| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2013, 10:40
| #1 |
 |  Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Tachchen, ich bin's mal wieder! Tja... seitdem ich heute meinen PC angeschaltet hab, ist ein wunderbarer Virus aktiv. In jedem Browser ist das nun die neue Startseite:  Dieses "Portaldosites" lässt sich (wie es so scheint?) nicht entfernen. Ich benutze die Browser: Internet Explorer, Firefox, Chrome, Opera. In den Internetoptionen des IEs war das zwar aufgelistet, Entfernung des ganzen hat aber nichts gebracht. In den anderen Browsern war das nicht mal aufgelistet sondern auf komplett anderen Seiten eingestellt (Google/Neuer Tab), "Portaldosites" blieb aber immer noch. EDIT: Achso, und: Die mitgelieferte "Uninstall"-Anleitung funktioniert auch nicht :P "Avast! Browser Cleanup" hat nichts gefunden und selbst nach Zurücksetzen der Browser durch dieses Programm blieb alles wie vorher. Nun habe ich einen vollständigen Scan mit "Malwarebytes' Anti-Malware", also MBAM gemacht und er hat auch eine infizierte Datei gefunden mit "Portal" im Namen. Hier mal kurz der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Georg :: GEORG-PC [Administrator] 01.06.2013 09:14:10 mbam-log-2013-06-01 (09-14-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 699252 Laufzeit: 2 Stunde(n), 2 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Georg\AppData\Local\Temp\is1070216317\cor_ar_201342418305_portal.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Könnt ihr mir vielleicht helfen, diesen Plagegeist loszuwerden? Das ist nämlich echt nervig und uncool. Und irgendwo schon peinlich, weil ich eigentlich extra darauf achte, dass so eine Scheiße nicht mitinstalliert wird. D: Mit freundlichen Grüßen, Georg aka Juri9 Geändert von Juri9 (01.06.2013 um 10:43 Uhr) Grund: Ergänzung |
|
01.06.2013, 11:55
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? hi,
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ |
|
01.06.2013, 12:41
| #3 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 01.06.2013 13:32:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,36 Gb Available Physical Memory | 67,15% Memory free 15,96 Gb Paging File | 13,22 Gb Available in Paging File | 82,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 225,06 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\eSafe\eGdpSvc.exe (eSafe Security Co., Ltd.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\puush\puush.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\UMonit.exe () PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\vphc700.exe (Sonix) PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pysqlite2._sqlite.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32com.shell.shell.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_elementtree.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32api.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._html2.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_socket.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_multiprocessing.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32ts.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32crypt.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._core_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_ssl.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\windows._cacheinvalidation.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._gdi_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._misc_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pythoncom27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\PyWinTypes27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32security.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_ctypes.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32profile.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._controls_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._windows_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\_hashlib.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\unicodedata.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\pyexpat.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\wx._wizard.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32file.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32inet.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32process.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32pdh.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\win32event.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI68682\select.pyd () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\puush\puush.exe () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll () MOD - C:\Windows\SysWOW64\UMonit.exe () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Services (SafeList) ========== SRV - (eSafeSvc) -- C:\ProgramData\eSafe\eGdpSvc.exe (eSafe Security Co., Ltd.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto) SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys () DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=3407923 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=3407923 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKCU\..\SearchScopes,DefaultScope = {C88215D9-8C4C-4C02-BD96-C2F219F35ED5} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_deDE499 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox" FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions [2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi [2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.05.30 21:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337 [2013.05.30 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013.05.30 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\eIntaller [2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive [2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll [2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll [2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll [2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll [2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll [2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll [2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll [2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll [2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll [2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll [2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll [2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll [2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe [2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll [2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll [2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll [2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll [2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll [2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll [2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll [2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll [2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll [2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll [2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll [2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe [2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook [2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia [2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client [2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal [2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe [2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE [2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.01 13:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.06.01 13:31:01 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.06.01 12:45:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 11:29:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 11:29:06 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 11:18:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.01 11:18:26 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll [2013.05.30 21:01:39 | 000,002,421 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.30 21:01:39 | 000,001,647 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk [2013.05.30 21:01:39 | 000,001,313 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.29 13:37:09 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.29 13:37:09 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.29 13:37:09 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.29 13:37:09 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.29 13:37:09 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.05.02 16:09:30 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2013.05.02 16:09:30 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png [2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd [2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3 [2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3 [2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html [2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z [2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4 [2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG [2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG [2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip [2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf [2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf [2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml [2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip [2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip [2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg [2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4 [2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3 [2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv [2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg [2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf [2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf [2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf [2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg [2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3 [2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png [2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG [2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png [2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png [2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg [2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp [2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp [2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4 [2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3 [2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp [2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk [2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk [2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt [2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat [2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat [2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip [2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini [2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py [2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk [2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol [2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt [2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat [2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe [2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll [2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI [2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll [2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe [2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe [2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini [2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini [2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini [2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы (C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы ========== Alternate Data Streams ========== @Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty < End of report > |
|
01.06.2013, 12:42
| #4 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Extras.txt Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 13:32:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,36 Gb Available Physical Memory | 67,15% Memory free
15,96 Gb Paging File | 13,22 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,06 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system |
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system |
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe |
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system |
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.05.2013 06:24:39 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x50b68585 Name des fehlerhaften Moduls: engine.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x50b7c5f5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1037a60c ID des fehlerhaften
Prozesses: 0x47c Startzeit der fehlerhaften Anwendung: 0x01ce5c56881195ff Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\smoodoosjuri9\portal\hl2.exe
Pfad
des fehlerhaften Moduls: engine.dll Berichtskennung: f76555d7-c849-11e2-b658-c89cdce712ed
Error - 29.05.2013 07:30:20 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 29.05.2013 08:00:34 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe". Die abhängige Assemblierung
"Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error - 29.05.2013 08:45:42 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SuperMeatBoy.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ee3490b Name des fehlerhaften Moduls: SuperMeatBoy.exe, Version:
0.0.0.0, Zeitstempel: 0x4ee3490b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000dd403
ID
des fehlerhaften Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01ce5c6a69063d4b
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\super
meat boy\SuperMeatBoy.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\super
meat boy\SuperMeatBoy.exe Berichtskennung: ac03da31-c85d-11e2-abe7-c89cdce712ed
Error - 30.05.2013 11:28:27 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 30.05.2013 13:27:05 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe". Die abhängige Assemblierung
"Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error - 31.05.2013 09:11:15 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 31.05.2013 11:38:21 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe". Die abhängige Assemblierung
"Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error - 01.06.2013 02:51:28 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 01.06.2013 05:20:20 | Computer Name = Georg-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
[ System Events ]
Error - 29.05.2013 07:32:32 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 29.05.2013 07:35:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
Error - 30.05.2013 11:29:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 30.05.2013 11:29:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 31.05.2013 09:13:30 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 31.05.2013 09:13:30 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 01.06.2013 02:53:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 01.06.2013 02:53:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 01.06.2013 05:21:35 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 01.06.2013 05:21:35 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
01.06.2013, 12:43
| #5 |
| /// the machine /// TB-Ausbilder | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:08
| #6 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? AdwCleaner: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 01/06/2013 um 18:59:31 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Georg - GEORG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Georg\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : eSafeSvc
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Georg\Desktop\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Georg\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\eIntaller
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Daten Gelöscht : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\portaldositesSoftware
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_6VPJLF95XXXX6VPJLF95&ts=1369940497 --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Andere\AppData\Roaming\Mozilla\Firefox\Profiles\751b2fvt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : C:\Users\Georg\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7987 octets] - [01/06/2013 18:59:14]
AdwCleaner[S1].txt - [5645 octets] - [01/06/2013 18:59:31]
########## EOF - C:\AdwCleaner[S1].txt - [5705 octets] ##########
Ich mach dann mal weiter... Gruß, Georg aka Juri9 |
|
01.06.2013, 18:13
| #7 |
| /// the machine /// TB-Ausbilder | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? genau 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:20
| #8 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Georg on 01.06.2013 at 19:13:59,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Georg\appdata\local\{EAB36B59-2CF8-4E27-9CE1-A439F08F86E2}
~~~ FireFox
Emptied folder: C:\Users\Georg\AppData\Roaming\mozilla\firefox\profiles\00tp9q8u.default\minidumps [13 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 19:18:29,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gruß, Georg aka Juri9 |
|
01.06.2013, 18:27
| #9 |
| /// the machine /// TB-Ausbilder | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:27
| #10 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? OTL.txt Code:
ATTFilter OTL logfile created on: 01.06.2013 19:21:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 68,65% Memory free 15,96 Gb Paging File | 13,37 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 225,05 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\puush\puush.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\UMonit.exe () PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\vphc700.exe (Sonix) PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\windows._cacheinvalidation.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._gdi_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._misc_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pysqlite2._sqlite.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pythoncom27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32com.shell.shell.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_elementtree.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\PyWinTypes27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32security.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32api.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ctypes.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._html2.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_socket.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_multiprocessing.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32ts.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32profile.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32crypt.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._core_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ssl.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._windows_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_hashlib.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._wizard.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32process.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32pdh.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._controls_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\unicodedata.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pyexpat.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32file.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32inet.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32event.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\select.pyd () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\puush\puush.exe () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll () MOD - C:\Windows\SysWOW64\UMonit.exe () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto) SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys () DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox" FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions [2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi [2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 19:13:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.01 19:10:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.01 19:10:02 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe [2013.06.01 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv [2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive [2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll [2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll [2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll [2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll [2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll [2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll [2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll [2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll [2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll [2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll [2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll [2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll [2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe [2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll [2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll [2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll [2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll [2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll [2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll [2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll [2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll [2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll [2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll [2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll [2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe [2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook [2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia [2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client [2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal [2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe [2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE [2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:10:08 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe [2013.06.01 19:01:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.01 19:01:07 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 18:59:39 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.01 18:59:39 | 000,001,148 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk [2013.06.01 18:59:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.01 18:56:38 | 000,632,031 | ---- | M] () -- C:\Users\Georg\Desktop\adwcleaner.exe [2013.06.01 18:45:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 18:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.01 16:31:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll [2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.29 13:37:09 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.29 13:37:09 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.29 13:37:09 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.29 13:37:09 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.29 13:37:09 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.01 18:56:34 | 000,632,031 | ---- | C] () -- C:\Users\Georg\Desktop\adwcleaner.exe [2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png [2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd [2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3 [2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3 [2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html [2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z [2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4 [2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG [2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG [2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip [2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf [2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf [2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml [2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip [2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip [2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg [2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4 [2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3 [2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv [2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg [2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf [2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf [2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf [2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg [2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3 [2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png [2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG [2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png [2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png [2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg [2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp [2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp [2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4 [2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3 [2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp [2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk [2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk [2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt [2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat [2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat [2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip [2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini [2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py [2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk [2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol [2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt [2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat [2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe [2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll [2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI [2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll [2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe [2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe [2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini [2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini [2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini [2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы (C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы ========== Alternate Data Streams ========== @Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 19:21:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 68,65% Memory free
15,96 Gb Paging File | 13,37 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,05 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system |
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system |
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe |
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system |
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
< End of report >
Georg aka Juri9 |
|
01.06.2013, 18:30
| #11 |
| /// the machine /// TB-Ausbilder | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 22:48
| #12 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Hui @.@ Nach fast 4 Stunden scannen kann ich dann auch mal den ESET-Log hier posten: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a4e95a9d05254449b6ff74e0cb3f6f2c
# engine=13971
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 09:43:48
# local_time=2013-06-01 11:43:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20263738 121752878 0 0
# scanned=485218
# found=0
# cleaned=0
# scan_time=14247
Na dann mal ran an SecurityCheck. Hoffentlich dauert das nicht so lang... :'D EDIT:  Nun... das ging schnell xD Dubdidu, ran an OTL~ EDIT2: -> Achtung: Kleine Änderung - Ich hab gesehen, dass bei dem Feld "Scanne alle Benutzer" kein Haken drin und hab mir gedacht, dass ich einfach mal einen reinsetze. Es gibt ja 2 Benutzerkonten an diesem PC. Das macht doch nichts aus, oder? <- OTL.txt Code:
ATTFilter OTL logfile created on: 01.06.2013 23:55:54 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 4,77 Gb Available Physical Memory | 59,77% Memory free 15,96 Gb Paging File | 12,71 Gb Available in Paging File | 79,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 225,04 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive E: | 931,28 Gb Total Space | 894,31 Gb Free Space | 96,03% Space Free | Partition Type: FAT32 Drive F: | 465,76 Gb Total Space | 185,96 Gb Free Space | 39,93% Space Free | Partition Type: NTFS Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\puush\puush.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\UMonit.exe () PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\vphc700.exe (Sonix) PRC - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\windows._cacheinvalidation.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._gdi_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._misc_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pysqlite2._sqlite.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pythoncom27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32com.shell.shell.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_elementtree.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\PyWinTypes27.dll () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32security.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32api.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ctypes.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._html2.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_socket.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_multiprocessing.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32ts.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32profile.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32crypt.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._core_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_ssl.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._windows_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\_hashlib.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._wizard.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32process.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32pdh.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\wx._controls_.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\unicodedata.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\pyexpat.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32file.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32inet.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\win32event.pyd () MOD - C:\Users\Georg\AppData\Local\Temp\_MEI11682\select.pyd () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\puush\puush.exe () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll () MOD - C:\Windows\SysWOW64\UMonit.exe () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () MOD - C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto) SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (STRATO HiDrive Service) -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV:64bit: - (phc700) -- C:\Windows\SysNative\drivers\phc700.sys () DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data] IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\SearchScopes\{C88215D9-8C4C-4C02-BD96-C2F219F35ED5}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox" FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 17:52:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions [2012.08.30 12:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.04 08:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions [2013.03.03 16:39:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013.05.04 07:46:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi [2013.05.04 08:50:20 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.08 13:56:06 | 000,001,832 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\searchplugins\bing.xml [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 19:17:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.01.06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [phc700] C:\Windows\vphc700.exe (Sonix) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [phc700] C:\windows\system32\vphc700.exe File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [Facebook Update] C:\Users\Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [puush] C:\Program Files (x86)\puush\puush.exe () O4 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1369826421840 (MUCatalogWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2938FA1-8998-4697-B61C-3E7448CF269D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.09.15 06:12:14 | 000,000,080 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 23:56:08 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv2 [2013.06.01 19:35:28 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe [2013.06.01 19:13:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.01 19:10:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.01 19:10:02 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe [2013.06.01 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\archiv [2013.06.01 13:31:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.05.29 18:08:46 | 000,000,000 | --SD | C] -- C:\Users\Georg\Google Drive [2013.05.29 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.05.29 13:22:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscapi.dll [2013.05.29 13:22:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscdll.dll [2013.05.29 13:22:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.05.29 13:22:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmib.dll [2013.05.29 13:22:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmib.dll [2013.05.29 13:22:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll [2013.05.29 13:22:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.05.29 13:22:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.05.29 13:22:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll [2013.05.29 13:22:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.05.29 13:22:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.05.29 13:22:41 | 000,190,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.05.29 13:22:41 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2013.05.29 13:22:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tcpmonui.dll [2013.05.29 13:22:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tcpmonui.dll [2013.05.29 13:22:40 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpdd.dll [2013.05.29 13:22:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3dlg.dll [2013.05.29 13:22:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gpprnext.dll [2013.05.29 13:22:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gpprnext.dll [2013.05.29 13:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.05.29 13:22:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\svchost.exe [2013.05.29 13:22:36 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netlogon.dll [2013.05.29 13:22:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3msm.dll [2013.05.29 13:22:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3msm.dll [2013.05.29 13:22:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3api.dll [2013.05.29 13:22:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dot3gpclnt.dll [2013.05.29 13:22:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dot3gpclnt.dll [2013.05.29 13:22:33 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll [2013.05.29 13:22:33 | 001,039,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll [2013.05.29 13:22:33 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll [2013.05.29 13:22:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,965,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.05.29 13:22:32 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll [2013.05.29 13:22:32 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll [2013.05.29 13:22:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL [2013.05.29 13:22:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnpinst.exe [2013.05.26 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Facebook [2013.05.25 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\Lucia [2013.05.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\TS3Client [2013.05.21 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.05.21 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.05.20 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\Craften_Dev_Team [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal [2013.05.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal [2013.05.16 22:18:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.16 22:18:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.16 22:18:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.16 22:18:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.16 22:18:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.16 22:18:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.16 22:18:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.16 22:18:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.16 22:18:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.16 22:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.16 22:18:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.16 22:18:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.16 22:18:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.16 22:18:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.16 17:12:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.16 17:12:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.16 17:11:59 | 001,931,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.16 17:11:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.16 17:11:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.16 17:11:59 | 000,111,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.16 17:11:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.15 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Adobe [2013.05.15 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.05.15 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.15 17:50:20 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdralw2k.sys [2013.05.15 17:50:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\cdr4_xp.sys [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.05.15 17:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.05.15 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.13 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.05 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\LOVE [2013.05.04 08:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.21 14:37:20 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.01 23:51:06 | 000,890,839 | ---- | M] () -- C:\Users\Georg\Desktop\SecurityCheck.exe [2013.06.01 23:45:05 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 23:34:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.01 22:31:03 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.06.01 19:45:30 | 001,613,996 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.01 19:45:30 | 000,697,064 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.01 19:45:30 | 000,652,382 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.01 19:45:30 | 000,148,102 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.01 19:45:30 | 000,121,056 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.01 19:35:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe [2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:13:17 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:10:08 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Georg\Desktop\JRT.exe [2013.06.01 19:01:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.01 19:01:07 | 2133,630,975 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 18:59:39 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.01 18:59:39 | 000,001,148 | ---- | M] () -- C:\Users\Georg\Desktop\Internet Explorer.lnk [2013.06.01 18:59:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.01 18:56:38 | 000,632,031 | ---- | M] () -- C:\Users\Georg\Desktop\adwcleaner.exe [2013.06.01 13:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2013.06.01 13:31:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.05.31 20:34:43 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.31 15:09:25 | 002,456,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.30 21:01:44 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll [2013.05.29 18:08:47 | 000,001,713 | ---- | M] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.23 17:39:06 | 000,009,384 | ---- | M] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 12:42:17 | 000,263,186 | ---- | M] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:55:30 | 018,444,678 | ---- | M] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:12 | 000,170,858 | ---- | M] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:46:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.17 19:36:53 | 007,153,538 | ---- | M] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:59:15 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.15 21:22:31 | 000,087,330 | ---- | M] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:27 | 000,028,682 | ---- | M] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:18 | 000,275,465 | ---- | M] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 19:34:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.05.15 19:34:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 17:47:06 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.09 00:42:01 | 000,002,634 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:55:26 | 007,140,191 | ---- | M] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:40:35 | 048,569,695 | ---- | M] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:04 | 000,063,690 | ---- | M] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.05.04 07:23:27 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.01 23:51:03 | 000,890,839 | ---- | C] () -- C:\Users\Georg\Desktop\SecurityCheck.exe [2013.06.01 18:56:34 | 000,632,031 | ---- | C] () -- C:\Users\Georg\Desktop\adwcleaner.exe [2013.05.29 18:08:47 | 000,001,713 | ---- | C] () -- C:\Users\Georg\Desktop\Google Drive.lnk [2013.05.26 13:26:43 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001UA.job [2013.05.26 13:26:42 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2764890169-2354917355-972681180-1001Core.job [2013.05.23 17:39:06 | 000,009,384 | ---- | C] () -- C:\Users\Georg\AppData\Local\recently-used.xbel [2013.05.21 15:19:35 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.20 13:46:23 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Craften Terminal.lnk [2013.05.20 12:42:12 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Desktop\Minecraft.exe [2013.05.18 13:52:21 | 018,444,678 | ---- | C] () -- C:\Users\Georg\Desktop\cave story osu.mp4 [2013.05.18 00:06:10 | 000,170,858 | ---- | C] () -- C:\Users\Georg\Desktop\Der 2-2 Blues.pdf [2013.05.17 19:36:50 | 007,153,538 | ---- | C] () -- C:\Users\Georg\Desktop\HASHTAGYOLOSWAG.exe [2013.05.15 21:22:29 | 000,087,330 | ---- | C] () -- C:\Users\Georg\Desktop\Peach_and_Bowser_Wedding_by_EmperorTokijin.jpg [2013.05.15 21:22:25 | 000,028,682 | ---- | C] () -- C:\Users\Georg\Desktop\600px-Prince_Mario_and_Princess_Peach.jpg [2013.05.15 21:22:17 | 000,275,465 | ---- | C] () -- C:\Users\Georg\Desktop\marioandpeachvgloungecom1.jpg [2013.05.15 17:51:50 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk [2013.05.13 17:25:40 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013.05.05 21:04:08 | 000,002,634 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie_mp4.HDP [2013.05.05 20:51:18 | 007,140,191 | ---- | C] () -- C:\Users\Georg\Desktop\My Movie.mp4 [2013.05.05 20:36:49 | 048,569,695 | ---- | C] () -- C:\Users\Georg\Desktop\magix at its best ... not.mp4 [2013.05.05 16:29:03 | 000,063,690 | ---- | C] () -- C:\Users\Georg\Desktop\Kuendigungsformular.pdf [2013.03.20 19:30:18 | 002,075,362 | ---- | C] () -- C:\Users\Georg\wmah.png [2013.03.08 21:46:09 | 000,500,934 | ---- | C] () -- C:\Users\Georg\YT-2013-Channel-Layout.psd [2013.03.07 20:11:38 | 000,286,787 | ---- | C] () -- C:\Users\Georg\Mario and Luigi_ Partners in Time Music - Time Hole (To Past).mp3 [2013.03.07 20:11:37 | 000,265,856 | ---- | C] () -- C:\Users\Georg\Mario & Luigi_ Partners In Time Music_ Time Hole (To Present).mp3 [2013.03.03 13:32:03 | 000,017,479 | ---- | C] () -- C:\Users\Georg\README.html [2013.03.03 13:31:16 | 015,962,145 | ---- | C] () -- C:\Users\Georg\OpenHexagonV1.7.7z [2013.02.28 18:25:23 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.27 20:04:25 | 027,885,892 | ---- | C] () -- C:\Users\Georg\2013-02-27 - viedoe.mp4 [2013.02.27 19:59:47 | 000,096,120 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0002.JPG [2013.02.27 19:57:32 | 000,090,108 | ---- | C] () -- C:\Users\Georg\2013-02-27 - 0001.JPG [2013.02.05 21:23:41 | 371,802,536 | ---- | C] () -- C:\Users\Georg\OIO-v3.4.0.2724.zip [2013.01.18 17:01:47 | 001,056,534 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 2.pdf [2013.01.18 17:01:47 | 000,528,162 | ---- | C] () -- C:\Users\Georg\TK Brief Seite 1.pdf [2013.01.02 16:41:05 | 000,004,342 | ---- | C] () -- C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml [2013.01.02 10:54:52 | 000,339,394 | ---- | C] () -- C:\Users\Georg\OptiFine_1.4.6_HD_U_A2.zip [2012.11.16 20:52:58 | 000,325,327 | ---- | C] () -- C:\Users\Georg\OptiFine Mod 1.4.4.zip [2012.10.29 21:47:52 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\Folder.jpg [2012.10.20 23:03:45 | 000,011,351 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Large.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArtSmall.jpg [2012.10.20 23:03:45 | 000,002,936 | -HS- | C] () -- C:\Users\Georg\AlbumArt_{F083D7D6-D194-444E-AD61-1A2F2DCADD22}_Small.jpg [2012.10.20 23:03:05 | 138,968,261 | ---- | C] () -- C:\Users\Georg\News _ Infos zum Nintendo 3DS - Die dritte Dimension in der Hosentasche [HD].mp4 [2012.10.20 23:03:04 | 003,023,829 | ---- | C] () -- C:\Users\Georg\Lemon Tree with Lyrics_ By Fool's Garden (HD).mp3 [2012.10.20 23:01:33 | 000,651,923 | ---- | C] () -- C:\Users\Georg\talent.wmv [2012.10.13 12:23:16 | 000,586,255 | ---- | C] () -- C:\Users\Georg\bank.jpg [2012.10.12 10:59:18 | 000,331,339 | ---- | C] () -- C:\Users\Georg\Löwenzahn.pdf [2012.10.11 14:27:18 | 005,904,128 | ---- | C] () -- C:\Users\Georg\IKS Brief.pdf [2012.10.11 14:27:18 | 000,846,537 | ---- | C] () -- C:\Users\Georg\IKS-Brief Ergänzung.pdf [2012.10.01 20:57:55 | 001,662,976 | ---- | C] () -- C:\Users\Georg\alexibexi klingelton.mpg [2012.10.01 20:57:55 | 000,101,146 | ---- | C] () -- C:\Users\Georg\AlexiBexi Klingelton - I'm a scat man!.MP3 [2012.10.01 20:53:13 | 002,891,416 | ---- | C] () -- C:\Users\Georg\Kanal Screenshot.png [2012.10.01 20:53:13 | 000,191,205 | ---- | C] () -- C:\Users\Georg\Kanaldesign.PNG [2012.10.01 20:53:13 | 000,140,762 | ---- | C] () -- C:\Users\Georg\Kanaldesign (Küken, Name, Farbverlauf).png [2012.10.01 20:53:13 | 000,138,319 | ---- | C] () -- C:\Users\Georg\Kanaldesign (nur Küken und Name).png [2012.10.01 20:49:59 | 003,426,304 | ---- | C] () -- C:\Users\Georg\Schaumparty.mpg [2012.10.01 20:49:59 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter.odp [2012.10.01 20:49:59 | 002,118,274 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für mich.odp [2012.10.01 20:49:59 | 000,748,152 | ---- | C] () -- C:\Users\Georg\Schaumparty.mp4 [2012.10.01 20:49:59 | 000,052,289 | ---- | C] () -- C:\Users\Georg\Schaumparty.MP3 [2012.10.01 20:49:58 | 002,118,375 | ---- | C] () -- C:\Users\Georg\Präsentation Gewitter für Jakob.odp [2012.09.16 15:42:31 | 000,001,229 | ---- | C] () -- C:\Users\Georg\Cave Story - Einfach Optionen.lnk [2012.09.16 15:42:31 | 000,001,222 | ---- | C] () -- C:\Users\Georg\Cave Story - Musik.lnk [2012.09.11 17:38:26 | 000,014,678 | ---- | C] () -- C:\Users\Georg\Informatik AB Variablen Aufgabe.odt [2012.09.11 17:19:42 | 001,590,954 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.09.09 21:39:42 | 000,000,052 | -H-- | C] () -- C:\windows\popcreg.dat [2012.09.09 21:39:42 | 000,000,014 | ---- | C] () -- C:\windows\popcinfot.dat [2012.09.08 21:23:35 | 000,275,916 | ---- | C] () -- C:\Users\Georg\OptiFine_1.3.2_HD_B3.zip [2012.09.08 15:55:19 | 000,015,488 | ---- | C] () -- C:\windows\phc700.ini [2012.09.04 18:36:05 | 000,000,538 | ---- | C] () -- C:\Users\Georg\stern.py [2012.09.04 18:34:02 | 000,001,463 | ---- | C] () -- C:\Users\Georg\IPI-TurtleGrafikV3.lnk [2012.09.03 19:10:18 | 000,000,680 | RHS- | C] () -- C:\Users\Georg\ntuser.pol [2012.09.03 18:45:34 | 000,188,803 | ---- | C] () -- C:\Users\Georg\englisch australische schilder.odt [2012.08.31 20:21:56 | 000,000,043 | ---- | C] () -- C:\windows\popcinfo.dat [2012.08.30 14:32:22 | 000,263,186 | ---- | C] () -- C:\Users\Georg\Minecraft.exe [2012.08.30 12:10:37 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2012.08.30 11:39:16 | 000,011,776 | ---- | C] () -- C:\windows\SysWow64\pmsbfn32.dll [2012.08.30 11:37:26 | 000,000,424 | ---- | C] () -- C:\windows\MAXLINK.INI [2012.03.21 14:54:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2012.03.21 14:54:40 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2012.03.21 14:04:51 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll [2012.03.21 14:04:51 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe [2012.03.21 14:04:48 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe [2012.03.21 14:04:48 | 000,001,591 | ---- | C] () -- C:\windows\SysWow64\_IconCfg0.ini [2012.03.21 14:04:48 | 000,000,840 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini [2012.03.21 14:04:48 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini [2012.03.21 14:01:39 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:23:59 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:27:31 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы [2012.10.01 21:00:46 | 000,000,000 | ---D | M](C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы (C:\Users\Georg\??????? ???????????) -- C:\Users\Georg\Русские мультфильмы ========== Alternate Data Streams ========== @Alternate Data Stream - 1105 bytes -> C:\Users\Georg\Ein_kleines_Dankeschön_für_ELSA_Ihr_10_Gutschein.eml:OECustomProperty < End of report > Geändert von Juri9 (01.06.2013 um 23:06 Uhr) Grund: Ergänzung |
|
01.06.2013, 23:08
| #13 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Extras.txt Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 23:55:54 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 4,77 Gb Available Physical Memory | 59,77% Memory free
15,96 Gb Paging File | 12,71 Gb Available in Paging File | 79,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 225,04 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive E: | 931,28 Gb Total Space | 894,31 Gb Free Space | 96,03% Space Free | Partition Type: FAT32
Drive F: | 465,76 Gb Total Space | 185,96 Gb Free Space | 39,93% Space Free | Partition Type: NTFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C2B37B-0671-490C-BE1C-74CA97BF5051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A87F4E-241F-449E-AC03-4AA0CB80CBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1B4A4865-CBBC-47B0-B93E-F259D69DDDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53790E8C-B48C-497C-9CB8-6F1FFAAB32CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BFB543F-735A-4282-B7B9-89FC92D7F464}" = lport=139 | protocol=6 | dir=in | app=system |
"{73B19E8F-4887-4018-867F-C07338123FE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{78431585-D1B9-4448-AC6B-EFA1F7DC0C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{85FA0023-D95C-4F8E-BDED-3FCEEC7493C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F781AD2-AD2B-4AF6-B379-0B13174680EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{908AAB0F-491A-4425-8B3B-3B1E53E9EE31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{912AC895-789E-496C-98B0-8D72D6EC0FB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{922C108D-6F9A-445E-BC6F-7B201DF284C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{967B93A9-BC02-4B9E-9D3B-21F4672F9DF1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B07E23B-059A-445C-98D8-16623E81B0BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6C87A26-6FF6-4329-9218-97C345EC6556}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2906482-A245-41B5-8E21-47B5D760A438}" = rport=137 | protocol=17 | dir=out | app=system |
"{B71C4F32-C4F5-4C90-AFE4-F8F1B9859DE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA206849-A555-4C29-A81D-BAEF3F2452DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB5AF48B-923E-4091-BCE3-0C9DFCA21262}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F814A4-C1A0-46CD-97A1-6616EA6B28DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E50537BB-09DA-4426-9B98-ABBAC72C37D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8F4EAE9-EEF9-4598-B3D2-7E2C89B09DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FECD995B-6510-4C52-B774-17BC9B82B324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006C26AA-B75E-4E6E-BF50-136FCC16C8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{0090712E-72D4-4727-AFE1-4C40E7C69B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{0137C469-5FD7-4B7D-8559-6D355FE10DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{03812306-67F9-497C-A9F1-656207EEB295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{08F4477E-F6AC-479F-8EC7-54AC1609D3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{0D51A549-8608-43E8-8986-EBA6D1160BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{0DA973A7-4FB2-4101-BDEE-9BB6C0638E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E466B4A-A64D-4D01-8993-5EEF1C697118}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{102DA8A1-2496-433A-8952-E173C78BC913}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{12276CE7-E275-41B9-88EF-9F9E29551DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical demo\binaries\win32\udk.exe |
"{1235D849-DBC2-4029-A30D-0980E94EBA40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{13150774-AB31-4C98-8F90-5444AAE1338D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{13AA57CA-BE30-41E9-A7C2-867AED5604D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{18DA1E93-B203-446B-A13D-3564F9D7FF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{18F1B629-C7A9-4B70-B2CA-1B954E15B481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18F5686A-5650-4E03-B04F-F0741BEE1F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{1C1FFCD4-26D0-4F03-B260-1CED1AAE96EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{1EAE80D8-F306-4A53-BEAE-2FB1E048FF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{21D49862-83E6-4B73-A2EA-E1E28CBD2AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{21ECAEAE-4E2F-46C2-9A49-E0603C97B347}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{23912B69-DD7B-4930-8222-F63DF8EF5D57}" = dir=in | app=c:\users\georg\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{25701096-E906-4DB8-A436-A9255D623B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{2667B743-D9EF-49D6-B06D-AE17DEDFCAB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{28DEBE55-029F-43AD-9828-59D13B2D49C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{28E66894-857D-4A29-9D78-B8DE3B84E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{2A74F4BD-796D-478C-BD72-3477E95BE753}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{2A868817-D4D4-4DC8-96E2-A4AA1427A70B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2ACB958E-6E61-4D48-8FC7-4E5D57F7574F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{2B2AAE48-DF40-43FA-8CEA-BFF54B5B594C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{2BB755AB-E0B2-4F4C-B792-9F693CA959AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{2DF6758D-67DA-40FF-9D82-67480B050741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{2FF03031-A872-47B5-9066-EC5A3228BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{3075B07A-8889-4550-AE3F-A9FB8563E8E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30B2BE0E-FF95-4D90-A613-8F58737B60AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{3272AF85-56CE-4328-9E25-D06A2C623D14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{32AC86FE-7C53-400E-9888-1A0B084C5CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{338FBA6B-C58D-4D45-BEEF-31AD42A6CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{343E59B5-54F0-471F-835D-7EAC8C91799E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{35012540-2B1A-452B-AC1A-13E4C018B093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{359D6A9E-EF19-45BB-96D4-0EE0346D17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{36AC0F5E-ACE8-41FA-84EF-6D3DF8ED7FED}" = dir=in | app=c:\users\georg\appdata\local\microsoft\skydrive\skydrive.exe |
"{37D168D1-ED87-47EC-B87C-4ED4C637582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{38737DD7-2C7C-45AE-BEC4-139A37BE173C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{39316293-4199-475F-B0D5-D554C046F96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{39432546-76A6-462C-BB6D-DABB72B534B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doc clock - the toasted sandwich of time\doc clock.exe |
"{3C109900-16F6-42EF-B13F-4487F8C7510E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3DBC435A-75CC-4C2B-862F-8145BE80B378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nimbus\nimbus.exe |
"{3F8516F1-106E-49D0-A6B9-C284D27BB85A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{404203E1-E20A-435C-9D0A-DDE8655AAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{4083708B-0BB4-4A30-8870-E1E53684B063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{40A9BC7E-81AB-45DF-8DE3-98EA6E34DC32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41ED39C4-B1B6-492F-8C25-578D8829D497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{427A2EF8-9381-436B-B79A-2116CA79F6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{434D6C9D-C96B-480B-968A-81BB035984FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{44FBDDD9-4B68-46E3-A31E-4FBD772B3575}" = protocol=17 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{4612CF14-DC42-44C5-BCCB-D04AAF284A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{467F4A91-456B-460A-9B4E-9CEBBB82C5CD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{46EA5F02-231B-40A3-AA1B-ACE7C87191D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{46F5B27F-8FCF-427B-9051-7B0B06EB4BA8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{470D34AB-C709-4BBA-8A74-8B21CFCE7161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{47557C1C-52DF-48CF-80DC-07709D3333B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{475F6840-5D34-4FD3-B4AA-809AA91FAC56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{480CB022-9061-4747-9BF2-4A8ACE0DF6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{49A6D9FA-3F91-4D14-B812-28199ED97279}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\waveform demo\waveform.exe |
"{49B90CA8-53D1-4102-B3F2-6A28CE59B8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gateways demo\gateways.exe |
"{4B65ECA0-FD6D-4F08-9D43-543A01BB3397}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4BF13D70-0EFC-4B72-8122-AD7B78361EAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D49F35C-431A-4840-943D-97D3569577EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{53E98F3B-149D-48E1-8154-29D062CB371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{541BC669-5C65-47EA-AC45-37B1C11117F6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5700D215-FCFC-466B-8160-C5BF1E535D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{5720695B-05C7-4713-B132-AFDA52746706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{5787295B-C620-4E6E-AD9C-582497A9DFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{57CAEA72-3580-4333-905C-F11FE74B3CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CAE0A55-B591-451B-A39A-589291C2DD2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |
"{5E41DC16-0E87-482D-A737-AB25DB21CBCC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5EA4D163-8E75-4BE3-80C5-5831F21EA25B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA81ACF-C636-4170-9CCF-33AA6AC1B184}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{6042AC42-1C35-4A52-BED1-20270246718B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{615F4919-C829-48EF-9345-F7432529A38F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{62BD0121-2D79-4EE2-B196-65E10C68D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zeit2demo\zeit2demo.exe |
"{62F9426D-FB8B-4FF8-A880-EFC4A168F727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69429CD5-48AA-4956-A8D6-C9EFBB161596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{69AD0433-7E2E-46F3-82AE-6FC4F16BC094}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah demo\hellyeah.exe |
"{6A12B38A-1849-4642-AA1D-93B86E5DFD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\townsdemo\towns.exe |
"{6B8C93ED-5A8B-4391-B571-D1DE5103245F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{6DA9B463-F4A8-4CC8-92AD-542D4A42E4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{711AD83D-D311-4B4D-9632-21DEFF874697}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7124BE5E-3EE4-4D61-97CB-C33DEF024FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{7159CA44-AA4C-46AF-B694-1BD87C2615BE}" = protocol=6 | dir=in | app=c:\users\georg\downloads\solutoinstaller-e6b8ast5l2_u64642036.exe |
"{71DEFC4B-960B-421C-940F-16C6D3C4BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{74EFEA79-D65C-4B92-8461-C31636966557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{7540E045-8BBB-4386-858B-F65126882C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{76842340-811A-4F5F-81D5-4A5FFB31FC48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{76D17AA4-EE08-4762-9FE8-91DA1AE678A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{76DB1ADD-A282-4D9D-A5F8-9418DFAC7F22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe |
"{7AF4BF6F-46AB-4FE4-8AAA-1F143BFBF696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B4E2733-4EEA-4CD1-B625-75C6665D26F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{7B964A17-BBB8-4F13-80FA-A5A3AAF05E23}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{7D908B10-1C38-4769-9A75-BC9D66A95860}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EEC5345-F3A9-44FA-B1C8-C78CF3882D21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
"{82232176-6EB4-4766-AE60-377E53E8433D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{8392C022-59A5-46AE-BEAA-C8D7C98C3C68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dynamite jack\dynamite jack.exe |
"{846B17A4-D3EF-4965-A0C5-50C1FB451412}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{84A69656-BB6B-4F93-A718-165CF398DE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{88046B5F-9BC7-43FB-A411-E1B2A51E73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{893090A5-69E6-466F-83C0-8F9519F9E182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AD37577-D455-470E-8D86-93CCC3A2A70C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe |
"{8B31E6FF-71EB-413D-A73A-7E7C65B69995}" = protocol=6 | dir=out | app=system |
"{8B8D8B72-72E5-4CC9-A16B-178987701E82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CD3848E-3792-49A9-8F38-D3F7B98045DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{8E085FDA-E838-47E8-936F-9A1E21D02080}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{8E0CBC34-FCED-4277-A804-E6FECC0D95A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{91483DEA-C659-4458-A059-19D546C17096}" = protocol=17 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{920C4FCF-E1D8-4344-B758-CA8796D9E0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\q.u.b.e. demo\binaries\win32\qube_demo.exe |
"{92179944-7ADD-4223-B71F-C6FC0F7959AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{93174BB3-72AC-4213-A6D2-A7782D11ADE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{9322A2FC-3687-4562-AB7D-B6EA3773A935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{93277BBD-7088-49B3-8A1C-F536A6D4C98E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{935A3F39-502F-49BF-8CF9-CD222FF4DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{96B6EF2D-E1D5-4B2F-8791-316F6143168C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{9A798454-2512-424B-808E-70EC7EC85EF5}" = protocol=6 | dir=in | app=c:\users\georg\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B2C2901-C10B-4B31-9417-DADF99C877EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{9BC448A0-B9D4-42E3-AEF5-33D211DD23B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2 demo\trine2_launcher.exe |
"{9C773F63-480D-48D9-851E-B5F3D7BB3A76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{9DE63EEC-B64E-49E8-84DD-7D7E243B8E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{9E41C02B-A035-492A-BD20-D6DE1605C802}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A04DF716-F363-4879-B078-D60427D28276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A18AEDC3-1A03-4830-9748-A7F2457CE7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A2A547EE-AD30-46DB-B9FD-A818575E6174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{A31F1703-50A7-4B01-9502-A7BD5D1B3F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{A453E21A-8A79-4B27-A20D-6805A1D85AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{A559068F-2D8B-4CDB-A6DF-410A69DEF9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snapshot\snapshot.exe |
"{A8DBDFD4-5B05-4017-83FB-A7DC47FC4FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{A95C8862-2AB8-495F-A5A4-3733FBBCDD62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{AA52B48A-879D-4464-923C-5511DDB6FCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
"{AC3D4983-B57B-4871-92B6-FC6C2EA507CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{AEEBC0BE-2D38-488A-8F20-B79974B37112}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B03FCE91-C4C4-41EC-985D-E897A654E843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{B0880123-0CE1-4EF8-8608-FF6261859FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{B242223F-BCD1-424E-AA0E-224E8B63D74E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B63951A2-E054-45C0-9245-F98020C8C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe |
"{B89C6ADF-1216-45BB-BA84-3A1686B49FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{B8E92B81-2811-48C5-9598-25E1D34386DF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{BB6922F2-C7F1-439A-9C8C-1AB22ADE378A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dollar dash demo\binaries\win32\pkgame-win32-shipping.exe |
"{C162DFD1-C932-4E4F-9662-44A07B948156}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\configurationtool.exe |
"{C1B1965F-A9B8-410A-BA78-7E7704BD4BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{C297135B-BE85-4F1D-B112-EFF03F01942A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C399995E-F22C-4FE9-9E44-E2B55EA34AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{C3EEEF3B-0E35-452E-8B9A-D0C622EAB5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{C8BAB87C-33BF-4EE1-8957-CAF1C24A8A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{C9731A15-D389-48C6-A389-0AD36A3CF68B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{CAA57CAA-DC97-4861-9017-6C404866A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{CC64B360-7F7A-4B48-A85C-99B3FE5CF7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\construct2\construct2.exe |
"{CDFF82B8-4954-43DA-A77E-F4B2A9CA460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{CE891ECD-C565-4C82-A218-7101E2BE0E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0607D3A-E6C6-4589-9283-57739F3B710B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D0A4A1C1-43BF-478F-A5B2-BF70F4BA521E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{D296F08E-E7CC-4C23-AB17-47135ACDF78E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{D3981BAB-E311-4F43-883E-0550CA69FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{D426FE15-4A86-4845-B47F-BED0B7AC2202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations demo\sonicgenerations.exe |
"{D6A9F131-42B1-4E04-AE00-F0D65AF04911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{D758E625-5793-489E-85BA-F5EB1F614A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe |
"{D7F8B1E8-F136-4CEA-9EA0-143F4F931A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{DA0F39D1-1569-4B16-8AC3-D34A7644B32D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{DA8F01BE-0ECE-45AF-8372-741220F7DD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{DB162B2A-F9F1-4E5E-9445-EF2F43DCE4AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE0671C5-72BC-4A3A-B763-B97223DA59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{DE455E1C-7593-48D9-8597-D08A16BE2C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0666A68-A218-4559-A03B-3D35E951497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{E189450A-7912-454F-8A96-20D24425895A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{E30DE2B0-6398-4ECF-B9D8-658E2BA94C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{E5D89B0E-3D6A-45BC-B3DB-D4F0ADD1CFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{E889CD10-C4FC-42FA-BE6B-F2D41CB61AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a virus named tom\avnt.exe |
"{E8E5251B-342D-47ED-99A9-6016311F551B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splice\splice.exe |
"{EA36A1E3-5953-41BD-9381-2E5D7E3C27AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\and yet it moves demo\and yet it moves demo steam.exe |
"{ED3AACEA-C243-4383-88F0-37E492E627C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{EEBDA06C-531C-4640-ACC2-A23B7912880B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{EF335C66-8A29-43E1-A17A-FF54C8C0AFE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EFE42277-DA04-44FF-BDF3-76C0E6B8A5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge demo\edge.exe |
"{F3016282-04FE-420B-A647-F2ED96A7A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{F33F69CA-A13D-458D-A79B-261DEC63F6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{F45077E5-AD36-400D-80C7-C7F5F8AFD506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{F472FA3D-59CA-4919-BE4A-4F6359518620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe |
"{F5062766-4699-4AE0-999F-0540885A0515}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F55EC96F-663F-46B0-8575-4DA801F0222A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe |
"{F6597ED9-57BC-4FC5-9308-27B41005891D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe |
"{F711FBE5-454B-42C6-A788-CDDE0DF5F143}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{FBF32FE3-14FD-4390-A6F3-03DCBF487AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{FC5492EE-386E-4D4B-BFCB-029BB64AB48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe |
"{FD727837-671D-4BB7-BFCE-478174A96334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{FFEF1B46-0A1A-4DA9-B419-885A4AD0D4C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{061FD767-3EF5-47E5-A5D9-06A56A2A4CE6}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"TCP Query User{1AE0815C-48B0-4EA7-ABA6-95E313661AE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{2C010792-5C69-484A-B1D2-4DB246405488}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{4881578F-5A0E-4687-BF89-DAF2A0DDAF32}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6803224E-F28E-48C4-BAA6-986CFC932FD6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{7AF1649D-C5BC-474B-A8DF-99DD811691A0}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"TCP Query User{8E4D48EB-FFA5-48DC-A32F-9CEF7481F9DE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{32E80EE3-7E4D-4517-8B08-F193D3A5A801}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{5F63CE62-58D0-45EA-8A74-C551004C101F}C:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\georg\appdata\local\temp\rarsfx0\medionfinder.exe |
"UDP Query User{799FD4E8-2B74-482A-9944-87F788E22035}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{81819816-26CE-4937-BB26-EF234A999772}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe |
"UDP Query User{937C1AB7-FB42-4F92-B2A6-5CB8098AA855}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DBBF1DEF-B301-497C-B95F-F1DDB4BE1AEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{DC1BB29D-3017-4E13-BA12-48E551B92548}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34307828-B2DB-4473-A803-A314FC7AA889}" = Soluto
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA8B68C-2576-4A4A-83BA-47941201FFB3}_is1" = skate's Thumbnail Tool Version 1.0.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FA06473-23F0-4372-8DD5-1EAE42503D93}" = MAGIX Video easy TERRATEC Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3629C581-D8D2-477E-A40E-D5E351DF066B}" = MAGIX Speed burnR (MSI)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDE6551-766A-4654-8F3A-838F0BCF15D1}_is1" = skate's Thumbnail Tool Version 1.0.0
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709F7985-34DD-4F49-9F91-D429D3B49D26}_is1" = skate's Thumbnail Tool Version 1.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789C9644-9F82-44d3-B4CA-AC31F46F5882}" = Python 3.2.3
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B083076F-BCCB-4710-A4B1-6512134A16DE}" = Oozi: Earth Adventure
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B2DC0B6C-C969-43B9-B6C3-6A6C1CAD46DF}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akademie der Magie" = Akademie der Magie
"Audacity_is1" = Audacity 2.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled 3" = Bejeweled 3
"Bejeweled Twist 1.0.3.8137" = Bejeweled Twist 1.0.3.8137
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Deluxe 1.131" = Bookworm Deluxe 1.131
"Build-a-lot" = Build-a-lot
"Build-a-lot 2" = Build-a-lot 2
"Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.1.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cave Story" = Cave Story
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crazy Machines Elements_is1" = Crazy Machines Elements
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Das Drachenei: Die Geschichte des Wanderers" = Das Drachenei: Die Geschichte des Wanderers
"Das Geheimnis des Bermudadreiecks" = Das Geheimnis des Bermudadreiecks
"Das Reich des Drachen" = Das Reich des Drachen
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Diamond Drop 2" = Diamond Drop 2
"Die Wiege Ägyptens" = Die Wiege Ägyptens
"Die Wiege Roms" = Die Wiege Roms
"Dinos & Bubbles" = Dinos & Bubbles
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Flyonoid" = Flyonoid
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Gardenscapes_is1" = Gardenscapes
"GOGPACKCAPSIZED_is1" = Capsized
"GOGPACKDEPONIA_is1" = Deponia
"GOGPACKNEWBEGINNING_is1" = A New Beginning
"GOGPACKPID_is1" = Pid
"GOGPACKTREASUREADVENTUREGAME_is1" = Treasure Adventure Game
"Hammer Heads 1.0" = Hammer Heads 1.0
"Harvey" = Harveys Neue Augen
"Hühner-Rache Deluxe (VOLLVERSION)" = Hühner-Rache Deluxe (VOLLVERSION)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jumpin’ Jack" = Jumpin’ Jack
"Magic Encyclopedia" = Magic Encyclopedia
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Video_easy_3_TerraTec" = MAGIX Video easy TERRATEC Edition
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Meine kleine Farm" = Meine kleine Farm
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Music Creator LE_is1" = Music Creator LE 5.0.6
"MuVo Driver" = Creative Mass Storage Drivers
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"Nebel der Elfen" = Nebel der Elfen
"Nintendo_History_ScreenSaver" = Nintendo_History_ScreenSaver
"Nintendo_SMG2_ScreenSaver" = Nintendo_SMG2_ScreenSaver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Perspective" = Perspective 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Puddle_is1" = Puddle
"RenegadeKidMutantMudds" = Mutant Mudds (remove only)
"Schatzinsel 2 (Vollversion)" = Schatzinsel 2 (Vollversion)
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sheep’s Quest" = Sheep’s Quest
"Smash Frenzy 4" = Smash Frenzy 4
"Snowy" = Snowy
"Snowy Lunch Rush" = Snowy: Lunch Rush
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 107110" = Bastion - Demo
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding of Isaac
"Steam App 12910" = Audiosurf Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 200900" = Cave Story+
"Steam App 202290" = Sonic Generations Demo
"Steam App 202730" = Dynamite Jack
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204220" = Snapshot
"Steam App 204260" = Trine 2 Demo
"Steam App 204300" = Awesomenauts
"Steam App 204610" = Q.U.B.E. Demo
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207080" = Indie Game: The Movie
"Steam App 207100" = Castle Crashers Demo
"Steam App 207170" = Legend of Grimrock
"Steam App 207270" = DiRT Showdown Demo
"Steam App 207650" = A Virus Named TOM
"Steam App 208070" = Waveform Demo
"Steam App 209790" = Splice
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212560" = Hell Yeah! Demo
"Steam App 214790" = The Basement Collection
"Steam App 214850" = GameMaker: Studio
"Steam App 215770" = Shad'O
"Steam App 216310" = Gateways Demo
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219680" = Proteus
"Steam App 220740" = Chaos on Deponia
"Steam App 220780" = Thomas Was Alone
"Steam App 221030" = Towns Demo
"Steam App 221260" = Little Inferno
"Steam App 221620" = Dollar Dash Demo
"Steam App 221640" = Super Hexagon
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224520" = FLY'N Demo
"Steam App 227240" = Construct 2 Free
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 33400" = Zeit² Demo
"Steam App 35710" = Trine Demo
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38750" = EDGE Demo
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 42170" = Krater
"Steam App 49600" = Beat Hazard
"Steam App 50010" = Nimbus Demo
"Steam App 57800" = Doc Clock: The Toasted Sandwich of Time
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 70300" = VVVVVV
"Steam App 72000" = Closure
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 99700" = NightSky
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Strikeball 3" = Strikeball 3
"Super Mario Brothers 2 Screensaver" = Super Mario Brothers 2 Screensaver
"Superkuh" = Superkuh
"SysInfo" = Creative-Systeminformationen
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"Turtix" = Turtix
"Turtix 2" = Turtix 2
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo (entfernen)
"Yumsters 2" = Yumsters 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2013 13:35:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.06.2013 13:35:31 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.06.2013 13:45:07 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.06.2013 17:44:45 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 01.06.2013 14:16:25 | Computer Name = Georg-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Gruß, Georg aka Juri9 P.S.: Ich finde es merkwürdig, wie das ganze mit dem Zeichenlimit funktioniert. Bei neuen Postings werden die Sachen entweder an den letzten Post angehängt oder, wenn zu lang, ein neuer Post erstellt. Das könnte mit der Reihenfolge leicht verwirren :'D Geändert von Juri9 (01.06.2013 um 23:12 Uhr) Grund: Das Nachwort |
|
02.06.2013, 06:42
| #14 |
| /// the machine /// TB-Ausbilder | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar?Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledAddons: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2013.05.04 08:50:20 | 000,651,215 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.05.04 08:50:20 | 003,242,364 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2013.03.20 19:10:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2764890169-2354917355-972681180-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:Commands
[emptytemp]
Was macht Firefox?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2013, 07:56
| #15 |
| | Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? Log: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: %7Bc0c588b6-b11d-4898-af00-079fed05aa32%7D:20.1 removed from extensions.enabledAddons
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\stefanvandamme@stefanvd.net.xpi moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi moved successfully.
C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\00tp9q8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2764890169-2354917355-972681180-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andere
->Temp folder emptied: 57341230 bytes
->Temporary Internet Files folder emptied: 523216449 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 172506406 bytes
->Google Chrome cache emptied: 400093784 bytes
->Flash cache emptied: 5843 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Georg
->Temp folder emptied: 1127797942 bytes
->Temporary Internet Files folder emptied: 914095451 bytes
->Java cache emptied: 983530 bytes
->FireFox cache emptied: 1141509060 bytes
->Opera cache emptied: 21475361 bytes
->Flash cache emptied: 65276 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 504984879 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.639,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_084026
Files\Folders moved on Reboot...
C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georg\AppData\Local\Temp\PDApp.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Gruß, Georg aka Juri9 |
|
| Themen zu Virus ahoi! "Portaldosites" in jedem Browser, MBAM-Fund, nicht löschbar? |
| administrator, autostart, avast, browser, datei, dateien, explorer, firefox, gelöscht, infizierte, internet, internet explorer, log, löschen, malwarebytes, malwarebytes anti-malware, neue, nicht löschbar, portaldosites, programm, scan, seite, seiten, startseite, temp, virus, zurücksetzen |
Textbox. 
Linear-Darstellung
