4BF3}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{47FBB357-D973-4EF4-9E56-8A0284ED021B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\medieval ii total war\launcher.exe |
"{4887C388-4AD1-4FA1-90C2-390EFDF7234F}" = protocol=17 | dir=in | app=c:\spiele\dirt2\dirt2_game.exe |
"{494C705D-B992-43EF-BF9F-7B34BE3DE3E5}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{4A1B5E69-07EB-4170-ADD5-738DC3EB550C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{540DE5C0-08E9-4601-A5AB-A65426C9E8C3}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{573F900E-C46A-45E1-80F6-39855466155E}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{57CA4184-EDC2-4EE7-8B0B-A9329540A1F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C73793F-9509-4E03-8B6E-D0B4500EC430}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5C878308-83DE-4171-AF6B-76845DA62586}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\metro 2033\metro2033.exe |
"{61D4883C-F23B-42AA-AE93-39E29BC4D82D}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\initengine.exe |
"{656152A9-E1C6-4868-B101-DAE4B09D29F4}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{668D96E6-CBE0-492C-9E0B-283E21431DA6}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{69331EFF-1D04-4CCC-97CD-455DB8107726}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D5CD1CD-BA1B-4F8C-8967-B1AB233B63DE}" = dir=out | app=%programfiles%\bandicam\bdcam.exe |
"{6EC8DB4B-5344-4244-9C89-0E0557D20CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{6F71FD96-A3E9-4406-AE4D-0A57F2CB4A9E}" = protocol=17 | dir=in | app=c:\spiele\anno 1404\anno4.exe |
"{73F09D37-4684-49C3-9A96-42048FA33671}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\recettear.exe |
"{76A52C21-F0AC-4DA0-8841-119C533E7C47}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\anno5.exe |
"{779B11CE-AAD6-4765-86A9-7EF2C614DDC5}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{78FB1A45-121B-4D31-B6B7-E6B37C2FC026}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\voigt15\counter-strike\hl.exe |
"{79091CDC-A802-4139-A94D-B484843DE881}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{7A0AFB20-AEF0-4F5F-8D05-F6442409347B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crysis\bin32\crysis.exe |
"{7B35551A-215B-4BE6-A7C0-B74BFD69A4D6}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{7F41F964-7E9D-41DC-8D16-D5AFDFBB5D78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F7EF86B-43DC-410E-A8A0-40437149DB4A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{85046CB3-4F15-4F46-97EE-80D87766AB2F}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\recettear.exe |
"{86B9A542-62D0-4650-9C27-271D57152442}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{8811C133-FC4C-47B9-9B36-C4A499FD8060}" = protocol=17 | dir=in | app=c:\spiele\anno 1404\tools\addonweb.exe |
"{88E9C6D5-897F-49A4-B2BC-35626600140F}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{89A778DF-85C5-4E40-AF57-B1EC47DFE41C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\edna and harvey harvey's new eyes\visionaireconfigurationtool.exe |
"{8A5D950B-9436-4A60-917C-4C191936BE78}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{8E52D599-217C-4654-BAFE-D90AC3C87893}" = protocol=17 | dir=in | app=c:\programme\utorrent\utorrent.exe |
"{8E6951AF-0043-4D71-B33F-75F64EA98F95}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8FC86F83-EE65-4C3F-88B4-52420A63697C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{907D85F9-9707-4832-A0E1-B3B704539C48}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\medieval ii total war\launcher.exe |
"{92422C03-3321-4DA2-A0A2-15D373E80E8F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{94582CEC-7EAC-4D87-9ECB-3DA882CBB0D9}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{945F50EF-C983-45F9-B8BE-E4C14198D379}" = protocol=17 | dir=in | app=c:\spiele\anno 1404\tools\anno4web.exe |
"{9870718A-B319-4045-9799-0523160F2F44}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{9A0119F1-AE29-4D6D-96E4-F9FBE49BA8FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A1FFBF7-4C60-46FC-B963-6676F59AEA05}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{9A3FE85E-3A55-4A5A-B50D-149BF802E127}" = dir=in | app=c:\programme\qip 2012 jeak-edition\qip.exe |
"{9CE1E94B-1173-4376-8BA4-79B58B0237F8}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{9E211E37-AD8E-4ADC-A466-954E4563DBF6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9E6B8D82-696E-4D5A-9318-CD0C5CC297A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EB910F3-910C-4860-BE48-6F32A46FCA27}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\the binding of isaac\isaac.exe |
"{9F9E0F9A-2F82-4FA8-A96E-1AA78DE388B7}" = protocol=6 | dir=in | app=c:\spiele\anno 1404\addon.exe |
"{9FC28802-5235-4A6B-A26F-C0AE1C7037AF}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\tropico 4\tropico4.exe |
"{A0F7F875-BE7D-4370-9FC5-1EC4B0130C74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5A8E39A-DCF0-40A1-9B82-361AFD1DC475}" = protocol=6 | dir=in | app=c:\programme\utorrent\utorrent.exe |
"{A85B0812-C85F-4EB7-B5BF-72E09E75919D}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{A8F273DD-AF25-4005-A80C-DFBA844E2E6A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9B95D6D-D376-429D-8F74-3EF70105950B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\hardreset\hardreset.exe |
"{AA8CCB7C-A1F6-4A7A-B6E6-E06E952454B8}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{AB49CBCC-1F0D-4FFE-9961-5C0C1199A38E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{AC6AA3E0-9F16-4FE9-B6E5-AF287FCEB359}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AE9A97B5-DD60-4189-9614-AFCCDFCCD8E1}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{AEF5C13B-90D5-42AB-9D78-35CF676BFD19}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{AF71E73C-4E2D-4342-917C-AC4ABB7B2A50}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B06D93ED-C55E-47F2-ADC3-B19E44671182}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\hardreset\hardreset.exe |
"{B190024A-0BB0-4FA7-903F-E066EAEB7FF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B19D4CFB-180F-4261-8486-803D63D1AC99}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{B36917CC-7FD2-406E-B58B-1F6AD4C74F77}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{B3B531A4-F6B4-4E02-9889-C6D42F0276AF}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\from dust\from_dust.exe |
"{B45132A7-39E0-439F-B063-D00D71A7D14D}" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"{B4F41441-5CB0-4954-AD40-7845EAC86D26}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\anno5.exe |
"{B7B78AA7-C118-406D-8E40-C6C8712A395A}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{BC6413EE-7493-4394-831B-1AD324C9A986}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{BC6C6C76-471C-4739-BD7A-F9E7FB4CB725}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCFAB759-0A79-46BB-BDC1-6BFE1542D349}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD50A00F-81DF-4384-895F-6D82B4520C17}" = protocol=6 | dir=in | app=c:\spiele\anno 1404\tools\addonweb.exe |
"{C4AD8DC5-EEAF-4C93-BAD0-63810A50A389}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAB23656-3C1B-485E-A3CA-2EA81B1099CC}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CABC0064-D615-474B-9008-354A890502A4}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{CAF30996-E22F-40E0-86CF-C854471C4032}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB47D480-B785-48BE-9DD9-6773A6906C07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CB9457F5-53C1-4DBC-958B-0573142AB7DA}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{CBC2CB19-F93B-4D1A-82AA-20C430D5EE68}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\limbo\limbo.exe |
"{CC3588E4-2370-434A-B871-D35968932C67}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\from dust\from_dust.exe |
"{CD0F5061-DA8A-4740-A647-78D528BA42F2}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{CD8EE118-3455-4B1C-9EE2-356F6581A3E9}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CDFB2BE1-913E-4ECC-B3D4-41777615033C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{CEC8A67C-4516-4CF4-93C8-A6335D80D8A1}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\metro 2033\metro2033.exe |
"{D4B4A2F0-E192-4703-BFFC-4C0FFE1B03F4}" = protocol=17 | dir=in | app=c:\spiele\anno 1404\addon.exe |
"{D68493B9-6BCA-40D5-8F61-DB973545739E}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{D6EA8B35-F1E4-42B1-BEFB-6034DA1CAF67}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{D8143324-6AD5-4D90-801D-F84F06A1C5C6}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DA3E81B0-B99D-48D5-A3BC-976EABCE103F}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{DE8FA04E-9D13-4CBF-805C-4F4E0C2CF6C4}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{DEE327A6-648B-43F6-8844-FA3CE54E1AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{E01BBBFF-88E3-433A-B2E9-6C384F0DDA46}" = protocol=17 | dir=in | app=c:\spiele\battleforge\bootstrapper.exe |
"{E0DA873C-9162-4791-AA77-F884A4AAB4C1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\trine\trine_launcher.exe |
"{E19904F7-7C57-4825-B5FA-7199F684D447}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{E27FC02D-BFA7-405A-A9AB-CEF303DBD606}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{E2CF4409-A0D8-433D-97D8-7167EF2D21D1}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\limbo\limbo.exe |
"{E3FACB22-F04A-4DCC-B089-23EA98EB711C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{E42D9121-EA14-4A13-96F6-658426EE6295}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{E47ADE7A-5531-4208-AA71-7D97F67CBF02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{E6A6B00B-E892-4F5B-933D-C4C1FC628891}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EAC21520-DC56-494D-AB1A-33D71E842D6F}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{EAEA552A-8417-43C1-8B9B-1F557228ACCF}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"{EBDA0242-D61F-4F15-90CF-481366E45EB2}" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"{ECB928FB-E303-46D0-89E2-CEA2D9E5DA4E}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{ED203952-F7DB-4FB1-9A25-3F17D0780FE2}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{EE52112E-976E-4EB8-B8BD-4DB78C4FCB49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{EE606FBF-A80D-428D-8E7D-C6B18F5B7B11}" = protocol=17 | dir=in | app=c:\spiele\battleforge\battleforge.exe |
"{EE8A78D5-A643-4E72-9E65-EB5A9835EEB1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{EE8C3E5B-319B-4E07-A205-AD2D283865A3}" = protocol=6 | dir=in | app=c:\spiele\battleforge\battleforge.exe |
"{EFDFF821-A069-49AF-B433-9F06B64F3408}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{F0EB844A-6749-46D7-9AEA-CF930A0878D8}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{F2B36FE3-DF29-401D-992D-A0E6D3BE5A9C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{F2FAB130-7A85-4D45-A4D8-0C961926E555}" = protocol=6 | dir=in | app=c:\spiele\battleforge\bootstrapper.exe |
"{F40E281D-DE45-45F9-A6C4-D06F6004F9B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{F484E5F2-D52D-4A8B-938B-F0F36E0230A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F504E92F-731D-4C7E-875E-CC4EA951C226}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\monkey2\monkey2.exe |
"{F69C59CA-51B7-4AE5-9AA8-2D4E20672310}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F821F81E-0603-41C7-9278-F4A149FCA8B7}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{F83D4438-6541-493D-86C6-59DDC1D7DE0C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\edna and harvey harvey's new eyes\harvey.exe |
"{F89206D7-4D86-4DD5-878C-25D9CBF73236}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{F9056B8D-F525-4803-9422-D95F059574AD}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{F989E166-4385-420E-8441-4FAE62A2506F}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\voigt15\counter-strike\hl.exe |
"{F9C7BFB0-473D-4F7F-AE87-D74698B8B4B0}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{FB5DC033-C36B-4B1A-8BB7-889F0777D617}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\initengine.exe |
"{FB7ECB23-DD30-49B7-9552-DA8B093AB576}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FBCA90A6-F05B-4F5A-B58C-30CC46FC19D9}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"{FBD19411-E363-47A2-B4EB-CB0A17F27CBC}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe |
"{FBE812FC-3CB2-4326-BAA4-26EB11609B68}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{FD2AEF92-E89A-467F-A164-01B7CE9256CA}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{FDD21184-C4E7-42AE-9B67-BA13E7E3FABB}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\star trek online\star trek online.exe |
"{FDFD96F5-3FBE-4176-835F-FBD33BDAD3C0}" = protocol=6 | dir=in | app=c:\spiele\origin\battlefield 3\bf3.exe |
"{FF6763EF-645C-478B-BB2E-99CD348A78C6}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{FFFB0F83-CE4E-4529-BACA-B7964C31BC54}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\trine\trine_launcher.exe |
"TCP Query User{07918F8B-B685-445D-B8F5-9A396CA92972}C:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"TCP Query User{10E2F2F7-EA3B-43B2-89DC-B3843C95B891}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"TCP Query User{15A39485-8729-47D9-BFB1-45D68327F77E}C:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1E2A07E8-E294-46D9-859D-FC5769969F18}C:\users\voigt\appdata\roaming\flyforheroinstaller\flyforheroinstaller.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\flyforheroinstaller\flyforheroinstaller.exe |
"TCP Query User{1F9D9634-E82E-4A68-B32B-B589B1E5283E}C:\spiele\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\grand theft auto iv\gtaiv.exe |
"TCP Query User{28B751C3-B29E-428C-9188-41469F376FBB}C:\users\voigt\appdata\roaming\anetu\otqa.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\anetu\otqa.exe |
"TCP Query User{359E3034-A6DE-433A-930A-34E9CDA14817}C:\users\voigt\appdata\roaming\anetu\otqa.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\anetu\otqa.exe |
"TCP Query User{3A10801E-CF97-4136-89FF-73676A0187D1}C:\spiele\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{43848B84-CBF0-4C2C-95F3-A85CA108755B}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"TCP Query User{6054B8FC-6924-465D-AC18-957C0173CE95}C:\spiele\die siedler iv\exe\s4_main.exe" = protocol=6 | dir=in | app=c:\spiele\die siedler iv\exe\s4_main.exe |
"TCP Query User{70126AF6-56A5-4B5D-934B-D8692C0470DE}C:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"TCP Query User{7AD51F9F-0FEF-4886-ABA7-EAC082C795B4}C:\users\voigt\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\local\temp\gw2.exe |
"TCP Query User{7E5B2F27-8460-4E4A-A345-01133F790DB0}C:\spiele\dolphin\dolphin.exe" = protocol=6 | dir=in | app=c:\spiele\dolphin\dolphin.exe |
"TCP Query User{7F4B1BDD-E368-434E-AB97-B42C5F8A7660}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{83FB52AC-2948-41D6-93C9-A943641260E8}C:\program files\streammygame\streamer_server.exe" = protocol=6 | dir=in | app=c:\program files\streammygame\streamer_server.exe |
"TCP Query User{8EC44C2F-8E8F-4182-9E1F-D03507555028}C:\spiele\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\spiele\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{C3C557B2-44F9-4AC4-AD70-BF3D60B9A44D}C:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{D94671F8-4D9E-4E22-95F1-61BAB7A6B6CC}C:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{F4D9FE5B-1B3C-4846-B341-B4192B48F23D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FF1D67FF-B98F-48F9-AF27-0A025A55FFB2}C:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"UDP Query User{0F6E1856-E210-4E33-B92E-653556ED5826}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1EBFFDE7-D63E-4867-87A2-F1345AABA4E1}C:\users\voigt\appdata\roaming\anetu\otqa.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\anetu\otqa.exe |
"UDP Query User{284FC074-C066-4E43-8285-D9D5D3B0670F}C:\spiele\dolphin\dolphin.exe" = protocol=17 | dir=in | app=c:\spiele\dolphin\dolphin.exe |
"UDP Query User{49CC19A0-5542-49C9-9726-B84592E5E19A}C:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{4E4E80D7-452E-47B8-A6CD-11C0A1BB41DF}C:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{654E5A65-8202-4705-A769-EA53B8003F61}C:\users\voigt\appdata\roaming\flyforheroinstaller\flyforheroinstaller.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\flyforheroinstaller\flyforheroinstaller.exe |
"UDP Query User{8A2BA6E7-7C3C-48A9-85F9-E8D4ADB2317A}C:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"UDP Query User{8E8ACFB2-4B91-4AEC-9642-3460706407A4}C:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{92EF2600-D50C-4D96-8D58-8A6F0F2A523F}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"UDP Query User{A9BBBBF3-6EA7-4F03-B646-6E6D9A27ABAF}C:\spiele\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\spiele\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{C08DCB7C-2461-43B8-BFF8-09A339D0DAA3}C:\spiele\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{C3DC1286-543C-4732-9279-D22476764444}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C5086519-DF4F-4010-8968-EE24B17BF479}C:\users\voigt\appdata\roaming\anetu\otqa.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\anetu\otqa.exe |
"UDP Query User{C5567DE0-7CFC-47CD-9BE5-AFD2B46287F6}C:\spiele\die siedler iv\exe\s4_main.exe" = protocol=17 | dir=in | app=c:\spiele\die siedler iv\exe\s4_main.exe |
"UDP Query User{C6B1BD02-E3DB-43B4-85CB-75102C1958AE}C:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"UDP Query User{DB90EDD2-825D-4624-B27F-2D76123843BF}C:\program files\streammygame\streamer_server.exe" = protocol=17 | dir=in | app=c:\program files\streammygame\streamer_server.exe |
"UDP Query User{DE9B2C0C-7A1C-4854-9F94-8FFEDF303A0E}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"UDP Query User{E4E4D280-A213-40A6-A930-FEF813864A30}C:\users\voigt\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\local\temp\gw2.exe |
"UDP Query User{EC726608-EAB2-40E3-A2A8-B9595B8BB07D}C:\spiele\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\grand theft auto iv\gtaiv.exe |
"UDP Query User{F0B4B7B0-152C-4515-9EED-F55E1E226499}C:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Ultravnc2_is1" = UltraVnc
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B51A222-D1B3-45B2-B3DD-58D538762C93}" = RapidDrive
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A638CF72-CE5E-4001-8D54-30AFAE4E2F97}_is1" = FIFA 13
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B931991C-FA2F-4B73-8F48-43C20B7581DE}" = QIP 2012 7058 Jeak-Edition
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-315CN
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AVIcodec" = AVIcodec (remove only)
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"DokanLibrary" = Dokan Library 0.6.0
"EasyBCD" = EasyBCD 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mster" = Crysis Modification - Mster Config v3.01
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.2
"QIP 2012 7058 Jeak-Edition 4.0.7058" = QIP 2012 7058 Jeak-Edition
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"S2TNG" = Die Siedler II - Die nächste Generation
"S3" = Die Siedler III Gold Edition
"S4Uninst" = Die Siedler IV
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 10500" = Empire: Total War
"Steam App 107100" = Bastion
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 113200" = The Binding of Isaac
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 203770" = Crusader Kings II
"Steam App 208140" = Endless Space
"Steam App 218" = Source SDK Base 2007
"Steam App 219910" = Edna & Harvey: Harvey's New Eyes
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 33460" = From Dust
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35700" = Trine
"Steam App 35720" = Trine 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57690" = Tropico 4
"Steam App 620" = Portal 2
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8980" = Borderlands
"Steam App 9180" = Commander Keen Complete Pack
"Steam App 98400" = Hard Reset
"Steam App 9900" = Star Trek Online
"TigerGame XBOX+PS2+GC Game Controller Adapter_is1" = TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1221828583-1652800567-3554556347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2013 06:48:37 | Computer Name = VoigtPC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 17.01.2013 06:52:44 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 17.01.2013 07:35:57 | Computer Name = VoigtPC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 17.01.2013 07:36:56 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 17.01.2013 07:40:04 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 18.01.2013 03:15:47 | Computer Name = VoigtPC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 18.01.2013 03:18:22 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 18.01.2013 11:33:48 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 18.01.2013 11:44:25 | Computer Name = VoigtPC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 18.01.2013 11:48:32 | Computer Name = VoigtPC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
[ System Events ]
Error - 18.01.2013 08:17:31 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = PNRPSvc | ID = 102
Description =
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = PNRPSvc | ID = 102
Description =
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 18.01.2013 11:23:41 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 18.01.2013 11:36:44 | Computer Name = VoigtPC | Source = PNRPSvc | ID = 102
Description =
Error - 18.01.2013 11:36:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 18.01.2013 11:36:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
Code:
ATTFilter OTL logfile created on: 18.01.2013 17:40:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,81 Gb Available Physical Memory | 80,25% Memory free 31,92 Gb Paging File | 28,99 Gb Available in Paging File | 90,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 52,39 Gb Free Space | 10,99% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 32,08 Gb Free Space | 3,44% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Voigt\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Voigt\AppData\Roaming\Anetu\otqa.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Abyssus\razerofa.exe (Razer Inc.) PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd) PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\Voigt\AppData\Roaming\Thunderbird\Profiles\122yqn4i.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (SilvrLnk) -- C:\Windows\SysNative\drivers\silvrlnk.sys (Texas Instruments) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 C7 A9 36 EF B8 CD 01 [binary data] IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.05 23:54:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.05 02:39:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.05 02:39:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.05 02:39:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.09.12 11:30:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.09.12 11:30:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.09.12 11:30:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.08.06 04:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Extensions [2012.11.02 12:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Firefox\Profiles\r0x1t8gq.default\extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000..\Run: [Infium] C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000..\Run: [Kyokkaag] C:\Users\Voigt\AppData\Roaming\Anetu\otqa.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1221828583-1652800567-3554556347-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1221828583-1652800567-3554556347-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1221828583-1652800567-3554556347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26162937-870B-4435-B5CD-32548F8FBD3D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e92ac773-df53-11e1-b227-c86000c152e4}\Shell - "" = AutoRun O33 - MountPoints2\{e92ac773-df53-11e1-b227-c86000c152e4}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.18 17:38:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2013.01.18 16:29:51 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Desktop\1 Editier & Flash - Paket [2013.01.17 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Qyalz [2013.01.17 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Oqaw [2013.01.17 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Anetu [2013.01.16 18:41:53 | 000,092,672 | ---- | C] (Razer Inc.) -- C:\Windows\SysNative\Abyssus.cpl [2013.01.16 18:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2013.01.16 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2013.01.11 15:37:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Desktop\VisualBoyAdvanceM1097 [2013.01.10 00:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2013.01.10 00:58:40 | 000,000,000 | ---D | C] -- C:\Users\Voigt\D-Fend Reloaded [2013.01.10 00:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2013.01.09 08:51:35 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 08:51:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 08:51:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 08:51:31 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 08:51:30 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 08:51:30 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 08:51:30 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 08:51:30 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 08:51:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 08:51:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 08:51:30 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 08:51:30 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 08:51:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 08:51:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 08:51:30 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 08:51:30 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 08:51:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 08:51:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 08:51:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 08:51:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 08:51:30 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 08:51:30 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 08:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 08:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 08:51:30 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 08:51:30 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 08:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 08:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 08:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 08:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 08:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 08:51:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 08:51:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 08:51:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 08:51:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 08:51:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 08:51:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 08:51:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 08:51:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 08:51:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 08:51:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 08:51:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 08:51:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 08:51:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 08:51:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 08:51:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 08:51:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 08:51:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 08:51:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 08:51:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 08:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 08:51:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 08:51:21 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.04 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Spiele [2013.01.04 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Gas Powered Games [2013.01.04 23:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.01.04 19:20:18 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mster Config v3.01 [2013.01.04 19:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy [2013.01.04 19:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy [2013.01.04 00:03:19 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\4A Games [2013.01.04 00:01:06 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\4A Games [2013.01.01 18:09:21 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32 [2013.01.01 18:09:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.01 18:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.01 18:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.01 18:08:39 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.01 18:08:38 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.01 18:08:38 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.01 18:08:37 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.01 18:08:37 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.01 18:08:37 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.01 18:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.29 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Desktop\Fotos Alt [2012.12.23 16:30:23 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll [2012.12.23 16:30:23 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll [2012.12.23 16:30:23 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll [2012.12.23 16:30:23 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll [2012.12.23 16:30:23 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll [2012.12.23 16:30:22 | 000,188,928 | ---- | C] (Brother Industries,ltd) -- C:\Windows\SysNative\bsplmz01.exe [2012.12.23 16:30:22 | 000,161,280 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysNative\bsplmz01.dll [2012.12.23 16:30:22 | 000,057,344 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brsvc01a.exe [2012.12.23 16:30:22 | 000,045,056 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brss01a.exe [2012.12.22 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Daedalic Entertainment [2012.12.22 15:59:46 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\LucasArts [2012.12.21 14:36:22 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 14:36:22 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 14:36:22 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 14:36:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 14:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd [2012.12.21 14:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2012.12.19 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\ESN [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.18 17:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2013.01.18 17:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.18 16:49:39 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 16:49:39 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 16:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.18 16:42:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.18 16:42:35 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2013.01.18 16:42:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.18 16:42:29 | 4263,530,494 | -HS- | M] () -- C:\hiberfil.sys [2013.01.17 12:50:36 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\drivers\nvflash.sys [2013.01.15 15:01:16 | 000,519,074 | ---- | M] () -- C:\Users\Voigt\Desktop\Lageplan AMEH.pdf [2013.01.09 10:45:52 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 10:45:52 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 10:10:40 | 000,303,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.02 21:34:56 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.02 21:34:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.01 18:08:35 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.01 18:08:34 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.01 18:08:34 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.01 18:08:34 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.01 18:08:34 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.01 18:08:34 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.27 18:21:54 | 000,001,048 | ---- | M] () -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.24 13:38:40 | 000,000,469 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.12.23 16:30:48 | 000,000,030 | ---- | M] () -- C:\Windows\SysWow64\brss01a.ini [2012.12.23 16:30:47 | 000,000,184 | ---- | M] () -- C:\Windows\SysWow64\brsvc01a.bsi [2012.12.23 16:30:47 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.12.23 16:30:27 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf05a.dat [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.17 12:50:36 | 000,015,168 | ---- | C] () -- C:\Windows\SysNative\drivers\nvflash.sys [2013.01.15 15:01:16 | 000,519,074 | ---- | C] () -- C:\Users\Voigt\Desktop\Lageplan AMEH.pdf [2012.12.23 16:30:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2012.12.23 16:30:47 | 000,000,184 | ---- | C] () -- C:\Windows\SysWow64\brsvc01a.bsi [2012.12.23 16:30:27 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf05a.dat [2012.12.23 16:30:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll [2012.11.24 05:27:09 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.11.24 05:27:09 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.11.19 21:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.10.25 19:44:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.09.19 23:44:52 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.09.16 02:57:58 | 000,007,605 | ---- | C] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.08.12 12:46:36 | 000,003,072 | ---- | C] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.08.06 00:24:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.05 23:49:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.08.05 23:40:45 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.08.05 18:24:29 | 001,595,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.05 17:43:24 | 000,000,469 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.05 17:43:24 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.08.05 17:37:57 | 000,057,489 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.08.05 17:36:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.08.05 17:36:36 | 000,040,555 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.21 11:09:36 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.21 11:09:36 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.05.21 10:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.21 09:49:40 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.16 02:06:43 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\.kde [2013.01.17 11:20:09 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Anetu [2012.08.08 12:14:53 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ashampoo [2012.08.06 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\BANDISOFT [2012.08.06 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\DAEMON Tools Lite [2013.01.18 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Dropbox [2012.10.29 11:15:44 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\FlyForHeroInstaller [2012.08.05 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\jeak.de [2012.11.16 02:02:17 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\KDE [2012.08.06 00:24:23 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient [2012.12.22 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LucasArts [2012.08.29 22:36:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.08.05 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Opera [2013.01.18 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Oqaw [2012.12.11 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Origin [2012.08.06 04:40:35 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\QuickStoresToolbar [2013.01.17 11:20:09 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Qyalz [2012.10.02 01:21:57 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidDrive [2012.10.02 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidShare [2012.08.29 13:12:22 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\The Creative Assembly [2012.11.20 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Theta [2012.09.04 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Thunderbird [2012.08.05 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.08.08 12:08:43 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TrueCrypt [2013.01.18 16:52:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TS3Client [2012.10.25 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2013.01.18 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
| Themen zu Zirkumflex ^ direkt doppelte Ausgabe, kein Trojaner Fund mit MBAM, trotzdem präventiver Scan + Logauswertung |
| 0x80041003, battle.net, bho, browser, crystaldiskinfo, error, excel, firefox, flash player, format, google, grand theft auto, hotspot, install.exe, jdownloader, logfile, monitor.exe, mozilla, nvidia update, object, origin, plug-in, problem, prozess, realtek, registry, rundll, scan, security, software, super, svchost.exe, tcp, teamspeak, trojaner, trojaner board, udp, uplay, vdeck.exe, wrapper |
Baum-Darstellung