|
Plagegeister aller Art und deren Bekämpfung: Rechner nach Infektion mit GVU-Virus wieder sauber?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.04.2013, 21:09 | #1 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Ich habe mir vor 2 Wochen den GVU-Trojaner eingefangen. Rechner (Windows 7) starten mit abgesichertem Modus ging nicht, Rettungsdisk hab ich auch nicht hingekriegt. Den Desktop hab ich jedenfalls wiederbekommen, indem ich den PC vom Internet getrennt habe, während des weißen Bildschirmes Strg+Alt+Entf betätigte und dann auf abmelden ging. Ich hatte das Glück, dass Steam nicht richtig starten konnte, weil es nicht mit dem Internet verbunden war. So lief es noch und ich wurde gefragt, ob ich ein Herunterfahren erzwingen oder abbrechen wolle, ich ging auf abbrechen und war im Desktop. Auf einem Zweit-PC habe ich auf trojaner-board.de gelesen, wie die Entfernung in etwa funktioniert. Statt selbst Hilfe zu erbitten, habe ich dann aber auf eigene Faust Malwarebytes und adwblocker heruntergeladen (tut mir leid!) und drüberlaufen lassen. Danach keine sichtbaren Beschwerden mehr, auch keine verschlüsselten Dateien. Thema war für mich erledigt, aber ein mulmiges Gefühl hatte ich trotzdem und deshalb wende ich mich jetzt an die Community um sicherzugehen, dass alles wieder in Ordnung ist. Zum Zeitpunkt der Installation war Java wohl stark veraltet, ist jetzt alles nachgeholt. Allerdings sagen mir Plug-In-Checks nun, dass mein Java-Plugin auf Version 1.6.6.xxx sei, ich aber 1.7.5.xxx (genaue Zahlen habe ich jetzt nicht im Kopf) benötige, das finde ich aer nirgendwo (Ich verwende den IE). So, das wär wohl erstmal alles, nachfolged noch die Logfiles von Malwarebytes und adwblocker: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Julian :: JULIAN-PC [Administrator] Schutz: Aktiviert 06.04.2013 14:47:55 mbam-log-2013-04-06 (14-47-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220387 Laufzeit: 3 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\Julian\AppData\Roaming\skype.dat -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Julian\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Julian\AppData\Local\Temp\wrndho (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 15:38:26 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Julian - JULIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Julian\Downloads\adw22cleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\extensions\dealio@mybrowserbar.com Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com Datei Gefunden : C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Ordner Gefunden : C:\Program Files (x86)\Application Updater Ordner Gefunden : C:\Program Files (x86)\Common Files\spigot Ordner Gefunden : C:\Program Files (x86)\Dealio Toolbar Ordner Gefunden : C:\Program Files (x86)\Search Settings Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Dealio Ordner Gefunden : C:\Users\Julian\AppData\LocalLow\Search Settings Ordner Gefunden : C:\Users\Julian\AppData\Roaming\AD ON Multimedia Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Desktopicon Ordner Gefunden : C:\Users\Julian\AppData\Roaming\Optimizer Pro ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Dealio Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gefunden : HKCU\Software\Optimizer Pro Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gefunden : HKLM\Software\Application Updater Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\646404015C7770F449E7855EAF878AEB Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\646404015C7770F449E7855EAF878AEB Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Schlüssel Gefunden : HKLM\Software\Dealio Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gefunden : HKLM\Software\Search Settings Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gefunden : HKU\S-1-5-21-2720338610-1075001316-236928256-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.ask.com/?o=15709&l=dis -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\cnpb92jn.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4472 octets] - [06/04/2013 15:38:26] ########## EOF - C:\AdwCleaner[R1].txt - [4532 octets] ########## |
19.04.2013, 08:51 | #2 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber?Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
__________________ |
19.04.2013, 13:51 | #3 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Und ich bedanke mich für die schnelle Reaktion.
__________________ |
20.04.2013, 00:04 | #4 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber?Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1, löschen mit ADWCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
|
20.04.2013, 14:48 | #5 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Ja, im Vorraus hätte ich eine Frage, ich hatte ja schon etwas vorgearbeitet und dabei Malwarebytes und adwcleaner in dieser Reihenfolge schon durchgeführt. Die beiden Logfiles habe ich oben schon gepostet, soll ich adwcleaner also nochmal laufen lassen? |
22.04.2013, 11:06 | #6 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber? Hallo Twitchblack du hast mit Adwcleaner bisher nur gesucht und kein Löschen durchgeführt. zumindest ist es nur so aus den Logfiles zu erkennen. Malwarebytes Antimalware hab ich nicht angefordert du sollst zusätzlich einen Scan mit OTL durchführen damit ich mir einen Überblick verschaffen kann . Bitte führe die Schritte aus, und achte darauf, dass du bei ADWCleaner auf löschen klickst
__________________ --> Rechner nach Infektion mit GVU-Virus wieder sauber? |
23.04.2013, 16:46 | #7 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Oh, Verzeihung, vom adwcleaner hatte ich das falsche file gepostet ^^ Also hier das richtige von damals: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 15:40:41 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Julian - JULIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Julian\Downloads\adw22cleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\extensions\dealio@mybrowserbar.com Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com Datei Gelöscht : C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Ordner Gelöscht : C:\Program Files (x86)\Application Updater Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot Ordner Gelöscht : C:\Program Files (x86)\Dealio Toolbar Ordner Gelöscht : C:\Program Files (x86)\Search Settings Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Dealio Ordner Gelöscht : C:\Users\Julian\AppData\LocalLow\Search Settings Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\AD ON Multimedia Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Desktopicon Ordner Gelöscht : C:\Users\Julian\AppData\Roaming\Optimizer Pro ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Dealio Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : HKLM\Software\Application Updater Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\646404015C7770F449E7855EAF878AEB Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\646404015C7770F449E7855EAF878AEB Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Schlüssel Gelöscht : HKLM\Software\Dealio Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\Software\Search Settings Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.ask.com/?o=15709&l=dis --> hxxp://www.google.com -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\cnpb92jn.default\prefs.js C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\cnpb92jn.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4593 octets] - [06/04/2013 15:38:26] AdwCleaner[S1].txt - [4509 octets] - [06/04/2013 15:40:41] ########## EOF - C:\AdwCleaner[S1].txt - [4569 octets] ########## Code:
ATTFilter # AdwCleaner v2.202 - Datei am 23/04/2013 um 17:15:53 erstellt # Aktualisiert am 23/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Julian - JULIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Julian\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\cnpb92jn.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4593 octets] - [06/04/2013 15:38:26] AdwCleaner[R2].txt - [976 octets] - [17/04/2013 22:25:03] AdwCleaner[R3].txt - [1103 octets] - [18/04/2013 22:07:02] AdwCleaner[S1].txt - [4630 octets] - [06/04/2013 15:40:41] AdwCleaner[S2].txt - [966 octets] - [23/04/2013 17:15:53] ########## EOF - C:\AdwCleaner[S2].txt - [1025 octets] ########## Code:
ATTFilter OTL logfile created on: 23.04.2013 17:22:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,45% Memory free 15,99 Gb Paging File | 13,74 Gb Available in Paging File | 85,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 430,53 Gb Free Space | 46,64% Space Free | Partition Type: NTFS Drive D: | 7,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBTINSP) -- C:\Windows\SysNative\drivers\tinspusb.sys (Texas Instruments) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130423.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130423.003\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130420.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Julian\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hyrican.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{45AA8F2E-7317-41FE-A499-F53C3937CDDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE356 IE - HKCU\..\SearchScopes\{71C55919-1DC7-40CC-8D1F-C3A1A3BFD0DE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.57.175.200:80 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=" FF - prefs.js..network.proxy.no_proxies_on: "local" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.04.13 12:47:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.23 17:19:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.18 11:55:10 | 000,000,000 | ---D | M] [2010.06.08 16:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2012.09.18 20:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\cnpb92jn.default\extensions [2013.04.06 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 17:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S6FFB.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX110 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S7E20.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97CBF71-95ED-40B4-A0E3-55527154B2D1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 17:20:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.23 17:12:27 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.04.17 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.17 17:10:12 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.14 03:02:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.14 03:02:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.14 03:02:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.14 03:02:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.14 03:02:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.14 03:02:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.14 03:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.14 03:02:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.14 03:02:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.14 03:02:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.14 03:02:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.14 03:02:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.14 03:02:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.14 03:02:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.14 03:02:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.13 14:10:13 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.13 14:10:11 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.13 14:10:11 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.13 14:10:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.13 14:10:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.13 14:10:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.13 14:00:49 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.13 14:00:49 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.13 14:00:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.13 14:00:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.13 14:00:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.13 14:00:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.13 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Apps [2013.04.06 16:43:46 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:43:46 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.04.06 16:43:25 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.04.06 16:01:08 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2013.04.06 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 13:44:22 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\AMD [2013.03.29 14:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.03.29 14:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.03.29 14:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.03.29 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.03.29 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.03.29 14:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.03.29 14:20:27 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Neuer Ordner [2013.03.29 14:18:24 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2013.03.26 02:07:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Julian\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Julian\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\bass.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.23 17:25:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 17:25:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 17:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.23 17:20:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.23 17:17:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.23 17:17:41 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.04.23 17:17:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.23 17:15:01 | 000,619,461 | ---- | M] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.22 20:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.18 12:02:24 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.18 12:02:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.18 11:54:17 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 20:59:07 | 000,052,067 | ---- | M] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:58 | 003,135,110 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:42 | 002,856,750 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:19 | 002,633,977 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:40 | 002,916,100 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:54 | 003,696,430 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:29:00 | 003,789,217 | ---- | M] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.04.14 12:23:22 | 000,600,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 12:22:40 | 002,449,039 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.04.07 12:10:39 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.07 12:10:39 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.07 12:10:39 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.07 12:10:39 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.07 12:10:39 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 16:43:19 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:43:19 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.06 16:43:19 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.04.06 16:43:19 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.04.06 16:43:19 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.04.06 16:43:19 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.04.06 16:00:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 16:00:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.06 14:39:07 | 000,000,004 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\skype.ini [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:15 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.03 10:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.04.01 13:21:06 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.31 14:29:18 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:06 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.23 17:15:01 | 000,619,461 | ---- | C] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.18 11:54:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.18 11:54:17 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 21:00:43 | 000,052,067 | ---- | C] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:53 | 003,135,110 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:38 | 002,856,750 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:14 | 002,633,977 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:36 | 002,916,100 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:48 | 003,696,430 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:28:54 | 003,789,217 | ---- | C] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.04.06 03:44:45 | 000,000,004 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\skype.ini [2013.03.31 14:29:18 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.12.22 23:36:31 | 000,001,476 | ---- | C] () -- C:\Users\Julian\AppData\Local\RecConfig.xml [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.10.17 22:45:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mupkernps11.dll [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.11 18:37:26 | 000,002,189 | ---- | C] () -- C:\Users\Julian\AppData\Local\TempfixPerms.vbs [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.22 14:50:32 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.13 14:22:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.13 14:22:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.04 19:52:51 | 000,000,633 | ---- | C] () -- C:\Users\Julian\AppData\Local\results.mfd [2010.06.12 12:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Julian\jagex__preferences3.dat [2010.05.28 15:27:31 | 000,000,099 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences2.dat [2010.05.28 15:26:11 | 000,000,046 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences.dat [2010.04.24 20:28:45 | 000,000,000 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\wklnhst.dat [2010.03.09 18:40:55 | 000,000,600 | ---- | C] () -- C:\Users\Julian\PUTTY.RND [2010.02.24 19:05:22 | 000,000,680 | RHS- | C] () -- C:\Users\Julian\ntuser.pol [2009.12.26 14:32:00 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Julian\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Julian\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 17:22:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,45% Memory free 15,99 Gb Paging File | 13,74 Gb Available in Paging File | 85,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 430,53 Gb Free Space | 46,64% Space Free | Partition Type: NTFS Drive D: | 7,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019E89E8-068C-44C5-88D6-417615E45112}" = lport=139 | protocol=6 | dir=in | app=system | "{0D1FF093-DE91-40E0-BD98-6621C59BBE83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1099074C-39E5-4D97-8287-16A113A0ED83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{10AFE87E-E8DB-4DB0-B2B4-35E1532E64FC}" = rport=138 | protocol=17 | dir=out | app=system | "{12A7B63D-8A7E-4E4B-B5F9-9EB5B90453B7}" = lport=137 | protocol=17 | dir=in | app=system | "{137E5048-1EC2-4EA2-8677-5AD84D9E91FA}" = lport=10243 | protocol=6 | dir=in | app=system | "{13FAF21A-B0AF-4648-9999-D087D271DACF}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D2DEF46-63B0-472E-9E3E-29EB86F00853}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30E7B87B-FD4A-4786-9E6E-4563B844073B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38420BE4-5762-4E2D-A1A9-FC79A58D344C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{44E2B76D-1B2C-46E4-8E12-2187B0EBBC43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C2714A6-49E3-4B98-B89E-6AE45EE74A40}" = lport=138 | protocol=17 | dir=in | app=system | "{6B1EFE4F-2E1A-4D21-BD85-F8E1A7D4850F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7F637ED8-1F8B-43E3-A3AA-7F41AD589AF6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{7FE41994-49E2-4CDF-A8B3-3438BF415FDE}" = rport=445 | protocol=6 | dir=out | app=system | "{9A851A55-A4B4-4A3E-A7FF-1064F4BB3085}" = rport=137 | protocol=17 | dir=out | app=system | "{A3C96F0D-6DD2-46AD-85F0-BFFD03E9B42C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF108389-BEC6-416A-8FCA-37EA22784970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5331534-4F94-47C3-8DBA-0730ECD82606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DAA489B0-004F-4C9C-AAC8-EA9A1018FC2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{DF2699B7-637B-41E1-AA11-A2553409E9E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E6AD1855-CA51-4FCB-A7BB-2C626BA2159B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3800231-405E-415A-8D6C-8E1D36F0AF0B}" = lport=445 | protocol=6 | dir=in | app=system | "{F49E30B6-5917-4FDF-9DBB-D9399B3416B8}" = rport=139 | protocol=6 | dir=out | app=system | "{F739016E-9269-442D-83B5-28E79F8DAD58}" = lport=2869 | protocol=6 | dir=in | app=system | "{F97CEC9E-8B3B-49EE-BF95-140FF644D0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008BA5C6-3A74-46D1-BB12-049CF261D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{00ABCA0D-1578-47FF-8741-5B162516DCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{0947D85E-08D3-472F-A4C9-FE098444EB2F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{0CB3C9A0-9DFB-4CC7-BB40-544223D4B62B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{0E8A0C7D-8B85-4DF3-B622-2B17FF66D996}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "{0EBDC96F-62E3-43B5-B267-9C8D387AAE04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{0F709E46-A17D-4643-B3F4-1E02BF8060A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{1060464C-08E9-467A-86D6-EEAF42DE53E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{12B938A6-FEFF-4791-94A2-0336A988BFE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{134FDA57-EB45-498A-B40D-431C15C0D6FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{194EA3F1-CDCF-41A1-90AB-5E95DE4FEF75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A09AE38-F684-41D8-8CBF-3E747584C029}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{1E4BCF1A-A1F3-46EF-84F4-D76FF9C96FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{215387EE-72D5-45FC-84EC-A7579A023916}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{23A22735-2FE0-4B70-9C6A-7C11F7F08532}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{28800F75-AB11-4934-98E9-B50010849C68}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{2D03B7FA-3D30-40AD-8C3F-24A49CECCB5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{2E843027-0FE4-4B60-B416-A6A0A71B74EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{2E8E5A09-927F-470A-B542-E2485A8EC249}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{2E9CF8E9-D7EC-4C11-BAD8-56E4F19CAA04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{2EC4EBA6-F852-4161-A90B-35EFC178C9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{30535F68-4D6B-40E5-B04D-23C7E765119E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{34615B0F-F16C-4BBC-89D2-F41D79FA40BF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{34F015BC-2C2F-4E69-B41E-890A71F7C080}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{373DBFCD-3D2E-4B1D-92D3-FBC6E3D0EC24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3C61C731-9296-40E8-B5EC-622067176EE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3EA849AF-F2B7-4F56-9CC0-D62D85E3103E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{43084611-081A-484B-94D7-B7CB9EC239FE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{43BCAC48-C8F1-4E9B-B337-85E6BB78DD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{469833AE-FBDE-483B-8FAA-94149C77D511}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{48877173-2F2E-475F-9E66-75ABF0A002CE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{492E582A-8962-4DCB-9FA2-4BFDA114AFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{4CEA774B-4821-46DE-AC36-E0F9BE7C87DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5016DC8A-95A8-4602-B34D-CB82BBCABB0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{5072E180-7B31-49C9-85F7-A53CAED94020}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53CFC8F8-8861-421C-89B7-4C33DA9CB46F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{575B7263-3595-419C-9181-33478312D1FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{5843E239-D9A0-416A-A935-6CCD753016E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{598808D2-CF0B-4547-A7D8-478C9670FF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5B142A04-AF54-4944-AE39-ADABAAC4E49E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{5B633CB1-2FFB-4DD3-AD74-33C2D1520050}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5C037E7D-9EF5-41FE-83C6-04FD65ABF362}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5C1CD120-0AE1-40F7-AE05-32F004BB44DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5CEDA557-2713-441A-9049-B05F9A2FD958}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{660E3E1B-D9D3-481D-85FE-DA0E242B1686}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{67886436-F72A-4DE8-810F-E860CB767140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{68E78301-48CE-47F4-B11F-9ED994F574D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6B1C6B16-DEC6-42F0-92EB-063ECBEFAE33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D247F21-9ED3-4EFB-95B6-F6FF0D633EA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7025F6CE-08D9-4B73-921C-3889DE602FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{7092BCB0-7CC0-4D17-BD08-3B7A8DE2432A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{73BB5468-BF37-4CE7-835A-C36B5EF3B58C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{7439DC5B-86ED-4BF6-B04A-C11B77F2FAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{74CE7243-A6AD-4802-A1BF-3D79708BB0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{75AEFC2B-3FDB-4D9F-A592-33EF1F6933C1}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{7827DDFA-B1C0-4628-905D-99C88163AD78}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{7B8DFEE1-5766-4996-B639-68A1ACBC72CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{7BCE1ED5-84F3-41F7-94BF-518E5A4B9391}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{7D0CFE9A-7681-406E-B232-78E2B853AE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{7F8E642B-3B77-4FA3-9978-379BAC6DF3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{815D0743-ECB1-426C-B52C-FBF824E826BE}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{834F06B9-0DC7-49FC-B4F0-9A178B6AEF16}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{84C2FDC8-DEAB-45E8-818F-B433D5739EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{8663D469-221C-49EF-AF78-9CCEC76C5C49}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{89CF31CA-7A45-406E-B794-24424F841BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{8CA19D6E-583E-4363-B98F-6A680A45017B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{907B10DA-30F2-4521-B1AA-741E6B156DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{91ED5546-16EF-4923-9B79-F390FF09278C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9384B715-F3DD-403B-9D52-3D1A81D0654B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{942594A2-7181-4F40-9243-F7F496E6E605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{94D565B9-130A-4164-9BFD-14D52BC0E9B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{954D962D-29B3-40CD-AC81-B77403D76C4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{960154FE-9842-4EDC-A925-5F59269FCF98}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{979E6623-C5BC-481D-A500-6B8E8CBE5EBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{992221FE-EB7A-4926-AE00-20DF41D32545}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{995F8D2D-0E9F-41C6-9BA5-560219955876}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{99EBCA71-9EB4-411B-8C23-71C8BD3F5F70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A5F2119-277C-4362-B402-D97E998B2174}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{9A720B13-3D1B-41FE-8DE4-C12C2C653B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{9AC1BD51-7A88-4CFC-9497-0AB237770376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9BF5E5D7-0E25-4F61-8BBD-F98032EAF694}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{9C8B87AF-AEF9-4723-88BF-64B9160DF80B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{A35EAD1D-83C6-43CE-9135-C9058AD54A51}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{A4EEC6B9-F6CF-4373-A404-CB2CE28ABFCD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A5B12A3B-ADB5-4B1D-9428-4FCD24D91FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{A5B279A4-E989-4A80-AC93-3C89F4B4F938}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{A72B6F4B-0638-462F-A541-746116E351EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A8AE49D2-B1DA-4DD4-8413-6731D01258CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{A8B52033-E588-4159-AA1A-6236B24F17F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{ACA4C5DF-064D-4EE0-A241-5144D54BFB6B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{ACEE2F58-A588-4139-91BD-30F72F9C79D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{AD9D92AE-DB4F-43E0-ADBA-F46AF60EB128}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{AEA79E33-4770-4C48-8D28-4846C9AE0EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{B0FC6F30-B777-40E8-9CE3-B9285B110B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{B9947EC3-A2EE-4F3A-B756-BF56F1F8FDE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAB1B805-1C0A-41A7-8E77-C42603E204B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BBDE6998-1E93-4CD9-BA07-F16AFB8AB911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{C324252D-6311-4875-8095-782CBB681781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{C8C905FA-E716-4D12-A946-679ECA2708C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C9A7405E-9C4E-4703-B302-B4F5B58D4519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{CBB38602-E338-4F36-AF75-87A9B8482805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{CBFEEE86-3012-46D9-A659-8F9FEDE8DBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{CCDA6847-728D-48AC-B662-33BACCCCC3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{CDE9E28E-F6B9-4F7E-8C78-1617BBBA630A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{D31A9DF2-3112-45ED-A140-4E1486D852A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{D34DE23D-042C-4539-897E-D5765E467538}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{D3F8DFBE-5D15-44D0-8DC4-A1F7125A1B22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D461E543-86A5-4F7B-AA63-F436369E2469}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{D7A5B2DE-660A-4F80-9129-632A8E072AE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7BF0DA1-7B06-4641-804B-DA4235792741}" = protocol=6 | dir=out | app=system | "{D84DA3F5-84C7-487C-B50E-54E99E686246}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{D9052CA0-5E90-4A28-B298-75B6E4DDB296}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{D961779D-0E3E-4CED-BDC7-54ECCCEEA4D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DAE92285-435D-4B13-811B-AB3D53F9A733}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{DD57F437-6D98-4534-ABE3-337066F7B27C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DEBCE5D5-097C-4EAB-834F-881C1E4AFC85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{DF0A92DA-3725-4670-B53C-7C1C7EA8BD0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{E0264DC6-F952-42A6-BDCA-1D458EF443A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E37F88B6-EF80-41EF-85DD-9BC7606BCDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{E62E1930-ACF4-40FC-83B7-C0D60487DE07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E6A6925A-3626-4D49-A4C0-1B70F8294876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{E9595783-5B11-40A9-9655-7BAF1BCDC62C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{EBE6B60E-8B57-41CD-91EA-5D1B574DDA1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{ED0B690F-9E00-426D-8112-D9B5BDAFFB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{ED5AE607-05BC-45D9-90CD-A641C2A1D331}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{ED6691BA-60EB-4371-9E76-8B9849A07874}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{EF38A0E9-38B7-45A9-B430-6C3EDBA69F7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{F0A02C9E-568D-4976-AD19-86EAC8BB3C34}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{F628D48C-DCCD-4382-A4BC-3E5D9948EFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{FA75BB89-5068-4DD5-950B-F00A59FC8854}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{FC764027-99D4-4492-90F7-0C8830E15415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "TCP Query User{246685CC-7C9E-41BB-856D-8A850EB23556}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "TCP Query User{38D98380-EC05-4E4D-B769-4825DB589A9C}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "TCP Query User{4C96CC95-4E20-43CB-9507-7C753BD907FF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{865AD517-4C67-4FAC-880A-582B3DB28DD0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{AB30C710-F380-4107-9F61-43F25299AF6F}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{D0372178-2DFB-41C9-9C62-09ECB4010C13}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "TCP Query User{D12C055E-9F7F-465C-AC95-9237AF8DA5AB}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "TCP Query User{F4B46990-0434-4936-B27D-E42D00563A4D}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{09E5DDE1-36D0-4D6F-8D8C-6F79D26A2FD4}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "UDP Query User{0AF87964-27CF-4A67-8B89-0D9C8255CFA4}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "UDP Query User{15A89237-0660-4FBC-8EB4-2D0DACDD98B6}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "UDP Query User{3A6A4123-576E-4A03-983C-4AD8D8C6DB21}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "UDP Query User{57768759-22AD-4D93-94FA-B8C334403B7E}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{579A941C-84F1-4D91-B7F1-93DD2FACED51}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{A09F5FA3-1D7C-4F06-A2AD-6F6B924B16F8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C667A584-334C-443A-8FAD-BA13EB3F92FB}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5DFA0DA8-1291-03C1-E2B0-FD815E7C5B82}" = ATI AVIVO64 Codecs "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Recuva" = Recuva [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{10404646-77C5-4f07-947E-58E5FA78A8BE}" = Dealio Toolbar v4.6 "{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German "{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII "{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian "{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM) "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy "{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish "{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean "{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish "{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese "{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian "{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D57872E-F498-91BC-0CC2-D35AD8711DF4}" = HydraVision "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6505079-4610-4434-9558-53D7F9CBF6B3}" = DUNGEONS Game of the Year edition "{B6D52406-340A-461A-81B0-304B5526617F}" = AudialsOne "{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}" = simplitec simplicheck "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BEA37EFA-5807-4596-B59B-5C89085E33FD}" = Audials "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}" = StarOffice 9 "{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}" = LEGO® Der Herr der Ringe™ "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15 "Audacity_is1" = Audacity 2.0.2 "AVMWLANCLI" = AVM FRITZ!WLAN "DynaGeo_is1" = DynaGeo 3.0f "EdnaSE" = Edna Bricht Aus "EPSON Scanner" = EPSON Scan "Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "Harvey" = Harveys Neue Augen "IrfanView" = IrfanView (remove only) "LAME_is1" = LAME v3.99.3 (for Windows) "LingoPad_is1" = LingoPad 2.6 (Build 360) "LoopWorx Dance_is1" = LoopWorx Dance 1.0 "LoopWorx Hip Hop_is1" = LoopWorx Hip Hop 1.0 "LoopWorx Rock_is1" = LoopWorx Rock 1.0 "MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security CBE "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Origin" = Origin "Polipo" = Polipo 1.0.4.1 "PunkBusterSvc" = PunkBuster Services "Quick Search Box" = Google-Schnellsuchfeld "Rockstar Games Social Club" = Rockstar Games Social Club "StarCraft II" = StarCraft II "Steam App 10500" = Empire: Total War "Steam App 202920" = Total War: Shogun 2 - TEd "Steam App 203140" = Hitman: Absolution "Steam App 203160" = Tomb Raider "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition "Steam App 21970" = R.U.S.E "Steam App 220440" = DmC Devil May Cry "Steam App 32800" = The Lord of the Rings: War in the North "Steam App 34030" = Napoleon: Total War "Steam App 34330" = Total War: SHOGUN 2 "Steam App 40100" = Supreme Commander 2 "Steam App 40800" = Super Meat Boy "Steam App 40810" = Super Meat Boy Editor "Steam App 43110" = Metro 2033 "Steam App 50650" = Darksiders II "Steam App 72850" = The Elder Scrolls V: Skyrim "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software "Tor" = Tor 0.2.1.26 "Uplay" = Uplay "Vidalia" = Vidalia 0.2.9 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9000 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7040 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7042 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9002 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3028 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3058 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7010 Description = Error - 23.04.2013 11:11:19 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 05.07.2010 16:20:47 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:20:46 - Fehler beim Herstellen der Internetverbindung. 22:20:46 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:21 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:21 - Fehler beim Herstellen der Internetverbindung. 21:44:21 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:29 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:26 - Fehler beim Herstellen der Internetverbindung. 21:44:26 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:34 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:34 - Fehler beim Herstellen der Internetverbindung. 22:44:34 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:40 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:39 - Fehler beim Herstellen der Internetverbindung. 22:44:39 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:44 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:44 - Fehler beim Herstellen der Internetverbindung. 23:44:44 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:50 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:49 - Fehler beim Herstellen der Internetverbindung. 23:44:49 - Serververbindung konnte nicht hergestellt werden.. Error - 27.10.2010 04:12:18 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 10:12:12 - Fehler beim Herstellen der Internetverbindung. 10:12:12 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:04 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:04 - Fehler beim Herstellen der Internetverbindung. 21:18:04 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:10 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:09 - Fehler beim Herstellen der Internetverbindung. 21:18:09 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = DCOM | ID = 10005 Description = Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 11:17:39 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 < End of report > |
24.04.2013, 10:45 | #8 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber? Userantwort: http://www.trojaner-board.de/133909-...ml#post1051496 Proxy in den USA, TuneUp installiert .... Viele Spiele alte Logfiles gepostet. Hallo Julian Bitte deinstalliere folgende Programme: Code:
ATTFilter TuneUp Utilities 2008 Java 7 Update 17 Aus deinen Logfiles lese ich, dass du einen Proxyserver in den USA nutzt. Hast du den absichtlich eingerichtet? Code:
ATTFilter "ProxyServer" = 50.57.175.200:80 Schritt 1 Adware entfernen: Code:
ATTFilter AdwCleaner v2.200 - Datei am 06/04/2013 um 15:40:41 erstellt Das Tool wird permanent mit neuen Infektionen gefüttert. Dein Scan ist damit so gut wie ein Virenscanner mit alter Virendefinition. daher bitte folgende Schritte nochmals durchführen: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Reste des GVU Trojaners entfernen : Fixen mit OTL
Code:
ATTFilter :OTL [2013.04.06 14:39:07 | 000,000,004 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\skype.ini :Commands [emptytemp]
Schritt 3 Kontrollscan: Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
24.04.2013, 16:58 | #9 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Die beiden adwcleaner-Scans waren beide zum Zeitpunkt des Anfertigen auf neuestem Stand, hatte ja wie gesagt schon vor längerem was gemacht. Also, nun der von gerade: Code:
ATTFilter # AdwCleaner v2.202 - Datei am 24/04/2013 um 17:17:23 erstellt # Aktualisiert am 23/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Julian - JULIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Julian\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\cnpb92jn.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4593 octets] - [06/04/2013 15:38:26] AdwCleaner[R2].txt - [976 octets] - [17/04/2013 22:25:03] AdwCleaner[R3].txt - [1103 octets] - [18/04/2013 22:07:02] AdwCleaner[R4].txt - [1152 octets] - [24/04/2013 17:17:09] AdwCleaner[S1].txt - [4630 octets] - [06/04/2013 15:40:41] AdwCleaner[S2].txt - [1094 octets] - [23/04/2013 17:15:53] AdwCleaner[S3].txt - [1086 octets] - [24/04/2013 17:17:23] ########## EOF - C:\AdwCleaner[S3].txt - [1146 octets] ########## Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\Julian\AppData\Roaming\skype.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Julian ->Temp folder emptied: 4603542 bytes ->Temporary Internet Files folder emptied: 10213092 bytes ->Java cache emptied: 322212793 bytes ->FireFox cache emptied: 42089708 bytes ->Flash cache emptied: 630 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 958464 bytes %systemroot%\System32 .tmp files removed: 1564672 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 180 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes RecycleBin emptied: 619461 bytes Total Files Cleaned = 365,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04242013_172843 Files\Folders moved on Reboot... File\Folder C:\Users\Julian\AppData\Local\Temp\OICE_C0C73E23-F0F9-4F6F-9AEC-9685CB2D0989.0\BC4B223A. not found! C:\Users\Julian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Julian\AppData\Local\Temp\~DF352882C6F4096080.TMP not found! File\Folder C:\Users\Julian\AppData\Local\Temp\~DFA4B5BD3E41FC3DFD.TMP not found! File\Folder C:\Users\Julian\AppData\Local\Temp\~DFB0E26E1F1FEE53A9.TMP not found! File\Folder C:\Users\Julian\AppData\Local\Temp\~DFE8C2276D849BE10D.TMP not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 24.04.2013 17:36:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 75,21% Memory free 15,99 Gb Paging File | 13,90 Gb Available in Paging File | 86,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 430,72 Gb Free Space | 46,66% Space Free | Partition Type: NTFS Drive D: | 7,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBTINSP) -- C:\Windows\SysNative\drivers\tinspusb.sys (Texas Instruments) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130423.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130423.003\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130420.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Julian\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hyrican.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{45AA8F2E-7317-41FE-A499-F53C3937CDDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE356 IE - HKCU\..\SearchScopes\{71C55919-1DC7-40CC-8D1F-C3A1A3BFD0DE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.57.175.200:80 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=" FF - prefs.js..network.proxy.no_proxies_on: "local" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.04.13 12:47:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.24 17:33:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.18 11:55:10 | 000,000,000 | ---D | M] [2010.06.08 16:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2012.09.18 20:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\cnpb92jn.default\extensions [2013.04.06 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 17:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S6FFB.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX110 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S7E20.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97CBF71-95ED-40B4-A0E3-55527154B2D1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 17:28:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.23 17:20:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.04.17 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.13 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Apps [2013.04.06 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2013.04.06 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 13:44:22 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\AMD [2013.03.29 14:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.03.29 14:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.03.29 14:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.03.29 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.03.29 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.03.29 14:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.03.29 14:20:27 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Neuer Ordner [2013.03.29 14:18:24 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Julian\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Julian\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\bass.dll [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.24 17:38:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 17:38:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 17:30:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 17:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.24 17:21:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.24 17:18:38 | 002,450,931 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.04.24 17:16:45 | 000,619,461 | ---- | M] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.23 22:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 17:20:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.18 11:54:17 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 20:59:07 | 000,052,067 | ---- | M] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:58 | 003,135,110 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:42 | 002,856,750 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:19 | 002,633,977 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:40 | 002,916,100 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:54 | 003,696,430 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:29:00 | 003,789,217 | ---- | M] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.04.14 12:23:22 | 000,600,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 12:10:39 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.07 12:10:39 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.07 12:10:39 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.07 12:10:39 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.07 12:10:39 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 10:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.04.01 13:21:06 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.31 14:29:18 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:06 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.24 17:16:45 | 000,619,461 | ---- | C] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.18 11:54:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.18 11:54:17 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 21:00:43 | 000,052,067 | ---- | C] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:53 | 003,135,110 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:38 | 002,856,750 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:14 | 002,633,977 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:36 | 002,916,100 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:48 | 003,696,430 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:28:54 | 003,789,217 | ---- | C] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.03.31 14:29:18 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.12.22 23:36:31 | 000,001,476 | ---- | C] () -- C:\Users\Julian\AppData\Local\RecConfig.xml [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.10.17 22:45:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mupkernps11.dll [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.11 18:37:26 | 000,002,189 | ---- | C] () -- C:\Users\Julian\AppData\Local\TempfixPerms.vbs [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.22 14:50:32 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.13 14:22:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.13 14:22:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.04 19:52:51 | 000,000,633 | ---- | C] () -- C:\Users\Julian\AppData\Local\results.mfd [2010.06.12 12:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Julian\jagex__preferences3.dat [2010.05.28 15:27:31 | 000,000,099 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences2.dat [2010.05.28 15:26:11 | 000,000,046 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences.dat [2010.04.24 20:28:45 | 000,000,000 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\wklnhst.dat [2010.03.09 18:40:55 | 000,000,600 | ---- | C] () -- C:\Users\Julian\PUTTY.RND [2010.02.24 19:05:22 | 000,000,680 | RHS- | C] () -- C:\Users\Julian\ntuser.pol [2009.12.26 14:32:00 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Julian\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Julian\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.01 13:39:06 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\.minecraft [2012.07.04 20:29:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ashampoo [2013.04.15 19:30:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Audacity [2010.06.25 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DynaGeo [2010.11.25 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Epson [2010.01.19 13:06:56 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FreeAudioPack [2010.06.05 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FreeCDRipper [2010.06.12 18:06:46 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Games [2010.05.24 11:29:57 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Garmin [2012.11.01 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\GetRightToGo [2011.09.25 18:18:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\IrfanView [2012.11.10 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Kalypso Media [2012.09.02 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech [2009.12.11 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Lingo4u [2011.10.29 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Lionhead Studios [2012.03.30 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\MAGIX [2012.12.02 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2013.01.26 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2012.11.30 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Origin [2011.02.02 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Participatory Culture Foundation [2011.02.02 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PCF-VLC [2010.11.05 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Petroglyph [2011.05.13 14:21:58 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PunkBuster [2012.03.30 22:11:48 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\simplitec [2009.12.27 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\SpieleEntwicklungsKombinat [2009.12.10 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\StarOffice [2010.04.24 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Template [2012.05.11 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Texas Instruments [2013.03.23 02:02:10 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\The Creative Assembly [2012.05.11 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TI-Nspire [2011.10.08 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Tropico 3 [2009.12.02 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TuneUp Software [2010.12.02 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Turbine [2010.04.04 12:31:41 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ubisoft [2012.12.24 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Warner Bros. Interactive Entertainment ========== Purity Check ========== < End of report > |
25.04.2013, 19:11 | #10 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber? Hallo Twichblack Schritt 1 Proxy Reset: Den Eintrag des Proxyservers reseten wir mit diesem Fix. Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 50.57.175.200:80
Schritt 2 Kontrollscan: Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. |
26.04.2013, 16:40 | #11 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Gut, also der Fix: Code:
ATTFilter ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! OTL by OldTimer - Version 3.2.69.0 log created on 04262013_165748 Code:
ATTFilter OTL logfile created on: 26.04.2013 16:58:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,80% Memory free 15,99 Gb Paging File | 13,96 Gb Available in Paging File | 87,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 431,13 Gb Free Space | 46,71% Space Free | Partition Type: NTFS Drive D: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.1.22\wincfi39.dll () MOD - C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBTINSP) -- C:\Windows\SysNative\drivers\tinspusb.sys (Texas Instruments) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130426.005\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130426.005\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130424.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Julian\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hyrican.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{45AA8F2E-7317-41FE-A499-F53C3937CDDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE356 IE - HKCU\..\SearchScopes\{71C55919-1DC7-40CC-8D1F-C3A1A3BFD0DE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=" FF - prefs.js..network.proxy.no_proxies_on: "local" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.04.13 12:47:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.26 15:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.18 11:55:10 | 000,000,000 | ---D | M] [2010.06.08 16:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2012.09.18 20:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\cnpb92jn.default\extensions [2013.04.06 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 17:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S6FFB.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX110 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S7E20.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97CBF71-95ED-40B4-A0E3-55527154B2D1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 17:28:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.23 17:20:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.23 17:12:27 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.04.17 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.17 17:10:12 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.14 03:02:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.14 03:02:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.14 03:02:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.14 03:02:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.14 03:02:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.14 03:02:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.14 03:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.14 03:02:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.14 03:02:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.14 03:02:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.14 03:02:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.14 03:02:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.14 03:02:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.14 03:02:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.14 03:02:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.13 14:10:13 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.13 14:10:11 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.13 14:10:11 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.13 14:10:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.13 14:10:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.13 14:10:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.13 14:00:49 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.13 14:00:49 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.13 14:00:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.13 14:00:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.13 14:00:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.13 14:00:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.13 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Apps [2013.04.06 16:43:46 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:01:08 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2013.04.06 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 13:44:22 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\AMD [2013.03.29 14:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.03.29 14:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.03.29 14:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.03.29 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.03.29 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.03.29 14:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.03.29 14:20:27 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Neuer Ordner [2013.03.29 14:18:24 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Julian\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Julian\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\bass.dll [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.26 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.26 16:21:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 15:50:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:50:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:42:19 | 000,002,552 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.04.26 15:42:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 15:42:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 15:41:42 | 002,450,931 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.04.26 15:40:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [2013.04.24 17:16:45 | 000,619,461 | ---- | M] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.23 17:20:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.18 12:02:24 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.18 12:02:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.18 11:54:17 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 20:59:07 | 000,052,067 | ---- | M] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:58 | 003,135,110 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:42 | 002,856,750 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:19 | 002,633,977 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:40 | 002,916,100 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:54 | 003,696,430 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:29:00 | 003,789,217 | ---- | M] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.04.14 12:23:22 | 000,600,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 12:10:39 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.07 12:10:39 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.07 12:10:39 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.07 12:10:39 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.07 12:10:39 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 16:43:19 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:43:19 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.06 16:00:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 16:00:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:15 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.03 10:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.04.01 13:21:06 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.31 14:29:18 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:06 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.24 17:16:45 | 000,619,461 | ---- | C] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.18 11:54:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.18 11:54:17 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 21:00:43 | 000,052,067 | ---- | C] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:53 | 003,135,110 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:38 | 002,856,750 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:14 | 002,633,977 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:36 | 002,916,100 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:48 | 003,696,430 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:28:54 | 003,789,217 | ---- | C] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.03.31 14:29:18 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.12.22 23:36:31 | 000,001,476 | ---- | C] () -- C:\Users\Julian\AppData\Local\RecConfig.xml [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.10.17 22:45:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mupkernps11.dll [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.11 18:37:26 | 000,002,189 | ---- | C] () -- C:\Users\Julian\AppData\Local\TempfixPerms.vbs [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.22 14:50:32 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.13 14:22:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.13 14:22:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.04 19:52:51 | 000,000,633 | ---- | C] () -- C:\Users\Julian\AppData\Local\results.mfd [2010.06.12 12:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Julian\jagex__preferences3.dat [2010.05.28 15:27:31 | 000,000,099 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences2.dat [2010.05.28 15:26:11 | 000,000,046 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences.dat [2010.04.24 20:28:45 | 000,000,000 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\wklnhst.dat [2010.03.09 18:40:55 | 000,000,600 | ---- | C] () -- C:\Users\Julian\PUTTY.RND [2010.02.24 19:05:22 | 000,000,680 | RHS- | C] () -- C:\Users\Julian\ntuser.pol [2009.12.26 14:32:00 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Julian\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Julian\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 16:58:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,80% Memory free 15,99 Gb Paging File | 13,96 Gb Available in Paging File | 87,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 431,13 Gb Free Space | 46,71% Space Free | Partition Type: NTFS Drive D: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019E89E8-068C-44C5-88D6-417615E45112}" = lport=139 | protocol=6 | dir=in | app=system | "{0D1FF093-DE91-40E0-BD98-6621C59BBE83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1099074C-39E5-4D97-8287-16A113A0ED83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{10AFE87E-E8DB-4DB0-B2B4-35E1532E64FC}" = rport=138 | protocol=17 | dir=out | app=system | "{12A7B63D-8A7E-4E4B-B5F9-9EB5B90453B7}" = lport=137 | protocol=17 | dir=in | app=system | "{137E5048-1EC2-4EA2-8677-5AD84D9E91FA}" = lport=10243 | protocol=6 | dir=in | app=system | "{13FAF21A-B0AF-4648-9999-D087D271DACF}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D2DEF46-63B0-472E-9E3E-29EB86F00853}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30E7B87B-FD4A-4786-9E6E-4563B844073B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38420BE4-5762-4E2D-A1A9-FC79A58D344C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{44E2B76D-1B2C-46E4-8E12-2187B0EBBC43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C2714A6-49E3-4B98-B89E-6AE45EE74A40}" = lport=138 | protocol=17 | dir=in | app=system | "{6B1EFE4F-2E1A-4D21-BD85-F8E1A7D4850F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7F637ED8-1F8B-43E3-A3AA-7F41AD589AF6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{7FE41994-49E2-4CDF-A8B3-3438BF415FDE}" = rport=445 | protocol=6 | dir=out | app=system | "{9A851A55-A4B4-4A3E-A7FF-1064F4BB3085}" = rport=137 | protocol=17 | dir=out | app=system | "{A3C96F0D-6DD2-46AD-85F0-BFFD03E9B42C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF108389-BEC6-416A-8FCA-37EA22784970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5331534-4F94-47C3-8DBA-0730ECD82606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DAA489B0-004F-4C9C-AAC8-EA9A1018FC2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{DF2699B7-637B-41E1-AA11-A2553409E9E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E6AD1855-CA51-4FCB-A7BB-2C626BA2159B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3800231-405E-415A-8D6C-8E1D36F0AF0B}" = lport=445 | protocol=6 | dir=in | app=system | "{F49E30B6-5917-4FDF-9DBB-D9399B3416B8}" = rport=139 | protocol=6 | dir=out | app=system | "{F739016E-9269-442D-83B5-28E79F8DAD58}" = lport=2869 | protocol=6 | dir=in | app=system | "{F97CEC9E-8B3B-49EE-BF95-140FF644D0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008BA5C6-3A74-46D1-BB12-049CF261D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{00ABCA0D-1578-47FF-8741-5B162516DCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{0947D85E-08D3-472F-A4C9-FE098444EB2F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{0CB3C9A0-9DFB-4CC7-BB40-544223D4B62B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{0E8A0C7D-8B85-4DF3-B622-2B17FF66D996}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "{0EBDC96F-62E3-43B5-B267-9C8D387AAE04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{0F709E46-A17D-4643-B3F4-1E02BF8060A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{1060464C-08E9-467A-86D6-EEAF42DE53E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{12B938A6-FEFF-4791-94A2-0336A988BFE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{134FDA57-EB45-498A-B40D-431C15C0D6FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{194EA3F1-CDCF-41A1-90AB-5E95DE4FEF75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A09AE38-F684-41D8-8CBF-3E747584C029}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{1E4BCF1A-A1F3-46EF-84F4-D76FF9C96FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{215387EE-72D5-45FC-84EC-A7579A023916}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{23A22735-2FE0-4B70-9C6A-7C11F7F08532}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{28800F75-AB11-4934-98E9-B50010849C68}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{2D03B7FA-3D30-40AD-8C3F-24A49CECCB5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{2E843027-0FE4-4B60-B416-A6A0A71B74EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{2E8E5A09-927F-470A-B542-E2485A8EC249}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{2E9CF8E9-D7EC-4C11-BAD8-56E4F19CAA04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{2EC4EBA6-F852-4161-A90B-35EFC178C9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{30535F68-4D6B-40E5-B04D-23C7E765119E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{34615B0F-F16C-4BBC-89D2-F41D79FA40BF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{34F015BC-2C2F-4E69-B41E-890A71F7C080}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{373DBFCD-3D2E-4B1D-92D3-FBC6E3D0EC24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3C61C731-9296-40E8-B5EC-622067176EE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3EA849AF-F2B7-4F56-9CC0-D62D85E3103E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{43084611-081A-484B-94D7-B7CB9EC239FE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{43BCAC48-C8F1-4E9B-B337-85E6BB78DD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{469833AE-FBDE-483B-8FAA-94149C77D511}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{48877173-2F2E-475F-9E66-75ABF0A002CE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{492E582A-8962-4DCB-9FA2-4BFDA114AFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{4CEA774B-4821-46DE-AC36-E0F9BE7C87DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5016DC8A-95A8-4602-B34D-CB82BBCABB0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{5072E180-7B31-49C9-85F7-A53CAED94020}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53CFC8F8-8861-421C-89B7-4C33DA9CB46F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{575B7263-3595-419C-9181-33478312D1FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{5843E239-D9A0-416A-A935-6CCD753016E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{598808D2-CF0B-4547-A7D8-478C9670FF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5B142A04-AF54-4944-AE39-ADABAAC4E49E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{5B633CB1-2FFB-4DD3-AD74-33C2D1520050}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5C037E7D-9EF5-41FE-83C6-04FD65ABF362}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5C1CD120-0AE1-40F7-AE05-32F004BB44DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5CEDA557-2713-441A-9049-B05F9A2FD958}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{660E3E1B-D9D3-481D-85FE-DA0E242B1686}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{67886436-F72A-4DE8-810F-E860CB767140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{68E78301-48CE-47F4-B11F-9ED994F574D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6B1C6B16-DEC6-42F0-92EB-063ECBEFAE33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D247F21-9ED3-4EFB-95B6-F6FF0D633EA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7025F6CE-08D9-4B73-921C-3889DE602FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{7092BCB0-7CC0-4D17-BD08-3B7A8DE2432A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{73BB5468-BF37-4CE7-835A-C36B5EF3B58C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{7439DC5B-86ED-4BF6-B04A-C11B77F2FAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{74CE7243-A6AD-4802-A1BF-3D79708BB0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{75AEFC2B-3FDB-4D9F-A592-33EF1F6933C1}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{7827DDFA-B1C0-4628-905D-99C88163AD78}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{7B8DFEE1-5766-4996-B639-68A1ACBC72CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{7BCE1ED5-84F3-41F7-94BF-518E5A4B9391}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{7D0CFE9A-7681-406E-B232-78E2B853AE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{7F8E642B-3B77-4FA3-9978-379BAC6DF3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{815D0743-ECB1-426C-B52C-FBF824E826BE}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{834F06B9-0DC7-49FC-B4F0-9A178B6AEF16}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{84C2FDC8-DEAB-45E8-818F-B433D5739EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{8663D469-221C-49EF-AF78-9CCEC76C5C49}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{89CF31CA-7A45-406E-B794-24424F841BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{8CA19D6E-583E-4363-B98F-6A680A45017B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{907B10DA-30F2-4521-B1AA-741E6B156DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{91ED5546-16EF-4923-9B79-F390FF09278C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9384B715-F3DD-403B-9D52-3D1A81D0654B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{942594A2-7181-4F40-9243-F7F496E6E605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{94D565B9-130A-4164-9BFD-14D52BC0E9B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{954D962D-29B3-40CD-AC81-B77403D76C4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{960154FE-9842-4EDC-A925-5F59269FCF98}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{979E6623-C5BC-481D-A500-6B8E8CBE5EBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{992221FE-EB7A-4926-AE00-20DF41D32545}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{995F8D2D-0E9F-41C6-9BA5-560219955876}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{99EBCA71-9EB4-411B-8C23-71C8BD3F5F70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A5F2119-277C-4362-B402-D97E998B2174}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{9A720B13-3D1B-41FE-8DE4-C12C2C653B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{9AC1BD51-7A88-4CFC-9497-0AB237770376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9BF5E5D7-0E25-4F61-8BBD-F98032EAF694}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{9C8B87AF-AEF9-4723-88BF-64B9160DF80B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{A35EAD1D-83C6-43CE-9135-C9058AD54A51}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{A4EEC6B9-F6CF-4373-A404-CB2CE28ABFCD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A5B12A3B-ADB5-4B1D-9428-4FCD24D91FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{A5B279A4-E989-4A80-AC93-3C89F4B4F938}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{A72B6F4B-0638-462F-A541-746116E351EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A8AE49D2-B1DA-4DD4-8413-6731D01258CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{A8B52033-E588-4159-AA1A-6236B24F17F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{ACA4C5DF-064D-4EE0-A241-5144D54BFB6B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{ACEE2F58-A588-4139-91BD-30F72F9C79D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{AD9D92AE-DB4F-43E0-ADBA-F46AF60EB128}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{AEA79E33-4770-4C48-8D28-4846C9AE0EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{B0FC6F30-B777-40E8-9CE3-B9285B110B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{B9947EC3-A2EE-4F3A-B756-BF56F1F8FDE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAB1B805-1C0A-41A7-8E77-C42603E204B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BBDE6998-1E93-4CD9-BA07-F16AFB8AB911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{C324252D-6311-4875-8095-782CBB681781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{C8C905FA-E716-4D12-A946-679ECA2708C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C9A7405E-9C4E-4703-B302-B4F5B58D4519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{CBB38602-E338-4F36-AF75-87A9B8482805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{CBFEEE86-3012-46D9-A659-8F9FEDE8DBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{CCDA6847-728D-48AC-B662-33BACCCCC3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{CDE9E28E-F6B9-4F7E-8C78-1617BBBA630A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{D31A9DF2-3112-45ED-A140-4E1486D852A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{D34DE23D-042C-4539-897E-D5765E467538}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{D3F8DFBE-5D15-44D0-8DC4-A1F7125A1B22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D461E543-86A5-4F7B-AA63-F436369E2469}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{D7A5B2DE-660A-4F80-9129-632A8E072AE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7BF0DA1-7B06-4641-804B-DA4235792741}" = protocol=6 | dir=out | app=system | "{D84DA3F5-84C7-487C-B50E-54E99E686246}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{D9052CA0-5E90-4A28-B298-75B6E4DDB296}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{D961779D-0E3E-4CED-BDC7-54ECCCEEA4D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DAE92285-435D-4B13-811B-AB3D53F9A733}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{DD57F437-6D98-4534-ABE3-337066F7B27C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DEBCE5D5-097C-4EAB-834F-881C1E4AFC85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{DF0A92DA-3725-4670-B53C-7C1C7EA8BD0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{E0264DC6-F952-42A6-BDCA-1D458EF443A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E37F88B6-EF80-41EF-85DD-9BC7606BCDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{E62E1930-ACF4-40FC-83B7-C0D60487DE07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E6A6925A-3626-4D49-A4C0-1B70F8294876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{E9595783-5B11-40A9-9655-7BAF1BCDC62C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{EBE6B60E-8B57-41CD-91EA-5D1B574DDA1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{ED0B690F-9E00-426D-8112-D9B5BDAFFB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{ED5AE607-05BC-45D9-90CD-A641C2A1D331}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{ED6691BA-60EB-4371-9E76-8B9849A07874}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{EF38A0E9-38B7-45A9-B430-6C3EDBA69F7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{F0A02C9E-568D-4976-AD19-86EAC8BB3C34}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{F628D48C-DCCD-4382-A4BC-3E5D9948EFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{FA75BB89-5068-4DD5-950B-F00A59FC8854}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{FC764027-99D4-4492-90F7-0C8830E15415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "TCP Query User{246685CC-7C9E-41BB-856D-8A850EB23556}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "TCP Query User{38D98380-EC05-4E4D-B769-4825DB589A9C}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "TCP Query User{4C96CC95-4E20-43CB-9507-7C753BD907FF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{865AD517-4C67-4FAC-880A-582B3DB28DD0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{AB30C710-F380-4107-9F61-43F25299AF6F}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{D0372178-2DFB-41C9-9C62-09ECB4010C13}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "TCP Query User{D12C055E-9F7F-465C-AC95-9237AF8DA5AB}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "TCP Query User{F4B46990-0434-4936-B27D-E42D00563A4D}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{09E5DDE1-36D0-4D6F-8D8C-6F79D26A2FD4}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "UDP Query User{0AF87964-27CF-4A67-8B89-0D9C8255CFA4}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "UDP Query User{15A89237-0660-4FBC-8EB4-2D0DACDD98B6}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "UDP Query User{3A6A4123-576E-4A03-983C-4AD8D8C6DB21}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "UDP Query User{57768759-22AD-4D93-94FA-B8C334403B7E}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{579A941C-84F1-4D91-B7F1-93DD2FACED51}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{A09F5FA3-1D7C-4F06-A2AD-6F6B924B16F8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C667A584-334C-443A-8FAD-BA13EB3F92FB}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5DFA0DA8-1291-03C1-E2B0-FD815E7C5B82}" = ATI AVIVO64 Codecs "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Recuva" = Recuva [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{10404646-77C5-4f07-947E-58E5FA78A8BE}" = Dealio Toolbar v4.6 "{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German "{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII "{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian "{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM) "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy "{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish "{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean "{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish "{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese "{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian "{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D57872E-F498-91BC-0CC2-D35AD8711DF4}" = HydraVision "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6505079-4610-4434-9558-53D7F9CBF6B3}" = DUNGEONS Game of the Year edition "{B6D52406-340A-461A-81B0-304B5526617F}" = AudialsOne "{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}" = simplitec simplicheck "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BEA37EFA-5807-4596-B59B-5C89085E33FD}" = Audials "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}" = StarOffice 9 "{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}" = LEGO® Der Herr der Ringe™ "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15 "Audacity_is1" = Audacity 2.0.2 "AVMWLANCLI" = AVM FRITZ!WLAN "DynaGeo_is1" = DynaGeo 3.0f "EdnaSE" = Edna Bricht Aus "EPSON Scanner" = EPSON Scan "Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "Harvey" = Harveys Neue Augen "IrfanView" = IrfanView (remove only) "LAME_is1" = LAME v3.99.3 (for Windows) "LingoPad_is1" = LingoPad 2.6 (Build 360) "LoopWorx Dance_is1" = LoopWorx Dance 1.0 "LoopWorx Hip Hop_is1" = LoopWorx Hip Hop 1.0 "LoopWorx Rock_is1" = LoopWorx Rock 1.0 "MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security CBE "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Origin" = Origin "Polipo" = Polipo 1.0.4.1 "PunkBusterSvc" = PunkBuster Services "Quick Search Box" = Google-Schnellsuchfeld "Rockstar Games Social Club" = Rockstar Games Social Club "StarCraft II" = StarCraft II "Steam App 10500" = Empire: Total War "Steam App 202920" = Total War: Shogun 2 - TEd "Steam App 203140" = Hitman: Absolution "Steam App 203160" = Tomb Raider "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition "Steam App 21970" = R.U.S.E "Steam App 220440" = DmC Devil May Cry "Steam App 32800" = The Lord of the Rings: War in the North "Steam App 34030" = Napoleon: Total War "Steam App 34330" = Total War: SHOGUN 2 "Steam App 40100" = Supreme Commander 2 "Steam App 40800" = Super Meat Boy "Steam App 40810" = Super Meat Boy Editor "Steam App 43110" = Metro 2033 "Steam App 50650" = Darksiders II "Steam App 72850" = The Elder Scrolls V: Skyrim "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software "Tor" = Tor 0.2.1.26 "Uplay" = Uplay "Vidalia" = Vidalia 0.2.9 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9000 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7040 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7042 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9002 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3028 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3058 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7010 Description = Error - 23.04.2013 11:11:19 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 05.07.2010 16:20:47 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:20:46 - Fehler beim Herstellen der Internetverbindung. 22:20:46 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:21 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:21 - Fehler beim Herstellen der Internetverbindung. 21:44:21 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:29 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:26 - Fehler beim Herstellen der Internetverbindung. 21:44:26 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:34 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:34 - Fehler beim Herstellen der Internetverbindung. 22:44:34 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:40 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:39 - Fehler beim Herstellen der Internetverbindung. 22:44:39 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:44 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:44 - Fehler beim Herstellen der Internetverbindung. 23:44:44 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:50 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:49 - Fehler beim Herstellen der Internetverbindung. 23:44:49 - Serververbindung konnte nicht hergestellt werden.. Error - 27.10.2010 04:12:18 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 10:12:12 - Fehler beim Herstellen der Internetverbindung. 10:12:12 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:04 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:04 - Fehler beim Herstellen der Internetverbindung. 21:18:04 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:10 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:09 - Fehler beim Herstellen der Internetverbindung. 21:18:09 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 11:17:39 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:09:16 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:18:53 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:28:43 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > |
26.04.2013, 16:41 | #12 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Gut, also der Fix: Code:
ATTFilter ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! OTL by OldTimer - Version 3.2.69.0 log created on 04262013_165748 Code:
ATTFilter OTL logfile created on: 26.04.2013 16:58:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,80% Memory free 15,99 Gb Paging File | 13,96 Gb Available in Paging File | 87,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 431,13 Gb Free Space | 46,71% Space Free | Partition Type: NTFS Drive D: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.1.22\wincfi39.dll () MOD - C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBTINSP) -- C:\Windows\SysNative\drivers\tinspusb.sys (Texas Instruments) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130426.005\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130426.005\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130424.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Julian\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hyrican.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{45AA8F2E-7317-41FE-A499-F53C3937CDDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE356 IE - HKCU\..\SearchScopes\{71C55919-1DC7-40CC-8D1F-C3A1A3BFD0DE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=" FF - prefs.js..network.proxy.no_proxies_on: "local" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.04.13 12:47:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.26 15:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.18 11:55:10 | 000,000,000 | ---D | M] [2010.06.08 16:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2012.09.18 20:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\cnpb92jn.default\extensions [2013.04.06 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 17:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S6FFB.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX110 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S7E20.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97CBF71-95ED-40B4-A0E3-55527154B2D1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 17:28:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.23 17:20:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.23 17:12:27 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.04.18 11:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.04.17 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.17 17:10:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.17 17:10:12 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.14 03:02:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.14 03:02:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.14 03:02:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.14 03:02:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.14 03:02:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.14 03:02:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.14 03:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.14 03:02:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.14 03:02:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.14 03:02:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.14 03:02:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.14 03:02:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.14 03:02:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.14 03:02:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.14 03:02:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.13 14:10:13 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.13 14:10:11 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.13 14:10:11 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.13 14:10:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.13 14:10:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.13 14:10:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.13 14:00:49 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.13 14:00:49 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.13 14:00:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.13 14:00:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.13 14:00:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.13 14:00:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.13 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Apps [2013.04.06 16:43:46 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:01:08 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2013.04.06 14:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 13:44:22 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\AMD [2013.03.29 14:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.03.29 14:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.03.29 14:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.03.29 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.03.29 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.03.29 14:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.03.29 14:20:27 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Neuer Ordner [2013.03.29 14:18:24 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.03.27 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Julian\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Julian\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Julian\AppData\Local\bass.dll [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.26 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.26 16:21:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 15:50:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:50:40 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:42:19 | 000,002,552 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.04.26 15:42:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 15:42:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 15:41:42 | 002,450,931 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.04.26 15:40:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [2013.04.24 17:16:45 | 000,619,461 | ---- | M] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.23 17:20:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2013.04.18 12:02:24 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.18 12:02:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.18 11:54:17 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 20:59:07 | 000,052,067 | ---- | M] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:58 | 003,135,110 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:42 | 002,856,750 | ---- | M] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:19 | 002,633,977 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:40 | 002,916,100 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:54 | 003,696,430 | ---- | M] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:29:00 | 003,789,217 | ---- | M] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.04.14 12:23:22 | 000,600,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 12:10:39 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.07 12:10:39 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.07 12:10:39 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.07 12:10:39 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.07 12:10:39 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 16:43:19 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.06 16:43:19 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.06 16:00:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.06 16:00:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:15 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.03 10:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.04.01 13:21:06 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.31 14:29:18 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | M] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:06 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [3 C:\Users\Julian\Documents\*.tmp files -> C:\Users\Julian\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.24 17:16:45 | 000,619,461 | ---- | C] () -- C:\Users\Julian\Desktop\adwcleaner.exe [2013.04.18 11:54:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.18 11:54:17 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.17 21:00:43 | 000,052,067 | ---- | C] () -- C:\Users\Julian\Desktop\14028_384609734987405_1121702271_n.jpg [2013.04.15 19:29:53 | 003,135,110 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Anonymous Bitch.mp3 [2013.04.15 18:48:38 | 002,856,750 | ---- | C] () -- C:\Users\Julian\Desktop\Jan Hegenberg - Der Depri-Song.mp3 [2013.04.15 18:42:14 | 002,633,977 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Arschloch.mp3 [2013.04.15 18:38:36 | 002,916,100 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Na gut.mp3 [2013.04.15 18:34:48 | 003,696,430 | ---- | C] () -- C:\Users\Julian\Desktop\Fanta4 - Individuell aber schnell.mp3 [2013.04.15 18:28:54 | 003,789,217 | ---- | C] () -- C:\Users\Julian\Desktop\Cypress Hill & Fermin IV - Siempre Peligroso.mp3 [2013.03.31 14:29:18 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\DmC Devil May Cry.url [2013.03.29 12:02:01 | 000,000,222 | ---- | C] () -- C:\Users\Julian\Desktop\Tomb Raider.url [2013.03.27 20:23:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.12.22 23:36:31 | 000,001,476 | ---- | C] () -- C:\Users\Julian\AppData\Local\RecConfig.xml [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.10.17 22:45:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mupkernps11.dll [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.11 18:37:26 | 000,002,189 | ---- | C] () -- C:\Users\Julian\AppData\Local\TempfixPerms.vbs [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.22 14:50:32 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.13 14:22:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.13 14:22:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.04 19:52:51 | 000,000,633 | ---- | C] () -- C:\Users\Julian\AppData\Local\results.mfd [2010.06.12 12:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Julian\jagex__preferences3.dat [2010.05.28 15:27:31 | 000,000,099 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences2.dat [2010.05.28 15:26:11 | 000,000,046 | ---- | C] () -- C:\Users\Julian\jagex_runescape_preferences.dat [2010.04.24 20:28:45 | 000,000,000 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\wklnhst.dat [2010.03.09 18:40:55 | 000,000,600 | ---- | C] () -- C:\Users\Julian\PUTTY.RND [2010.02.24 19:05:22 | 000,000,680 | RHS- | C] () -- C:\Users\Julian\ntuser.pol [2009.12.26 14:32:00 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Julian\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Julian\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Julian\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 16:58:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,80% Memory free 15,99 Gb Paging File | 13,96 Gb Available in Paging File | 87,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 431,13 Gb Free Space | 46,71% Space Free | Partition Type: NTFS Drive D: | 7,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019E89E8-068C-44C5-88D6-417615E45112}" = lport=139 | protocol=6 | dir=in | app=system | "{0D1FF093-DE91-40E0-BD98-6621C59BBE83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1099074C-39E5-4D97-8287-16A113A0ED83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{10AFE87E-E8DB-4DB0-B2B4-35E1532E64FC}" = rport=138 | protocol=17 | dir=out | app=system | "{12A7B63D-8A7E-4E4B-B5F9-9EB5B90453B7}" = lport=137 | protocol=17 | dir=in | app=system | "{137E5048-1EC2-4EA2-8677-5AD84D9E91FA}" = lport=10243 | protocol=6 | dir=in | app=system | "{13FAF21A-B0AF-4648-9999-D087D271DACF}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D2DEF46-63B0-472E-9E3E-29EB86F00853}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30E7B87B-FD4A-4786-9E6E-4563B844073B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38420BE4-5762-4E2D-A1A9-FC79A58D344C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{44E2B76D-1B2C-46E4-8E12-2187B0EBBC43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C2714A6-49E3-4B98-B89E-6AE45EE74A40}" = lport=138 | protocol=17 | dir=in | app=system | "{6B1EFE4F-2E1A-4D21-BD85-F8E1A7D4850F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7F637ED8-1F8B-43E3-A3AA-7F41AD589AF6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{7FE41994-49E2-4CDF-A8B3-3438BF415FDE}" = rport=445 | protocol=6 | dir=out | app=system | "{9A851A55-A4B4-4A3E-A7FF-1064F4BB3085}" = rport=137 | protocol=17 | dir=out | app=system | "{A3C96F0D-6DD2-46AD-85F0-BFFD03E9B42C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF108389-BEC6-416A-8FCA-37EA22784970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5331534-4F94-47C3-8DBA-0730ECD82606}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DAA489B0-004F-4C9C-AAC8-EA9A1018FC2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{DF2699B7-637B-41E1-AA11-A2553409E9E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E6AD1855-CA51-4FCB-A7BB-2C626BA2159B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3800231-405E-415A-8D6C-8E1D36F0AF0B}" = lport=445 | protocol=6 | dir=in | app=system | "{F49E30B6-5917-4FDF-9DBB-D9399B3416B8}" = rport=139 | protocol=6 | dir=out | app=system | "{F739016E-9269-442D-83B5-28E79F8DAD58}" = lport=2869 | protocol=6 | dir=in | app=system | "{F97CEC9E-8B3B-49EE-BF95-140FF644D0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008BA5C6-3A74-46D1-BB12-049CF261D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{00ABCA0D-1578-47FF-8741-5B162516DCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{0947D85E-08D3-472F-A4C9-FE098444EB2F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{0CB3C9A0-9DFB-4CC7-BB40-544223D4B62B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{0E8A0C7D-8B85-4DF3-B622-2B17FF66D996}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "{0EBDC96F-62E3-43B5-B267-9C8D387AAE04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{0F709E46-A17D-4643-B3F4-1E02BF8060A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{1060464C-08E9-467A-86D6-EEAF42DE53E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{12B938A6-FEFF-4791-94A2-0336A988BFE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{134FDA57-EB45-498A-B40D-431C15C0D6FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{194EA3F1-CDCF-41A1-90AB-5E95DE4FEF75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A09AE38-F684-41D8-8CBF-3E747584C029}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{1E4BCF1A-A1F3-46EF-84F4-D76FF9C96FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{215387EE-72D5-45FC-84EC-A7579A023916}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{23A22735-2FE0-4B70-9C6A-7C11F7F08532}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{28800F75-AB11-4934-98E9-B50010849C68}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{2D03B7FA-3D30-40AD-8C3F-24A49CECCB5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{2E843027-0FE4-4B60-B416-A6A0A71B74EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{2E8E5A09-927F-470A-B542-E2485A8EC249}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{2E9CF8E9-D7EC-4C11-BAD8-56E4F19CAA04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{2EC4EBA6-F852-4161-A90B-35EFC178C9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{30535F68-4D6B-40E5-B04D-23C7E765119E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{34615B0F-F16C-4BBC-89D2-F41D79FA40BF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{34F015BC-2C2F-4E69-B41E-890A71F7C080}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{373DBFCD-3D2E-4B1D-92D3-FBC6E3D0EC24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3C61C731-9296-40E8-B5EC-622067176EE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3EA849AF-F2B7-4F56-9CC0-D62D85E3103E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{43084611-081A-484B-94D7-B7CB9EC239FE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{43BCAC48-C8F1-4E9B-B337-85E6BB78DD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{469833AE-FBDE-483B-8FAA-94149C77D511}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{48877173-2F2E-475F-9E66-75ABF0A002CE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{492E582A-8962-4DCB-9FA2-4BFDA114AFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{4CEA774B-4821-46DE-AC36-E0F9BE7C87DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5016DC8A-95A8-4602-B34D-CB82BBCABB0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{5072E180-7B31-49C9-85F7-A53CAED94020}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53CFC8F8-8861-421C-89B7-4C33DA9CB46F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{575B7263-3595-419C-9181-33478312D1FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{5843E239-D9A0-416A-A935-6CCD753016E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{598808D2-CF0B-4547-A7D8-478C9670FF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5B142A04-AF54-4944-AE39-ADABAAC4E49E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{5B633CB1-2FFB-4DD3-AD74-33C2D1520050}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5C037E7D-9EF5-41FE-83C6-04FD65ABF362}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5C1CD120-0AE1-40F7-AE05-32F004BB44DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5CEDA557-2713-441A-9049-B05F9A2FD958}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{660E3E1B-D9D3-481D-85FE-DA0E242B1686}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{67886436-F72A-4DE8-810F-E860CB767140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{68E78301-48CE-47F4-B11F-9ED994F574D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6B1C6B16-DEC6-42F0-92EB-063ECBEFAE33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D247F21-9ED3-4EFB-95B6-F6FF0D633EA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7025F6CE-08D9-4B73-921C-3889DE602FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{7092BCB0-7CC0-4D17-BD08-3B7A8DE2432A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{73BB5468-BF37-4CE7-835A-C36B5EF3B58C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{7439DC5B-86ED-4BF6-B04A-C11B77F2FAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{74CE7243-A6AD-4802-A1BF-3D79708BB0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{75AEFC2B-3FDB-4D9F-A592-33EF1F6933C1}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{7827DDFA-B1C0-4628-905D-99C88163AD78}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{7B8DFEE1-5766-4996-B639-68A1ACBC72CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | "{7BCE1ED5-84F3-41F7-94BF-518E5A4B9391}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{7D0CFE9A-7681-406E-B232-78E2B853AE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{7F8E642B-3B77-4FA3-9978-379BAC6DF3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{815D0743-ECB1-426C-B52C-FBF824E826BE}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{834F06B9-0DC7-49FC-B4F0-9A178B6AEF16}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | "{84C2FDC8-DEAB-45E8-818F-B433D5739EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{8663D469-221C-49EF-AF78-9CCEC76C5C49}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{89CF31CA-7A45-406E-B794-24424F841BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{8CA19D6E-583E-4363-B98F-6A680A45017B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{907B10DA-30F2-4521-B1AA-741E6B156DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{91ED5546-16EF-4923-9B79-F390FF09278C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9384B715-F3DD-403B-9D52-3D1A81D0654B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{942594A2-7181-4F40-9243-F7F496E6E605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{94D565B9-130A-4164-9BFD-14D52BC0E9B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{954D962D-29B3-40CD-AC81-B77403D76C4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{960154FE-9842-4EDC-A925-5F59269FCF98}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{979E6623-C5BC-481D-A500-6B8E8CBE5EBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{992221FE-EB7A-4926-AE00-20DF41D32545}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{995F8D2D-0E9F-41C6-9BA5-560219955876}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{99EBCA71-9EB4-411B-8C23-71C8BD3F5F70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A5F2119-277C-4362-B402-D97E998B2174}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{9A720B13-3D1B-41FE-8DE4-C12C2C653B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{9AC1BD51-7A88-4CFC-9497-0AB237770376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9BF5E5D7-0E25-4F61-8BBD-F98032EAF694}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{9C8B87AF-AEF9-4723-88BF-64B9160DF80B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{A35EAD1D-83C6-43CE-9135-C9058AD54A51}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | "{A4EEC6B9-F6CF-4373-A404-CB2CE28ABFCD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A5B12A3B-ADB5-4B1D-9428-4FCD24D91FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{A5B279A4-E989-4A80-AC93-3C89F4B4F938}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{A72B6F4B-0638-462F-A541-746116E351EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A8AE49D2-B1DA-4DD4-8413-6731D01258CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{A8B52033-E588-4159-AA1A-6236B24F17F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{ACA4C5DF-064D-4EE0-A241-5144D54BFB6B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{ACEE2F58-A588-4139-91BD-30F72F9C79D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{AD9D92AE-DB4F-43E0-ADBA-F46AF60EB128}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{AEA79E33-4770-4C48-8D28-4846C9AE0EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{B0FC6F30-B777-40E8-9CE3-B9285B110B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | "{B9947EC3-A2EE-4F3A-B756-BF56F1F8FDE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAB1B805-1C0A-41A7-8E77-C42603E204B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BBDE6998-1E93-4CD9-BA07-F16AFB8AB911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{C324252D-6311-4875-8095-782CBB681781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{C8C905FA-E716-4D12-A946-679ECA2708C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C9A7405E-9C4E-4703-B302-B4F5B58D4519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{CBB38602-E338-4F36-AF75-87A9B8482805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{CBFEEE86-3012-46D9-A659-8F9FEDE8DBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{CCDA6847-728D-48AC-B662-33BACCCCC3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{CDE9E28E-F6B9-4F7E-8C78-1617BBBA630A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{D31A9DF2-3112-45ED-A140-4E1486D852A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{D34DE23D-042C-4539-897E-D5765E467538}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | "{D3F8DFBE-5D15-44D0-8DC4-A1F7125A1B22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D461E543-86A5-4F7B-AA63-F436369E2469}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{D7A5B2DE-660A-4F80-9129-632A8E072AE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7BF0DA1-7B06-4641-804B-DA4235792741}" = protocol=6 | dir=out | app=system | "{D84DA3F5-84C7-487C-B50E-54E99E686246}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{D9052CA0-5E90-4A28-B298-75B6E4DDB296}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{D961779D-0E3E-4CED-BDC7-54ECCCEEA4D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DAE92285-435D-4B13-811B-AB3D53F9A733}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{DD57F437-6D98-4534-ABE3-337066F7B27C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DEBCE5D5-097C-4EAB-834F-881C1E4AFC85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | "{DF0A92DA-3725-4670-B53C-7C1C7EA8BD0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "{E0264DC6-F952-42A6-BDCA-1D458EF443A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E37F88B6-EF80-41EF-85DD-9BC7606BCDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{E62E1930-ACF4-40FC-83B7-C0D60487DE07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E6A6925A-3626-4D49-A4C0-1B70F8294876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{E9595783-5B11-40A9-9655-7BAF1BCDC62C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | "{EBE6B60E-8B57-41CD-91EA-5D1B574DDA1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{ED0B690F-9E00-426D-8112-D9B5BDAFFB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{ED5AE607-05BC-45D9-90CD-A641C2A1D331}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{ED6691BA-60EB-4371-9E76-8B9849A07874}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | "{EF38A0E9-38B7-45A9-B430-6C3EDBA69F7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{F0A02C9E-568D-4976-AD19-86EAC8BB3C34}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{F628D48C-DCCD-4382-A4BC-3E5D9948EFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{FA75BB89-5068-4DD5-950B-F00A59FC8854}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | "{FC764027-99D4-4492-90F7-0C8830E15415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war in the north\witn.exe | "TCP Query User{246685CC-7C9E-41BB-856D-8A850EB23556}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "TCP Query User{38D98380-EC05-4E4D-B769-4825DB589A9C}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "TCP Query User{4C96CC95-4E20-43CB-9507-7C753BD907FF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{865AD517-4C67-4FAC-880A-582B3DB28DD0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{AB30C710-F380-4107-9F61-43F25299AF6F}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{D0372178-2DFB-41C9-9C62-09ECB4010C13}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "TCP Query User{D12C055E-9F7F-465C-AC95-9237AF8DA5AB}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "TCP Query User{F4B46990-0434-4936-B27D-E42D00563A4D}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{09E5DDE1-36D0-4D6F-8D8C-6F79D26A2FD4}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "UDP Query User{0AF87964-27CF-4A67-8B89-0D9C8255CFA4}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe | "UDP Query User{15A89237-0660-4FBC-8EB4-2D0DACDD98B6}C:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rapidsolution\audialstv\bin\audialstv.exe | "UDP Query User{3A6A4123-576E-4A03-983C-4AD8D8C6DB21}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\toolone.exe | "UDP Query User{57768759-22AD-4D93-94FA-B8C334403B7E}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\worldeditor2.exe | "UDP Query User{579A941C-84F1-4D91-B7F1-93DD2FACED51}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{A09F5FA3-1D7C-4F06-A2AD-6F6B924B16F8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C667A584-334C-443A-8FAD-BA13EB3F92FB}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5DFA0DA8-1291-03C1-E2B0-FD815E7C5B82}" = ATI AVIVO64 Codecs "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Recuva" = Recuva [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{10404646-77C5-4f07-947E-58E5FA78A8BE}" = Dealio Toolbar v4.6 "{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German "{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII "{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian "{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM) "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy "{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish "{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean "{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish "{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese "{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian "{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D57872E-F498-91BC-0CC2-D35AD8711DF4}" = HydraVision "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6505079-4610-4434-9558-53D7F9CBF6B3}" = DUNGEONS Game of the Year edition "{B6D52406-340A-461A-81B0-304B5526617F}" = AudialsOne "{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}" = simplitec simplicheck "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BEA37EFA-5807-4596-B59B-5C89085E33FD}" = Audials "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}" = StarOffice 9 "{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}" = LEGO® Der Herr der Ringe™ "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{THEGUILDREN-0010-2010-300520102330}_is1" = Patch v4.15 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15 "Audacity_is1" = Audacity 2.0.2 "AVMWLANCLI" = AVM FRITZ!WLAN "DynaGeo_is1" = DynaGeo 3.0f "EdnaSE" = Edna Bricht Aus "EPSON Scanner" = EPSON Scan "Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "Harvey" = Harveys Neue Augen "IrfanView" = IrfanView (remove only) "LAME_is1" = LAME v3.99.3 (for Windows) "LingoPad_is1" = LingoPad 2.6 (Build 360) "LoopWorx Dance_is1" = LoopWorx Dance 1.0 "LoopWorx Hip Hop_is1" = LoopWorx Hip Hop 1.0 "LoopWorx Rock_is1" = LoopWorx Rock 1.0 "MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare "MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition "MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security CBE "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Origin" = Origin "Polipo" = Polipo 1.0.4.1 "PunkBusterSvc" = PunkBuster Services "Quick Search Box" = Google-Schnellsuchfeld "Rockstar Games Social Club" = Rockstar Games Social Club "StarCraft II" = StarCraft II "Steam App 10500" = Empire: Total War "Steam App 202920" = Total War: Shogun 2 - TEd "Steam App 203140" = Hitman: Absolution "Steam App 203160" = Tomb Raider "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition "Steam App 21970" = R.U.S.E "Steam App 220440" = DmC Devil May Cry "Steam App 32800" = The Lord of the Rings: War in the North "Steam App 34030" = Napoleon: Total War "Steam App 34330" = Total War: SHOGUN 2 "Steam App 40100" = Supreme Commander 2 "Steam App 40800" = Super Meat Boy "Steam App 40810" = Super Meat Boy Editor "Steam App 43110" = Metro 2033 "Steam App 50650" = Darksiders II "Steam App 72850" = The Elder Scrolls V: Skyrim "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software "Tor" = Tor 0.2.1.26 "Uplay" = Uplay "Vidalia" = Vidalia 0.2.9 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9000 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7040 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7042 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 9002 Description = Error - 23.04.2013 10:30:25 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3028 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3058 Description = Error - 23.04.2013 10:30:27 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 7010 Description = Error - 23.04.2013 11:11:19 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 05.07.2010 16:20:47 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:20:46 - Fehler beim Herstellen der Internetverbindung. 22:20:46 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:21 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:21 - Fehler beim Herstellen der Internetverbindung. 21:44:21 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 15:44:29 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:44:26 - Fehler beim Herstellen der Internetverbindung. 21:44:26 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:34 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:34 - Fehler beim Herstellen der Internetverbindung. 22:44:34 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 16:44:40 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 22:44:39 - Fehler beim Herstellen der Internetverbindung. 22:44:39 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:44 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:44 - Fehler beim Herstellen der Internetverbindung. 23:44:44 - Serververbindung konnte nicht hergestellt werden.. Error - 01.10.2010 17:44:50 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 23:44:49 - Fehler beim Herstellen der Internetverbindung. 23:44:49 - Serververbindung konnte nicht hergestellt werden.. Error - 27.10.2010 04:12:18 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 10:12:12 - Fehler beim Herstellen der Internetverbindung. 10:12:12 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:04 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:04 - Fehler beim Herstellen der Internetverbindung. 21:18:04 - Serververbindung konnte nicht hergestellt werden.. Error - 03.04.2012 15:18:10 | Computer Name = Julian-PC | Source = MCUpdate | ID = 0 Description = 21:18:09 - Fehler beim Herstellen der Internetverbindung. 21:18:09 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 23.04.2013 10:30:33 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 23.04.2013 10:31:59 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.04.2013 11:17:39 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:09:16 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:18:53 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error - 24.04.2013 11:28:43 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > |
27.04.2013, 16:06 | #13 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber? soweit gut, dann schaun wir uns das nochmal mit den beiden Tools hier an... (wenn hier alles ok ist sind wir bald durch) Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
|
28.04.2013, 17:09 | #14 |
| Rechner nach Infektion mit GVU-Virus wieder sauber? Malwarebytes hatte keine Funde, die einzigen Funde, die es je hatte, hab ich ja ganz am Anfang gepostet. ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c0489dc591ae8646961a0baceb8419fd # engine=13713 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-28 02:55:12 # local_time=2013-04-28 04:55:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 6926397 118790762 0 0 # scanned=335174 # found=1 # cleaned=0 # scan_time=7372 sh=58181F926788568394A7D4011629FE6F1DB25CA3 ft=1 fh=5573a96422ea8626 vn="Win32/Adware.RK.AP application" ac=I fn="C:\Users\Julian\Downloads\FreeSoundRecorder.exe" |
28.04.2013, 18:08 | #15 |
/// Malwareteam | Rechner nach Infektion mit GVU-Virus wieder sauber? Hallo Twitchblack Mit dem GVU hat das nichts zu tun allerdings ist es eine Infektion die du dir sogar freiwillig auf den System geladen hast. Fixen mit OTL
Code:
ATTFilter :files C:\Users\Julian\Downloads\FreeSoundRecorder.exe
Schritt 2 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
Themen zu Rechner nach Infektion mit GVU-Virus wieder sauber? |
administrator, appdatalow, autostart, conduitinstaller, desktop, explorer, explorer.exe, gelöscht, gvu-trojaner, gvu-trojaner entfernen, herunterfahren, infektion, installation, internet, internet browser, logfiles, malwarebytes, microsoft, mozilla, registrierungsdatenbank, software, starten, suche, temp, trojan.ransom.rre, windows |