|
Log-Analyse und Auswertung: svchost.exe Virur 2GB Arbeitsspeicher verwendungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.05.2013, 12:35 | #1 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung Hallo liebe Trojaner-board.de Community Ich habe seit einer Woche das Problem Das Svchost.exe 2GB (2`000`000K) Arbeitsspeicher braucht und den Explorer so überlastet das ich keine Ordner öffnen kann. Ich habe hier schon mehrere Post`s gesehen aber keine konnte mir weiter helfen. Hier mal ein Bild: Grösser : hxxp://imageshack.us/a/img545/3854/svchostpic.png Ich lasse gerade noch den ESET Online Scanner Durch laufen den log werde ich so schnell wie möglich Posten. Er hat bisher 12 Sachen gefunden Immer Adware.Yontoo & Adware.Multiplug.H (.F) ... Ich hoffe um schnelle Antwort : Hier der Log : Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6169b0ceeb55b649865bd8cd778d3228 # engine=13849 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-17 11:57:46 # local_time=2013-05-17 01:57:46 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3592 16777213 100 91 70423 119483162 0 0 # compatibility_mode=5893 16776574 100 94 20970084 120421716 0 0 # scanned=229814 # found=12 # cleaned=0 # scan_time=4738 sh=85263F072262A269CA7EE2A54C88B2E9073C152C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\Bcool\5059a7a026105.html" sh=63CAB766A80052755623903192F1EBC67BAC6564 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\Bcool\fjhmfjbdloolpcinflblkjbcaioopgbc.crx" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=918FCE3D903DEF6BE57FA81545CE6FB1FFA8BA12 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.F application" ac=I fn="C:\ProgramData\Zoomex\settings.ini" sh=85263F072262A269CA7EE2A54C88B2E9073C152C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\Bcool\5059a7a026105.html" sh=63CAB766A80052755623903192F1EBC67BAC6564 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\Bcool\fjhmfjbdloolpcinflblkjbcaioopgbc.crx" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" sh=1D35C5005E8B2CBE463BE8840D8B519BCBDAEE3D ft=1 fh=57608bffe13529a4 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=918FCE3D903DEF6BE57FA81545CE6FB1FFA8BA12 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.F application" ac=I fn="C:\Users\All Users\Zoomex\settings.ini" sh=04AF8C956D315B521969C33D662A70A88A7F3328 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Herrmann\AppData\Roaming\Mozilla\Firefox\Profiles\alqi08uu.default\extensions\50fbdde49302c@50fbdde493058.com\content\bg.js" sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Herrmann\AppData\Roaming\Mozilla\Firefox\Profiles\alqi08uu.default\extensions\plugin@yontoo.com\content\overlay.js" Geändert von chrischi1 (17.05.2013 um 13:03 Uhr) Grund: url nicht verlinkt ... |
17.05.2013, 14:25 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendung Hallo und
__________________Zitat:
Du hast 16 GB RAM, wozu bitte? Damit der größte Teil einfach nicht genutzt wird? Wenn ja wozu hast du soviel RAM? Bei Maschinen mit soviel RAM kann es durchaus normal sein, dass sich das System auch viel RAM krallt, damit viel im Speicher ist und nicht ständig auf die langsame Festplatte zugegriffen werden muss. Selbst SSDs sind um einiges langsamer als RAM. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
17.05.2013, 14:40 | #3 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung Em ich habe Norton360 den system32 ordner durchlaufen lassen Nix gefunden
__________________dann komplett scannen lassen Auch nix :/ Aber die svchost.exe Blockiert die Interaktion mit Ordnern oder anderen Sachen Videos etc es lässt sich nichts öffnen ;/ ich muss dann immer die svchost.exe beenden im Taskmanager und vor 1ner Woche hatte ich noch nicht, da hatte ich immer nur 2% belegt ... (also 98% Frei) Andere logs sind leider nicht gefunden worden :// |
17.05.2013, 15:47 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendung Bitte diese Frage beantworten: Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 16:11 | #5 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung ahhh jetzt kapiere ichs nein die sind nie fündig gerworden :/ Geändert von chrischi1 (17.05.2013 um 16:49 Uhr) Grund: kapiert |
17.05.2013, 18:26 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> svchost.exe Virur 2GB Arbeitsspeicher verwendung |
17.05.2013, 19:05 | #7 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung Unten ... Geändert von chrischi1 (17.05.2013 um 19:18 Uhr) |
17.05.2013, 19:07 | #8 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendungCode:
ATTFilter OTL Extras logfile created on: 17.05.2013 19:57:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 15.95 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 62.03% Memory free 31.90 Gb Paging File | 25.87 Gb Available in Paging File | 81.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 103.14 Gb Total Space | 10.21 Gb Free Space | 9.90% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 824.44 Gb Free Space | 88.51% Space Free | Partition Type: NTFS Computer Name: CHRISCHI-PC | User Name: Herrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0462B6AF-3A49-4DE4-B0ED-4E23BA846E41}" = rport=139 | protocol=6 | dir=out | app=system | "{0F5B9F99-F4F4-4F18-AFA5-D169A34D3DD0}" = lport=137 | protocol=17 | dir=in | app=system | "{12B27073-5DCF-41B3-AD13-4DFE34ABB31A}" = lport=2869 | protocol=6 | dir=in | app=system | "{18D85AE7-162C-4744-8059-0EE2BD98AE67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{374F7B76-3C3D-422D-97E9-4652F65962AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{43117FCF-C6B5-49FD-B588-0C4A58E011AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5890D641-90C8-4039-9A6C-2C092F10469F}" = lport=445 | protocol=6 | dir=in | app=system | "{6739D897-50E6-45E2-800D-1C866A56937C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{69EC9E84-26EC-4265-9990-0B28AA60E5E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7151E6C8-7CDF-4DA8-92BF-F9A98E3B1165}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{91BB93DE-9399-453D-833B-F76F1042330D}" = rport=137 | protocol=17 | dir=out | app=system | "{94E56B75-2815-450D-88FB-E732EA34490B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{98885095-8B54-4126-A867-DB24CB818C27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{99C48DBF-B26F-497D-9352-440C80C2BAC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1FE187B-AFA0-4BCD-8963-E96DA89356A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BD1A8AB4-9564-4002-8FB2-F11CB5EEE9B7}" = lport=10243 | protocol=6 | dir=in | app=system | "{C007ED8D-FDF6-42F5-B82F-5ED22FD90690}" = rport=10243 | protocol=6 | dir=out | app=system | "{CBACA890-A0D8-49E0-8BEC-CB99C6EFFBC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CBEF7F31-C0EC-4C0C-B9D8-0FCEC287BCF3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D0F7D9C5-DE94-473D-8CC3-D0FA30F8C889}" = rport=138 | protocol=17 | dir=out | app=system | "{E47084B9-BF71-4B51-A849-733B29A3533A}" = lport=138 | protocol=17 | dir=in | app=system | "{FBB20A81-4776-409A-963B-45FF55BFA6F0}" = rport=445 | protocol=6 | dir=out | app=system | "{FEBBFF33-F8C2-4CBB-9E49-C2C51B509500}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08FAA886-241E-48FA-AACD-EB2E70D9490B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{0CAFE4A2-5D75-4694-8091-25A61BEBE816}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe | "{0CEAAFD2-6213-476F-8FE7-6E1A3E1FBCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{0E3E9F11-95B8-48AE-9172-192DE623EFB0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{1013F4E2-9BB0-4C89-81DE-E3C132C3CC68}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{1183CCA4-E199-4F50-B670-534CD2373EE4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{11CB63AE-E142-4FEE-ACA7-8512F3DDE8BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{12E59150-F844-4F72-8C01-5A370F276E30}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{13B5D8B4-7FB1-4104-91AF-B8A8E62D8145}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe | "{1575B4B5-7171-4FC3-8FE0-26C131977859}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{183D2BEC-F76E-457A-907F-6425D0D583C4}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{206523BD-BA65-4A9D-AB0C-4B71AD91CA76}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{27BE312A-483F-4337-9491-D0EF5C5E8479}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{28807936-CC34-4809-B1D2-E6B73924A4FF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2CA6829B-A8F8-4718-8D2C-0116A699F923}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe | "{2E14FAB1-331D-4F29-911D-5E2E338245E0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | "{30A44E8B-4200-4884-BCEE-49F184B8D0CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{33A37FED-A10C-4C44-B566-2B8C36DE1A0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3725EDE0-49FB-40A9-927F-5A1D3C8CEBB6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{3B9544E1-415C-4935-9F8A-27ADD1197866}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3CD0793B-9FE3-480C-B8F0-987EDDBA4454}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3F7009F8-0BBE-4E5D-97BE-B827F7060234}" = dir=in | app=c:\program files\eslwire\wire.exe | "{43688F50-2A67-4B6B-9B0F-483652E96020}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{45929A32-C16D-4179-8E4C-B0B21CB6C1C6}" = protocol=6 | dir=in | app=d:\desktop\bf3\battlefield 3\bf3.exe | "{484D744F-8438-4357-B45B-14454F642412}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{48549E77-7B17-4721-9B17-8865F885742F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{497BD64F-32AE-4C0F-9AD3-39342EA837E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4A666CDE-2F9A-4157-82C0-1E6F0FDEA823}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4C430E67-8E13-4DBE-9BC1-91FA56F72949}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4DFD60BF-308F-4130-9FDE-D24086E20879}" = dir=out | app=c:\program files\eslwire\wire.exe | "{4F2F8403-D5CD-4C43-A641-34862902BA1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{51036456-798C-415C-B29E-C736B7EA6AA8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{511466CE-078E-4401-A673-C1862FDAD398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{536F40B6-D1E6-46FE-8730-40E5E6E838AE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{57DE7718-BEB4-4B80-AA44-55CA6E6FE3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{5A9D6383-439B-441A-9529-FE8DFE3FA7F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5CF0E3EA-6761-446D-A32F-E9B17E4ED708}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{5D60A68F-FD6A-4BD4-B3DF-0E3786CF1841}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DFAF632-E102-4ED1-9F9E-0F60D7B8792B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5EDD1C25-AB46-4033-9C82-3E6CBB949D68}" = protocol=17 | dir=in | app=d:\desktop\bf3\battlefield 3\bf3.exe | "{61A1DE9E-678C-4B90-AE52-0F47B6CF8C81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{66A87328-CA22-495C-BB20-59FCF94E2CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{6BF88A52-151A-4AD1-AD1C-A7B038D5EEB6}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{6C049665-750D-4484-9483-DCEFA425BE2D}" = protocol=17 | dir=in | app=c:\users\herrmann\appdata\roaming\dropbox\bin\dropbox.exe | "{6E1EBF4A-29B8-46E2-9FD7-B05DCB211839}" = protocol=6 | dir=in | app=d:\desktop\assasin\ac3sp.exe | "{74FF400A-0A13-4E62-9C53-62683A62CD7B}" = protocol=6 | dir=in | app=d:\desktop\assasin\assassinscreed3.exe | "{76501030-E44E-4383-96BD-7B76930340F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{77E1BB82-1401-4935-860C-EFD02E7F87F0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{7A01CF71-AA1B-47AC-B582-6109BAE4F0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{7D2F4F4C-033D-4681-A40C-72DCE39A44C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{80316F4D-1BA9-4CFA-90D3-9C7676A4B90C}" = protocol=6 | dir=in | app=d:\downloads\crossfire_downloader (1).exe | "{8503B0D7-78E6-448F-841F-E4A1EDBBA483}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{8B00ADC1-E232-445E-AAE3-C43EF180840A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8B78FFBC-A51D-46A5-811D-8DA172C47ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | "{8EA1071C-AE64-4A50-9177-ED9A5424DD05}" = protocol=6 | dir=in | app=d:\desktop\assasin\ac3mp.exe | "{8F67E8F3-41D7-4549-83C4-12EA0899073C}" = protocol=17 | dir=in | app=d:\desktop\assasin\ac3sp.exe | "{948B1AB8-12D7-41C3-A539-19AAE19725E4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{9576BEFA-75F7-4A99-85BA-5CB2CD6762D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{964ECDD5-34DB-49C1-8FB7-BF10F43BF133}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{96F3B583-CE3C-4C60-9A49-F173E9765571}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{998600B0-3615-49E8-A8DE-8AAEA1DA829D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{9F82393C-4389-4644-8929-A63885C7BD4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A264540D-7060-4D08-B3F5-E4C85C25D3D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A3565842-C2A0-40BD-AAB2-D45056B1E5EF}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{AA80989B-9D7D-44B6-A29F-DD54293488B2}" = protocol=58 | dir=in | app=system | "{AB178E97-6043-4480-89C9-4504F41EE715}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{ABADF8D6-33AC-4A81-8AEB-E8ACFD15DD0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B26E16A2-2F44-4325-834E-6A6E84A98FB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B3090BC3-726E-446B-A3E3-E87D55E6861B}" = protocol=17 | dir=in | app=d:\desktop\assasin\ac3mp.exe | "{B4C9E4A0-B32E-46D9-9C78-B1AF0709A8D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B747D3A2-C106-459F-BF00-27A4E3269898}" = protocol=6 | dir=out | app=system | "{BB33D5FA-01C3-4677-BD9F-EB0AAD8408C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD1DCE5C-15E1-4A71-843A-3E8DBE707F36}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe | "{C50904FB-C592-4F55-A97B-DAEA2AADE9B5}" = protocol=17 | dir=in | app=d:\downloads\crossfire_downloader (1).exe | "{C67016FE-1766-41CB-A5CF-FD75532D94A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{C867078D-DA58-4BBF-A60A-A877D2881925}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{CAC45CDE-4193-4DE4-96B9-376C418503FD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{CE4C6E43-6954-4AED-B9E5-8F97DBB20A15}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe | "{D058210C-705D-473D-B350-3A5C41FB32DC}" = protocol=17 | dir=in | app=d:\desktop\assasin\assassinscreed3.exe | "{D1E800B9-F28B-4256-8DB1-D35E42AA2D59}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D2209357-A470-480B-B6BF-529247C1D569}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D45CA416-E994-49BC-A076-21DE8329D79A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{D4C818AC-C640-49FA-899D-7AAEAC141A41}" = protocol=6 | dir=in | app=c:\users\herrmann\appdata\roaming\dropbox\bin\dropbox.exe | "{D585AEB5-49E2-46C6-AF26-34407144BE64}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D92D0E7D-7324-4F34-8A88-65F2C987B75C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD18FB75-3E56-4C80-AD9A-6E71D576B0B5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{F03D8AC6-0802-49BD-8698-7DDA613A2C68}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{F9A26E1E-5137-4AA7-8D83-626F71E46B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001 "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5866DD36-8055-475B-A5C3-82C04091D14E}" = BF3 Settings Editor "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit) "{80E64FDE-029B-11E2-A955-F04DA23A5C58}" = MSVCRT Redists "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit) "{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "ESL Wire_is1" = ESL Wire 1.15.4 "Logitech Gaming Software" = Logitech Gaming Software 8.35 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "OptimizerPro1" = OptimizerPro1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unlocker" = Unlocker 1.9.1-x64 "Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211) "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live "{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6 "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources "{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12 "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E890D16-5CB9-4F18-BAA1-CCD0A543CAE5}" = MAGIX Music Maker MX Premium Download Version "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}" = XSplit "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F6F7194-0734-4CDA-8C04-6B766F2241A6}" = Camtasia Studio 8 "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2 "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2 "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2 "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Audacity_is1" = Audacity 2.0.2 "Battlelog Web Plugins" = Battlelog Web Plugins "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "Clownfish" = Clownfish for Skype "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser" = Adobe Widget Browser "EazelBar" = EazelBar "ESET Online Scanner" = ESET Online Scanner v3 "ESN Sonar-0.70.4" = ESN Sonar "FoozKids" = Fooz Kids "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320 "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360" = Norton 360 "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "PicoZip Recovery Tool 1.02" = PicoZip Recovery Tool 1.02 "PunkBusterSvc" = PunkBuster Services "Security Task Manager" = Security Task Manager 1.8g "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 72850" = The Elder Scrolls V: Skyrim "TeamViewer 8" = TeamViewer 8 "Uplay" = Uplay "VLC media player" = VLC media player 2.0.4 "WildTangent acer Master Uninstall" = Acer Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "winscp3_is1" = WinSCP 5.0.9 RC "WTA-190c87f3-ae6c-4a37-90f7-afca69de52a9" = Torchlight "WTA-2e3c5146-8752-4062-af0d-38776e12f506" = Wedding Dash "WTA-336e0121-2fc7-4e95-b04e-c955c034ccaf" = Penguins! "WTA-3508ff18-f336-4e9e-99e1-cb1c08ba8716" = Zuma Deluxe "WTA-38fdca4a-833d-43f2-a622-2a1812ad517b" = Insaniquarium Deluxe "WTA-6197ae63-ed97-455d-9ce6-15f67d936e4f" = Agatha Christie - Death on the Nile "WTA-66ae9e4d-5e28-41f7-9eb0-b48e43b31dea" = Polar Bowler "WTA-71077059-78d7-4bd2-8145-022b4c3a46d3" = John Deere Drive Green "WTA-8024325c-6c76-4607-a3e9-a5c117c22f75" = Final Drive: Nitro "WTA-925b3c54-2dd7-4f67-93b1-10da75224865" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition "WTA-9c816215-2ae4-4846-9bf6-9c6ab8d22056" = FATE "WTA-c1079165-a1fb-4479-8e87-3935f3a75925" = Plants vs. Zombies - Game of the Year "WTA-d372831e-8b94-459e-9250-ef4d895def89" = Virtual Villagers 4 - The Tree of Life "WTA-d39723d7-491c-466f-bee4-7a3230f497db" = Slingo Deluxe "Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.05.2013 06:22:25 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2013 06:31:02 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.05.2013 06:36:27 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.05.2013 06:36:28 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2013 06:37:10 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.05.2013 07:00:21 | Computer Name = Chrischi-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2013 08:01:36 | Computer Name = Chrischi-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.05.2013 09:55:50 | Computer Name = Chrischi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.6.0.0, Zeitstempel: 0x511c9356 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x028a78a0 ID des fehlerhaften Prozesses: 0x20ec Startzeit der fehlerhaften Anwendung: 0x01ce52f577c345db Pfad der fehlerhaften Anwendung: D:\Desktop\BF3\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 7ae39079-bef9-11e2-9611-e840f2c8cfb5 Error - 17.05.2013 11:18:24 | Computer Name = Chrischi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.6.0.0, Zeitstempel: 0x511c9356 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16492, Zeitstempel: 0x50f31443 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a6bca ID des fehlerhaften Prozesses: 0x1710 Startzeit der fehlerhaften Anwendung: 0x01ce530d9c466fca Pfad der fehlerhaften Anwendung: D:\Desktop\BF3\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\d3d11.dll Berichtskennung: 03ad0245-bf05-11e2-9611-e840f2c8cfb5 Error - 17.05.2013 13:40:57 | Computer Name = Chrischi-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 25.02.2013 15:16:43 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4890") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error - 25.02.2013 15:16:53 | Computer Name = Chrischi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 25.02.2013 15:16:53 | Computer Name = Chrischi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 26.02.2013 04:45:08 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4890") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error - 26.02.2013 11:02:33 | Computer Name = Chrischi-PC | Source = bowser | ID = 8003 Description = Error - 27.02.2013 04:05:10 | Computer Name = Chrischi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?02.?2013 um 20:07:56 unerwartet heruntergefahren. Error - 27.02.2013 04:05:20 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4891") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error - 27.02.2013 05:33:06 | Computer Name = Chrischi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?02.?2013 um 10:32:07 unerwartet heruntergefahren. Error - 27.02.2013 05:33:16 | Computer Name = Chrischi-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den CHRISCHI-PC\Herrmann-Benutzer ("4892") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error - 27.02.2013 05:33:38 | Computer Name = Chrischi-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > |
17.05.2013, 19:12 | #9 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendungCode:
ATTFilter OTL logfile created on: 17.05.2013 19:57:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 15.95 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 62.03% Memory free 31.90 Gb Paging File | 25.87 Gb Available in Paging File | 81.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 103.14 Gb Total Space | 10.21 Gb Free Space | 9.90% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 824.44 Gb Free Space | 88.51% Space Free | Partition Type: NTFS Computer Name: CHRISCHI-PC | User Name: Herrmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Herrmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Herrmann\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Fraps\fraps.exe (Beepa P/L) PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.) PRC - C:\Windows\ZSSnp211.exe (ZSMCSNAP) PRC - C:\Windows\Domino.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Herrmann\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Battlelog Web Plugins\launcher-109.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.1.22\wincfi39.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Domino.exe () ========== Services (SafeList) ========== SRV:64bit: - (EslWireHelper) -- C:\Program Files\EslWire\service\WireHelperSvc.exe () SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (SpyHunter 4 Service) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys () DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (hcwhdpvr) -- C:\Windows\SysNative\drivers\hcwhdpvr.sys (Hauppauge, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys () DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (ZSMC30x) -- C:\Windows\SysNative\drivers\ZS211.sys (ZSMC.Corporation) DRV:64bit: - (vvftav211) -- C:\Windows\SysNative\drivers\vvftav211.sys (Vimicro Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130517.002\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130516.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=48f3fef100000000000000ff59e340e3 IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\URLSearchHook: {16CC3586-3547-4025-9E2F-F04C365D8B90} - No CLSID value found IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=48f3fef100000000000000ff59e340e3 IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\SearchScopes\{16CC3586-3547-4025-9E2F-F04C365D8B90}: "URL" = hxxp://search.eazel.com/results.php?cat=web&co=&lg=en&q={searchTerms} IE - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=48f3fef100000000000000ff59e340e3" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1095.52 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.13.2.19379 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: C:\Program Files (x86)\EazelBar\Firefox [2012.09.15 00:34:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.17 10:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.06 18:20:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.05.10 21:40:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.05.17 10:53:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.06 18:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 01:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions [2013.05.15 13:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions [2013.03.06 18:27:42 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\50fbdde49302c@50fbdde493058.com [2013.02.28 20:59:02 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\ffxtlbr@babylon.com [2013.03.06 18:31:53 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack [2013.02.28 20:58:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\alqi08uu.default\extensions\plugin@yontoo.com [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.11.15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\extensions\socksharedownloader@socksharedownloader.com.xpi [2013.02.28 20:59:06 | 000,001,294 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\searchplugins\delta.xml [2012.11.23 21:12:14 | 000,002,536 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\alqi08uu.default\searchplugins\mngr.xml [2013.03.06 18:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.02 16:51:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Doodledoku = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcigljcdlemflbekljdfohfpipeolof\12_0\ CHR - Extension: Take me to my Youtube\u2122 Subscriptions = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgjpoadjikandnkbmmlnkdhgljnmejf\1.1.5_0\ CHR - Extension: Turn Off the Lights = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\ CHR - Extension: YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.5.3_0\ CHR - Extension: Better Battlelog (BBLog) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.2_0\ CHR - Extension: Causality Games = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0\ CHR - Extension: The QR Code Generator = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\ CHR - Extension: Rechtschreibpr\u00FCfung = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehceilhofkogkifpjmgdhciddpbcboo\1.2_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.6_0\ CHR - Extension: Custom Google\u2122 Background = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\4.3.3_0\ CHR - Extension: FlyOrDie Blackball = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag\1.0.3_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\ CHR - Extension: Google Mail-Checker = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Timeline for Youtube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\obknajoccmgkokfoclhgjnlcekgglkmn\1.0.11_0\ CHR - Extension: Battlefield 3 = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\ CHR - Extension: Google Mail = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Doodledoku = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcigljcdlemflbekljdfohfpipeolof\12_0\ CHR - Extension: Take me to my Youtube\u2122 Subscriptions = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgjpoadjikandnkbmmlnkdhgljnmejf\1.1.5_0\ CHR - Extension: Turn Off the Lights = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\ CHR - Extension: YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.5.3_0\ CHR - Extension: Better Battlelog (BBLog) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.2_0\ CHR - Extension: Causality Games = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0\ CHR - Extension: The QR Code Generator = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\ CHR - Extension: Rechtschreibpr\u00FCfung = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehceilhofkogkifpjmgdhciddpbcboo\1.2_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.6_0\ CHR - Extension: Custom Google\u2122 Background = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\4.3.3_0\ CHR - Extension: FlyOrDie Blackball = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag\1.0.3_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\ CHR - Extension: Google Mail-Checker = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Timeline for Youtube = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\obknajoccmgkokfoclhgjnlcekgglkmn\1.0.11_0\ CHR - Extension: Battlefield 3 = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\ CHR - Extension: Google Mail = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.04.21 19:23:59 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2:64bit: - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (VirtualDJ Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll File not found O3:64bit: - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (VirtualDJ Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found O4 - HKLM..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe (ZSMCSNAP) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov) O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Rbkukl] C:\Users\Herrmann\AppData\Roaming\Rbkukl.exe File not found O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1242782858-1307113304-2311912926-1000..\Run: [Yontoo Desktop] C:\Users\Herrmann\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Herrmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7A229A-5D65-4939-91BC-C2CCF6A076F9}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.04.21 18:49:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{be0e271b-9e9e-11e2-9c49-e840f2c8cfb5}\Shell - "" = AutoRun O33 - MountPoints2\{be0e271b-9e9e-11e2-9c49-e840f2c8cfb5}\Shell\AutoRun\command - "" = M:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 12:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.05.15 13:40:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.05.15 13:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.05.15 13:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.05.15 13:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.05.14 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InterLok [2013.05.14 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antares Audio Technologies [2013.05.14 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Antares [2013.05.14 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Downloads [2013.05.14 17:05:18 | 000,695,296 | ---- | C] (AnjoCaido) -- D:\Desktop\Minecraft Cracked.exe [2013.05.14 14:22:52 | 000,000,000 | ---D | C] -- D:\Desktop\DICE Verantwortlich Für Hacker atakke [2013.05.12 00:40:24 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3 how to fix bugy objects in Skate3 [2013.05.11 21:36:01 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3 [2013.05.11 21:36:01 | 000,000,000 | ---D | C] -- D:\Desktop\Skate3 [2013.05.10 21:40:37 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.05.10 21:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.05.10 21:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.05.10 21:40:30 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys [2013.05.10 21:40:30 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys [2013.05.10 21:40:30 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys [2013.05.10 21:40:30 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys [2013.05.10 21:40:30 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys [2013.05.10 21:40:30 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys [2013.05.10 21:40:30 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys [2013.05.10 21:40:30 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.sys [2013.05.10 21:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403010.016 [2013.05.10 21:39:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2013.05.10 21:39:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013.05.10 21:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2013.05.10 21:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2013.05.10 09:57:38 | 000,027,208 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2013.05.10 09:57:34 | 000,055,872 | ---- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll [2013.05.09 22:35:46 | 000,000,000 | ---D | C] -- D:\Desktop\Neuer Ordner (3) [2013.05.09 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.05.09 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\PunkBuster [2013.05.09 21:27:36 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\PunkBuster [2013.05.05 11:10:26 | 000,000,000 | ---D | C] -- D:\Desktop\Interface [2013.05.05 10:46:11 | 000,000,000 | ---D | C] -- D:\Desktop\sky [2013.05.04 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013.05.04 19:32:25 | 000,000,000 | ---D | C] -- D:\Desktop\scheiss [2013.04.28 19:37:39 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\ESL Wire Game Client [2013.04.28 19:37:25 | 000,160,784 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2013.04.28 19:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire [2013.04.28 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2013.04.28 19:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2013.04.25 17:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.22 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.04.22 12:46:08 | 000,000,000 | R--D | C] -- D:\Desktop\Eigene Seite [2013.04.22 01:51:13 | 000,000,000 | ---D | C] -- D:\Desktop\Battlefield 3 Sniper Montage 004 by chrischi2321 [2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.04.21 19:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group [2013.04.21 18:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.04.21 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.04.17 21:09:17 | 000,000,000 | ---D | C] -- D:\Desktop\sniper ws hudson [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 18:43:01 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.17 18:43:01 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.17 18:13:20 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.17 13:12:28 | 000,056,703 | ---- | M] () -- D:\Desktop\dipasd.png [2013.05.17 13:06:15 | 001,614,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.17 13:06:15 | 000,697,276 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.17 13:06:15 | 000,652,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.17 13:06:15 | 000,148,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.17 13:06:15 | 000,121,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.17 13:02:31 | 000,277,982 | ---- | M] () -- D:\Desktop\svchostpic.png [2013.05.17 13:02:31 | 000,000,132 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.05.17 11:00:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 11:00:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 10:57:54 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{8DC6A15C-EF0E-47B6-AC79-5FCEEEB282A8}.job [2013.05.17 10:55:12 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2013.05.17 10:53:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 10:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 10:53:16 | 4254,539,774 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 09:06:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.17 09:06:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.16 19:32:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.16 19:28:35 | 000,000,600 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\winscp.rnd [2013.05.15 15:40:17 | 000,037,584 | ---- | M] () -- D:\Desktop\PnkBstrA.rar [2013.05.15 15:40:00 | 000,144,556 | ---- | M] () -- D:\Desktop\PnkBstrB.rar [2013.05.15 15:27:38 | 002,448,702 | ---- | M] () -- D:\Desktop\pbsvc.rar [2013.05.15 15:12:52 | 000,007,605 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\resmon.resmoncfg [2013.05.14 22:22:02 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242782858-1307113304-2311912926-1000UA.job [2013.05.14 17:42:00 | 000,001,638 | ---- | M] () -- D:\Desktop\groups.yml [2013.05.14 15:22:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242782858-1307113304-2311912926-1000Core.job [2013.05.14 13:41:29 | 000,009,707 | ---- | M] () -- D:\Desktop\MAN.png [2013.05.12 18:31:11 | 000,000,515 | ---- | M] () -- D:\Desktop\config.yml [2013.05.12 11:24:02 | 001,578,538 | ---- | M] () -- D:\Desktop\steam failo.png [2013.05.11 21:29:20 | 000,001,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.10 21:40:42 | 001,940,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB [2013.05.10 21:40:37 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.05.10 21:40:37 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.05.10 21:40:37 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.05.10 13:03:54 | 000,000,871 | ---- | M] () -- C:\Windows\wininit.ini [2013.05.10 12:41:22 | 000,000,576 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.05.10 09:57:38 | 000,027,208 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2013.05.10 09:57:34 | 000,055,872 | ---- | M] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll [2013.05.09 23:36:59 | 000,158,767 | ---- | M] () -- D:\Desktop\arbeitssp.png [2013.05.09 22:26:53 | 000,045,083 | ---- | M] () -- D:\Desktop\punk.png [2013.05.05 11:08:55 | 000,078,428 | ---- | M] () -- D:\Desktop\QD Inventory 0_235-667-1.zip [2013.05.04 22:40:24 | 015,833,336 | ---- | M] () -- D:\Desktop\The Elder Scrolls V_ Skyrim Live Action Trailer_(720p).mp4 [2013.05.04 22:39:28 | 056,976,098 | ---- | M] () -- D:\Desktop\The Elder Scrolls V - Skyrim Trailer German HD_(720p).mp4 [2013.05.04 18:47:34 | 000,001,526 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.04.29 18:12:28 | 012,322,882 | ---- | M] () -- D:\Desktop\test test 123 _D_(1080p).mp4 [2013.04.28 19:37:25 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2013.04.26 13:47:22 | 000,002,274 | ---- | M] () -- D:\Desktop\Google Chrome.lnk [2013.04.25 15:12:41 | 000,044,176 | ---- | M] () -- D:\Desktop\chrischi.jpg [2013.04.23 18:11:22 | 007,657,516 | ---- | M] () -- D:\Desktop\lalelu.wav [2013.04.23 13:42:21 | 577,658,776 | ---- | M] () -- D:\Desktop\bf3 2013-04-23 13-15-17-99.avi [2013.04.22 15:18:57 | 000,982,395 | ---- | M] () -- D:\Desktop\so.jpg [2013.04.22 15:10:38 | 001,001,599 | ---- | M] () -- D:\Desktop\fail.png [2013.04.22 14:25:12 | 000,379,579 | ---- | M] () -- D:\Desktop\bf3back.jpg [2013.04.21 21:19:33 | 000,002,202 | ---- | M] () -- D:\Desktop\amcap.lnk [2013.04.21 19:10:44 | 000,002,146 | ---- | M] () -- D:\Desktop\SpyHunter.lnk [2013.04.21 18:49:55 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.04.21 18:40:29 | 000,101,571 | ---- | M] () -- D:\Desktop\zoom.png [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 13:12:28 | 000,056,703 | ---- | C] () -- D:\Desktop\dipasd.png [2013.05.17 12:58:34 | 000,277,982 | ---- | C] () -- D:\Desktop\svchostpic.png [2013.05.17 10:55:12 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2013.05.16 19:31:52 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.16 19:30:59 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.16 19:30:59 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.16 19:30:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.15 15:40:17 | 000,037,584 | ---- | C] () -- D:\Desktop\PnkBstrA.rar [2013.05.15 15:39:58 | 000,144,556 | ---- | C] () -- D:\Desktop\PnkBstrB.rar [2013.05.15 15:27:45 | 002,580,552 | ---- | C] () -- D:\Desktop\pbsvc.exe [2013.05.15 15:27:17 | 002,448,702 | ---- | C] () -- D:\Desktop\pbsvc.rar [2013.05.14 17:42:00 | 000,001,638 | ---- | C] () -- D:\Desktop\groups.yml [2013.05.14 13:41:29 | 000,009,707 | ---- | C] () -- D:\Desktop\MAN.png [2013.05.12 16:24:00 | 000,000,515 | ---- | C] () -- D:\Desktop\config.yml [2013.05.12 11:24:01 | 001,578,538 | ---- | C] () -- D:\Desktop\steam failo.png [2013.05.11 21:29:20 | 000,001,059 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.10 21:55:42 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021 [2013.05.10 21:40:37 | 001,940,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB [2013.05.10 21:40:37 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.05.10 21:40:37 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.05.10 21:40:30 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam64.cat [2013.05.10 21:40:30 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.cat [2013.05.10 21:40:30 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet64.cat [2013.05.10 21:40:30 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.cat [2013.05.10 21:40:30 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.cat [2013.05.10 21:40:30 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.cat [2013.05.10 21:40:30 | 000,007,585 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.cat [2013.05.10 21:40:30 | 000,007,581 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.cat [2013.05.10 21:40:30 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa.inf [2013.05.10 21:40:30 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds.inf [2013.05.10 21:40:30 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet.inf [2013.05.10 21:40:30 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.inf [2013.05.10 21:40:30 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.inf [2013.05.10 21:40:30 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.inf [2013.05.10 21:40:30 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.inf [2013.05.10 21:40:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.inf [2013.05.10 21:40:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini [2013.05.10 12:41:16 | 000,000,576 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.05.10 12:33:11 | 000,202,597 | ---- | C] () -- D:\Desktop\All_CPU_Meter_V4.6.gadget [2013.05.09 23:36:59 | 000,158,767 | ---- | C] () -- D:\Desktop\arbeitssp.png [2013.05.09 22:26:53 | 000,045,083 | ---- | C] () -- D:\Desktop\punk.png [2013.05.05 11:08:54 | 000,078,428 | ---- | C] () -- D:\Desktop\QD Inventory 0_235-667-1.zip [2013.05.04 22:40:04 | 015,833,336 | ---- | C] () -- D:\Desktop\The Elder Scrolls V_ Skyrim Live Action Trailer_(720p).mp4 [2013.05.04 22:39:06 | 056,976,098 | ---- | C] () -- D:\Desktop\The Elder Scrolls V - Skyrim Trailer German HD_(720p).mp4 [2013.04.29 18:12:24 | 012,322,882 | ---- | C] () -- D:\Desktop\test test 123 _D_(1080p).mp4 [2013.04.29 15:40:55 | 000,001,538 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2013.04.29 15:40:55 | 000,001,526 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.04.28 19:37:25 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2013.04.25 15:12:39 | 000,044,176 | ---- | C] () -- D:\Desktop\chrischi.jpg [2013.04.23 18:08:45 | 007,657,516 | ---- | C] () -- D:\Desktop\lalelu.wav [2013.04.23 13:17:51 | 577,658,776 | ---- | C] () -- D:\Desktop\bf3 2013-04-23 13-15-17-99.avi [2013.04.22 15:18:54 | 000,982,395 | ---- | C] () -- D:\Desktop\so.jpg [2013.04.22 15:10:38 | 001,001,599 | ---- | C] () -- D:\Desktop\fail.png [2013.04.22 14:25:11 | 000,379,579 | ---- | C] () -- D:\Desktop\bf3back.jpg [2013.04.21 21:19:33 | 000,002,202 | ---- | C] () -- D:\Desktop\amcap.lnk [2013.04.21 18:49:55 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.04.21 18:49:48 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013.04.21 18:49:46 | 000,002,146 | ---- | C] () -- D:\Desktop\SpyHunter.lnk [2013.04.21 18:40:28 | 000,101,571 | ---- | C] () -- D:\Desktop\zoom.png [2013.03.21 20:54:31 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe [2013.03.18 19:18:48 | 000,013,248 | ---- | C] () -- C:\Windows\SysWow64\System.dll [2013.02.26 18:26:38 | 000,007,605 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\resmon.resmoncfg [2013.01.22 18:53:24 | 000,002,378 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.12.02 16:37:41 | 000,009,216 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\AllocEx.dat [2012.11.30 14:08:36 | 000,000,227 | ---- | C] () -- C:\Windows\steinsgate.ini [2012.10.30 18:54:12 | 000,000,871 | ---- | C] () -- C:\Windows\wininit.ini [2012.10.08 22:50:15 | 000,000,132 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.10.01 17:41:45 | 001,591,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.29 22:45:22 | 000,005,120 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.16 19:15:31 | 000,000,600 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\winscp.rnd [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1138 bytes -> C:\Users\Herrmann\AppData\Local\CYT9DHppduFjCC:Nzaeh7O60cDzzjgB8ml < End of report > Geändert von chrischi1 (17.05.2013 um 19:17 Uhr) Grund: Jetzt |
17.05.2013, 20:49 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendungZitat:
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 21:24 | #11 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung Minecraft Cracked.exe kann nicht sein das habe ich seit 2 jahren drauf noch nie probleme gehabt ... Geändert von chrischi1 (17.05.2013 um 21:25 Uhr) Grund: rechtschreibung |
17.05.2013, 21:38 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendungZitat:
Wir geben bei Crackusern keinen Bereingungssupport. Und dass dein Crack tatsächlich so sauber und vertrauenswürdig ist wie du offensichtlich glaubst, wagt jeder der das Risiko derartiger Cracks kennt, zu bezweifeln. Hilfe gibt es noch bei der Datenrettung und Neuinstallation von Windows. Lass in Zukunft die Finger von Cracks und Keygens!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 21:48 | #13 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung Ich habe das gerade mit virus total + Norton + und mit antispy scannen lassen Nix 100% sicher |
17.05.2013, 21:51 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe Virur 2GB Arbeitsspeicher verwendung Was hat das mit dem Thema zu tun? Nix Wie geben keinen Support mehr wenn wir Cracks sehen, außer Hilfe zu Datensicherung und Neuinstallation.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.05.2013, 21:55 | #15 |
| svchost.exe Virur 2GB Arbeitsspeicher verwendung |
Themen zu svchost.exe Virur 2GB Arbeitsspeicher verwendung |
antwort, arbeitsspeicher, bild, explorer.exe crash, hoffe, log, online, poste, problem, sachen, scanner, schnell, spyhunter, spyhunter entfernen, svchost.exe, svchoste.exe virus, tarma, win32/adware.multiplug.f, win32/adware.multiplug.h, win32/adware.yontoo, win32/adware.yontoo.b, windos7, woche |