![]() |
Plagegeister aller Art und deren Bekämpfung: Anständig hohe Ram AuslastungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Anständig hohe Ram Auslastung Hallo Leser/Leserinnen! Seit gestern habe ich ein etwas größeres Problem: Mein neuer Laptop (Medion Erazer X7819) rennt unter ständiger 80-90% RAM auslastung, auch gleich nach dem Start, obwohl ich nichts mache. Im Taskmanager hab ich schon nachgesehen, dort finden sich aber nur wenige Prozesse vor und wenn man den dort angezeigten Arbeitsspeicher zusammenrechnet komme ich gelegentlich auf 2 GB RAM, dabei hat mein PC eigentlich 16!!! (Ja ich weiß das Betriebssystem braucht auch etwas aber dass das 14 von 16 braucht scheint mir komisch) Nun habe ich schon einen Antivira Virenscan durchgeführt und nichts gefunden, und da das Problem immernoch besteht und es beim Gaming doch extremst nervt, wollte ich euch fragen, ob ihr mir da weiterhelfen könnt. Ich hoffe auf baldige Antwort und schon einmal ein großes Dankeschön an alle, die sich Zeit nehmen um mir Hilfe zu erstatten! |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anständig hohe Ram Auslastung Hi,
__________________kann natürlich mehrere Ursachen haben.. Aber da wir hier ein Malwarebereinigungsforum sind, können wir mal diesen Aspekt genauer unter die Lupe nehmen: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ |
![]() | #3 |
| ![]() Anständig hohe Ram Auslastung Okay, hier sind die erstellten Logfiles:
__________________Inhalt von OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.06.2013 17:27:24 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Markus\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,89 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 6,93% Memory free 31,89 Gb Paging File | 15,52 Gb Available in Paging File | 48,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 636,92 Gb Total Space | 422,16 Gb Free Space | 66,28% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 39,34 Gb Free Space | 65,57% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MEXEROSERS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.17 17:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe PRC - [2013.06.17 17:25:54 | 000,050,477 | ---- | M] () -- C:\Users\Markus\Downloads\Defogger.exe PRC - [2013.06.14 13:21:11 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\MSOSYNC.EXE PRC - [2013.06.07 18:28:06 | 001,302,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2013.06.07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2013.06.07 00:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.04.26 14:07:32 | 001,374,096 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe PRC - [2013.04.15 20:23:10 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.21 05:33:38 | 000,806,784 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2013.03.19 20:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.15 18:45:18 | 005,202,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Asc.exe PRC - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe PRC - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe PRC - [2012.09.25 17:38:08 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\SCM\MSIService.exe PRC - [2012.09.06 06:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.09.01 20:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.08.27 10:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.07.30 09:17:20 | 000,258,576 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe PRC - [2012.07.17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.07.13 17:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe PRC - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe ========== Modules (No Company Name) ========== MOD - [2013.06.17 17:25:54 | 000,050,477 | ---- | M] () -- C:\Users\Markus\Downloads\Defogger.exe MOD - [2013.06.15 01:54:19 | 013,140,872 | ---- | M] () -- C:\Users\Markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll MOD - [2013.06.14 13:15:51 | 000,358,056 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\c2r32.dll MOD - [2013.06.14 13:15:49 | 000,313,000 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll MOD - [2013.06.07 00:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.06.05 19:21:59 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8da760064c3905955f238581c0745323\System.IdentityModel.ni.dll MOD - [2013.06.05 19:21:57 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\e1128d7f077daee61910ff4f86cc1227\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2013.06.05 19:21:55 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\019e322f0b91c88501f2d308b1a70315\IAStorCommon.ni.dll MOD - [2013.06.05 19:21:11 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\342ba26f59d438da1b1136e3e07628e4\IAStorUtil.ni.dll MOD - [2013.06.05 19:21:01 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6dbc4794082bffd0ad3e2dcc750a2035\SMDiagnostics.ni.dll MOD - [2013.06.05 19:21:00 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\98bf7d68f19f0a2dd15b26f97771ec24\System.ServiceModel.Internals.ni.dll MOD - [2013.06.04 20:50:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.06.04 20:50:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll MOD - [2013.06.04 20:50:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.06.04 20:50:17 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.06.04 20:50:10 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2013.06.04 20:50:00 | 007,562,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bacedff71df875743daa9064b85c4e66\System.Xml.ni.dll MOD - [2013.06.04 20:49:55 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1bc35bb3e6a392c0fef52bc289e6d3d9\System.Windows.Forms.ni.dll MOD - [2013.06.04 20:49:46 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ea94ce8e71afd55226ced104e6e832ce\System.ServiceModel.ni.dll MOD - [2013.06.04 20:49:34 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\065a34657d599a218b43196a1be4c8d2\System.Runtime.Serialization.ni.dll MOD - [2013.06.04 20:49:30 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9eff07ed10b6ae9f9b1159a7d3612fcb\System.Drawing.ni.dll MOD - [2013.06.04 20:49:24 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\15cfd8d46cc19704f61dac68b2378760\System.Configuration.ni.dll MOD - [2013.06.04 20:49:01 | 006,998,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b3d842ef956729e3ca0a3bc5e37ea6d8\System.Core.ni.dll MOD - [2013.06.04 20:48:57 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\eaa570735a52e0010d3e9caa9ba50124\System.ni.dll MOD - [2013.06.04 20:48:51 | 016,547,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93689d115589e64dd4912f7113a11656\mscorlib.ni.dll MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.05.07 03:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl MOD - [2012.10.15 10:53:40 | 001,229,696 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Scan.dll MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll MOD - [2012.09.05 18:55:28 | 000,516,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\sqlite3.dll MOD - [2012.08.28 04:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.06.08 13:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.04.14 15:42:02 | 000,224,600 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\Scan\smartscn.dll MOD - [2011.11.22 10:50:56 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\trufos.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.06.07 17:10:22 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.06.05 05:36:40 | 000,031,448 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe -- (RzOvlMon) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.04.26 14:07:40 | 001,498,000 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService) SRV - [2013.03.19 20:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe -- (ASCAntivirusSrv) SRV - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe -- (AdvancedSystemCareService6) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.19 13:27:10 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) SRV - [2012.09.25 17:38:08 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\SCM\MSIService.exe -- (Micro Star SCM) SRV - [2012.09.25 01:08:16 | 000,490,496 | ---- | M] () [Auto | Stopped] -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service) SRV - [2012.09.21 14:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.13 06:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.09.06 06:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.08.27 10:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.08.15 19:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 14:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.07.18 14:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.07.18 14:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.07.18 14:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.07.17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service) SRV - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.10 17:28:37 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:64bit: - [2013.06.05 05:24:14 | 000,128,856 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RzDxgk.sys -- (RzDxgk) DRV:64bit: - [2013.06.05 05:24:14 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RzFilter.sys -- (RzFilter) DRV:64bit: - [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.05.12 23:42:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.04.18 22:45:48 | 000,021,320 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\droidpad.sys -- (droidpad) DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.25 01:09:26 | 000,074,096 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\bwcW8x64.sys -- (BfLwf) DRV:64bit: - [2012.09.25 01:09:24 | 000,164,720 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e22w8x64.sys -- (Ke2200) DRV:64bit: - [2012.09.20 11:50:39 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.17 16:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.13 08:26:34 | 004,293,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.09.01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.08.29 10:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.08.27 10:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012.08.07 17:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu) DRV:64bit: - [2012.08.07 17:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RTL8192cu) DRV:64bit: - [2012.08.06 13:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.23 18:35:44 | 000,295,760 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.19 07:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche ? Websuche & Suchmaschine IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {BB5C0802-5901-49F3-A8BC-DD6D0E2280C3} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0BDBA2AC-AEB5-4DB8-842A-AC40764EBF8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKCU\..\SearchScopes\{BB5C0802-5901-49F3-A8BC-DD6D0E2280C3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Markus\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: Yahoo! Suche ? Websuche & Suchmaschine CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: Google Docs = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: AdBlock = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\ CHR - Extension: Speed Dial 2 = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Google Mail = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit) O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe (MSI) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe (MSI) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [GNE_SwapScreen] C:\Users\Markus\AppData\Local\Temp\Rar$EXa0.455\SwapScreen.exe (GNE) O4 - HKCU..\Run: [SkyDrive] C:\Users\Markus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B323494-3757-4F48-8708-4458ABC701A8}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA9F76B-F49D-4ACD-9C09-321C60C9797E}: DhcpNameServer = O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.06.17 15:58:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\NVIDIA [2013.06.17 15:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.06.17 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.06.17 15:53:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.06.17 15:53:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.06.17 15:51:28 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2013.06.17 15:23:01 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.06.16 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} [2013.06.16 18:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F} [2013.06.16 18:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate [2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar [2013.06.16 18:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2013.06.16 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013.06.16 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Apple Computer [2013.06.16 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013.06.16 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\IObit [2013.06.16 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.06.16 17:52:29 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira [2013.06.16 17:48:19 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.16 17:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.16 17:46:26 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.06.16 17:46:26 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.06.16 17:46:26 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.16 17:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.16 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.13 15:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices [2013.06.10 17:28:37 | 000,090,624 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys [2013.06.10 17:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable [2013.06.10 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable [2013.06.08 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidPad [2013.06.08 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\droidpad [2013.06.08 15:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\DroidPad [2013.06.08 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Stardock_Corporation [2013.06.08 11:19:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Stardock [2013.06.08 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\DisplayFusion [2013.06.08 11:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Binary Fortress Software [2013.06.08 11:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion [2013.06.08 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion [2013.06.08 11:00:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\DisplayFusion Backups [2013.06.08 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\BitTorrent [2013.06.07 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\raidcall [2013.06.07 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall [2013.06.07 20:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall [2013.06.07 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall [2013.06.07 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Mumble [2013.06.07 19:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2013.06.07 19:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble [2013.06.07 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\MotioninJoy [2013.06.07 19:08:48 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2013.06.07 19:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy [2013.06.07 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2013.06.06 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Razer [2013.06.06 19:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms [2013.06.06 19:07:13 | 000,128,856 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys [2013.06.06 19:07:13 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys [2013.06.06 19:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core [2013.06.06 19:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2013.06.06 19:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2013.06.06 16:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.06.06 16:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.06 16:46:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.06.05 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader [2013.06.05 20:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader [2013.06.05 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications [2013.06.04 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\iWisoft Free Video Converter [2013.06.04 22:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWisoft Free Video Converter [2013.06.04 22:15:40 | 000,139,264 | ---- | C] (Xvid.org: Home of the Xvid Codec) -- C:\Windows\SysWow64\xvid.ax [2013.06.04 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWisoft Free Video Converter [2013.06.04 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Meine empfangenen Dateien [2013.06.04 09:15:02 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.06.04 09:15:00 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.06.03 20:41:54 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2013.06.02 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\ElevatedDiagnostics [2013.06.01 14:57:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\LolClient [2013.06.01 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\League of Legends [2013.06.01 13:08:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\PMB Files [2013.06.01 13:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.06.01 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.05.31 16:29:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Black_Tree_Gaming [2013.05.31 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2013.05.31 16:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2013.05.31 16:24:46 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Skyrim [2013.05.31 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Unity [2013.05.31 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Unity [2013.05.31 10:02:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\GNE [2013.05.30 23:30:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.30 18:31:23 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\SCE [2013.05.30 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Media Player Classic [2013.05.30 18:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 [2013.05.30 18:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2013.05.30 18:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64 [2013.05.30 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64 [2013.05.30 18:16:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Programs [2013.05.30 17:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.05.30 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.30 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.05.30 17:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.05.30 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.30 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Adobe [2013.05.30 16:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.05.30 16:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.30 16:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.05.30 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Lenovo [2013.05.30 14:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.05.30 14:15:11 | 000,000,000 | ---D | C] -- C:\Fraps [2013.05.30 13:56:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Macromedia [2013.05.30 13:36:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\CyberLink [2013.05.30 12:22:35 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\ms-drivers [2013.05.30 12:22:34 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\MetaGeek,_LLC [2013.05.30 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek [2013.05.30 12:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek [2013.05.30 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Diagnostics [2013.05.30 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Benutzerdefinierte Office-Vorlagen [2013.05.30 10:09:51 | 000,000,000 | R--D | C] -- C:\Users\Markus\SkyDrive [2013.05.30 10:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.05.30 10:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.05.30 10:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.05.30 09:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.05.30 09:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.05.30 09:11:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\NVIDIA [2013.05.30 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\.minecraft [2013.05.30 08:39:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TS3Client [2013.05.30 08:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.05.30 08:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.05.30 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2013.05.30 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2013.05.30 01:26:26 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.05.30 01:26:16 | 000,000,000 | ---D | C] -- C:\Windows.old [2013.05.30 00:55:31 | 000,000,000 | -H-D | C] -- C:\$SysReset [2013.05.30 00:00:23 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Skype [2013.05.30 00:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.05.29 23:58:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\WinRAR [2013.05.29 23:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.29 23:58:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.29 23:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.29 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.05.29 23:55:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\LogMeIn Hamachi [2013.05.29 23:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.29 23:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.29 23:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2013.05.29 23:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2013.05.29 23:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2013.05.29 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.05.29 23:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.05.29 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google [2013.05.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Deployment [2013.05.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Apps [2013.05.29 23:39:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.05.29 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Medion usw [2013.05.29 23:39:27 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Intel Corporation [2013.05.29 23:38:46 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\CyberLink [2013.05.29 23:38:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\MSI [2013.05.29 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Power2Go8 [2013.05.29 23:37:43 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\Searches [2013.05.29 23:37:19 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.29 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Adobe [2013.05.29 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\VirtualStore [2013.05.29 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Intel [2013.05.29 23:33:21 | 000,000,000 | --SD | C] -- C:\Users\Markus\AppData\Roaming\Microsoft [2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\Favorites [2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\Desktop [2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.29 23:33:21 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Vorlagen [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Verlauf [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Temporary Internet Files [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Startmenü [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\SendTo [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Recent [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Netzwerkumgebung [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Lokale Einstellungen [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Videos [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Musik [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Eigene Dateien [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Bilder [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Druckumgebung [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Cookies [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Anwendungsdaten [2013.05.29 23:33:21 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Anwendungsdaten [2013.05.29 23:33:21 | 000,000,000 | -H-D | C] -- C:\Users\Markus\AppData [2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Temp [2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\Roaming [2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft [2013.05.29 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Programme [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.05.29 23:30:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.05.29 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.05.28 17:10:29 | 000,000,000 | ---D | C] -- C:\Games [2013.05.28 17:08:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Nexus Mod Manager [2013.05.27 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\my games [2013.05.27 18:59:33 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.05.27 18:18:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\.swt [2013.05.26 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Avatar [2013.05.26 19:05:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.26 18:59:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\CyberLink [2013.05.26 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Guild Wars 2 [2013.05.26 16:36:12 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.05.26 16:22:29 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Youcam [2013.05.26 16:20:52 | 000,000,000 | R--D | C] -- C:\Users\Markus\Contacts [2013.05.26 16:19:52 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Packages [2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Pictures [2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Music [2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links [2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Downloads [2013.05.26 16:19:32 | 000,000,000 | R--D | C] -- C:\Users\Markus\Documents [2013.05.26 16:19:31 | 000,000,000 | R--D | C] -- C:\Users\Markus\Videos [2013.05.26 16:19:31 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Markus\Documents\*.tmp files -> C:\Users\Markus\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.17 17:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable [2013.06.17 16:47:23 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.17 15:55:04 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.06.17 15:18:15 | 000,007,621 | ---- | M] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg [2013.06.17 15:07:56 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.17 15:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.16 22:14:04 | 000,137,216 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\RZR_00705e9a40c9ab19f89c8d6c5e35.db [2013.06.16 18:53:46 | 000,001,250 | ---- | M] () -- C:\Users\Markus\Desktop\Razer Comms.lnk [2013.06.16 18:12:17 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk [2013.06.16 18:02:58 | 000,000,000 | ---- | M] () -- C:\search.sqlite [2013.06.16 18:02:58 | 000,000,000 | ---- | M] () -- C:\prefs.js [2013.06.16 17:48:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.16 17:46:39 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.13 20:25:41 | 000,791,060 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.06.13 20:25:41 | 000,786,588 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.06.13 20:25:41 | 000,782,014 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.06.13 20:25:41 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 20:25:41 | 000,731,582 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2013.06.13 20:25:41 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 20:25:41 | 000,456,714 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2013.06.13 20:25:41 | 000,427,352 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2013.06.13 20:25:41 | 000,174,554 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2013.06.13 20:25:41 | 000,159,122 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.06.13 20:25:41 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 20:25:41 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.06.13 20:25:41 | 000,153,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.06.13 20:25:41 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.13 20:25:41 | 000,081,986 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2013.06.13 20:25:41 | 000,079,958 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2013.06.13 20:25:40 | 006,521,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.10 18:25:08 | 004,818,070 | ---- | M] () -- C:\Users\Markus\Documents\Too Many Dicks On The Dancefloor - Flight Of The Conchords.mp3 [2013.06.10 17:28:37 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys [2013.06.08 15:35:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.06.08 11:19:32 | 000,002,030 | ---- | M] () -- C:\Users\Markus\Desktop\Customize Fences.lnk [2013.06.08 11:03:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [2013.06.08 10:52:10 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2013.06.07 20:04:56 | 000,001,011 | ---- | M] () -- C:\Users\Markus\Desktop\RaidCall.lnk [2013.06.07 20:04:56 | 000,001,011 | ---- | M] () -- C:\Users\Markus\Desktop\RaidCall (2).lnk [2013.06.07 19:48:02 | 000,002,385 | ---- | M] () -- C:\Users\Markus\Documents\MumbleAutomaticCertificateBackup.p12 [2013.06.07 19:08:49 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2013.06.07 18:58:59 | 038,826,181 | ---- | M] () -- C:\Users\Markus\Desktop\hammerwatch_beta_1.04.zip [2013.06.06 23:24:36 | 007,078,480 | ---- | M] () -- C:\Users\Markus\Documents\Raubkopierer Werbung Video Pirating Commercial.avi [2013.06.06 21:48:28 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.06 21:48:28 | 000,002,187 | ---- | M] () -- C:\Users\Markus\Desktop\Google Chrome.lnk [2013.06.06 19:24:58 | 005,069,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.06 19:24:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.06 19:24:27 | 767,967,229 | -HS- | M] () -- C:\hiberfil.sys [2013.06.06 19:07:23 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk [2013.06.06 19:07:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf [2013.06.06 16:46:55 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.06 16:46:55 | 000,002,517 | ---- | M] () -- C:\Users\Markus\Desktop\Skype.lnk [2013.06.05 20:36:39 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.06.05 05:24:14 | 000,128,856 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys [2013.06.05 05:24:14 | 000,074,456 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys [2013.06.04 22:15:41 | 000,001,077 | ---- | M] () -- C:\Users\Markus\Desktop\iWisoft Free Video Converter.lnk [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.06.02 17:00:19 | 000,000,000 | -H-- | M] () -- C:\Users\Markus\Documents\Default.rdp [2013.06.01 14:56:09 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.05.31 20:47:58 | 000,002,812 | ---- | M] () -- C:\Users\Markus\Desktop\Skyrim.lnk [2013.05.31 16:29:07 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2013.05.31 10:01:48 | 000,216,550 | ---- | M] () -- C:\Users\Markus\Desktop\DualMonitorTools-1.8.zip [2013.05.30 18:21:02 | 000,001,716 | ---- | M] () -- C:\Users\Markus\Desktop\MPC-HC x64.lnk [2013.05.30 18:03:09 | 000,001,079 | ---- | M] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS6 (64 Bit).lnk [2013.05.30 17:18:48 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.05.30 16:47:38 | 000,000,222 | ---- | M] () -- C:\Users\Markus\Desktop\PlanetSide 2.url [2013.05.30 16:41:06 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.05.30 14:15:14 | 000,000,566 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.05.30 12:22:35 | 000,000,037 | -HS- | M] () -- C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420 [2013.05.30 12:21:35 | 000,002,935 | ---- | M] () -- C:\Users\Markus\Desktop\inSSIDer 3.lnk [2013.05.30 08:27:37 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.30 08:27:37 | 000,000,971 | ---- | M] () -- C:\Users\Markus\Desktop\TeamSpeak 3 Client.lnk [2013.05.30 08:21:54 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.05.30 08:21:54 | 000,000,936 | ---- | M] () -- C:\Users\Markus\Desktop\Guild Wars 2.lnk [2013.05.29 23:33:40 | 000,024,768 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.05.29 23:33:40 | 000,024,768 | ---- | M] () -- C:\Windows\diagerr.xml [2013.05.26 17:42:21 | 000,263,186 | ---- | M] () -- C:\Users\Markus\Desktop\Minecraft.exe [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Markus\Documents\*.tmp files -> C:\Users\Markus\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.17 17:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable [2013.06.17 15:55:04 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.06.17 15:15:21 | 000,007,621 | ---- | C] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg [2013.06.16 18:53:46 | 000,001,250 | ---- | C] () -- C:\Users\Markus\Desktop\Razer Comms.lnk [2013.06.16 18:12:17 | 000,001,274 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk [2013.06.16 18:02:58 | 000,000,000 | ---- | C] () -- C:\search.sqlite [2013.06.16 18:02:58 | 000,000,000 | ---- | C] () -- C:\prefs.js [2013.06.16 17:46:39 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.10 18:25:03 | 004,818,070 | ---- | C] () -- C:\Users\Markus\Documents\Too Many Dicks On The Dancefloor - Flight Of The Conchords.mp3 [2013.06.08 15:35:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.06.08 11:38:14 | 000,002,517 | ---- | C] () -- C:\Users\Markus\Desktop\Skype.lnk [2013.06.08 11:37:40 | 000,000,971 | ---- | C] () -- C:\Users\Markus\Desktop\TeamSpeak 3 Client.lnk [2013.06.08 11:37:24 | 000,001,011 | ---- | C] () -- C:\Users\Markus\Desktop\RaidCall (2).lnk [2013.06.08 11:36:50 | 000,000,936 | ---- | C] () -- C:\Users\Markus\Desktop\Guild Wars 2.lnk [2013.06.08 11:36:37 | 000,002,187 | ---- | C] () -- C:\Users\Markus\Desktop\Google Chrome.lnk [2013.06.08 11:19:32 | 000,002,030 | ---- | C] () -- C:\Users\Markus\Desktop\Customize Fences.lnk [2013.06.08 11:03:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [2013.06.08 10:52:10 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2013.06.07 20:04:56 | 000,001,011 | ---- | C] () -- C:\Users\Markus\Desktop\RaidCall.lnk [2013.06.07 19:48:02 | 000,002,385 | ---- | C] () -- C:\Users\Markus\Documents\MumbleAutomaticCertificateBackup.p12 [2013.06.07 19:08:49 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2013.06.07 18:55:58 | 038,826,181 | ---- | C] () -- C:\Users\Markus\Desktop\hammerwatch_beta_1.04.zip [2013.06.06 23:24:27 | 007,078,480 | ---- | C] () -- C:\Users\Markus\Documents\Raubkopierer Werbung Video Pirating Commercial.avi [2013.06.06 19:34:36 | 000,137,216 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\RZR_00705e9a40c9ab19f89c8d6c5e35.db [2013.06.06 19:24:39 | 005,069,520 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.06 19:07:23 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk [2013.06.06 19:07:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf [2013.06.06 16:46:55 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.05 20:36:39 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.06.04 22:15:41 | 000,001,077 | ---- | C] () -- C:\Users\Markus\Desktop\iWisoft Free Video Converter.lnk [2013.06.04 22:15:40 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.06.04 22:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.06.02 17:00:19 | 000,000,000 | -H-- | C] () -- C:\Users\Markus\Documents\Default.rdp [2013.06.01 14:56:09 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.05.31 19:47:13 | 000,002,812 | ---- | C] () -- C:\Users\Markus\Desktop\Skyrim.lnk [2013.05.31 16:29:07 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2013.05.31 10:06:00 | 000,216,550 | ---- | C] () -- C:\Users\Markus\Desktop\DualMonitorTools-1.8.zip [2013.05.30 18:21:02 | 000,001,716 | ---- | C] () -- C:\Users\Markus\Desktop\MPC-HC x64.lnk [2013.05.30 18:19:06 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll [2013.05.30 18:19:06 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2013.05.30 18:03:09 | 000,001,079 | ---- | C] () -- C:\Users\Markus\Desktop\Adobe Photoshop CS6 (64 Bit).lnk [2013.05.30 18:01:07 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2013.05.30 17:59:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2013.05.30 17:58:17 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2013.05.30 17:57:25 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2013.05.30 17:51:02 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.05.30 17:50:54 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.05.30 17:18:48 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2013.05.30 17:18:48 | 000,001,522 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.05.30 16:47:38 | 000,000,222 | ---- | C] () -- C:\Users\Markus\Desktop\PlanetSide 2.url [2013.05.30 16:41:06 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.05.30 14:15:14 | 000,000,566 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.05.30 12:22:35 | 000,000,037 | -HS- | C] () -- C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420 [2013.05.30 12:21:35 | 000,002,935 | ---- | C] () -- C:\Users\Markus\Desktop\inSSIDer 3.lnk [2013.05.30 10:09:50 | 000,002,289 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2013.05.30 08:27:37 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.05.30 08:21:54 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.05.29 23:49:52 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.05.29 23:43:06 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.29 23:42:34 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.29 23:42:32 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.29 23:37:08 | 000,001,442 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.29 23:33:18 | 000,024,768 | ---- | C] () -- C:\Windows\diagwrn.xml [2013.05.29 23:33:18 | 000,024,768 | ---- | C] () -- C:\Windows\diagerr.xml [2013.05.26 17:42:21 | 000,263,186 | ---- | C] () -- C:\Users\Markus\Desktop\Minecraft.exe [2012.12.21 20:08:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.12.21 19:07:15 | 011,387,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.21 02:28:28 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.21 02:28:26 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.21 02:28:25 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.11.05 19:17:55 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.05.30 18:30:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.30 09:50:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\.minecraft [2013.06.17 17:04:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\BitTorrent [2013.06.08 11:08:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DisplayFusion [2013.06.08 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\droidpad [2013.06.16 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\IObit [2013.05.30 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Lenovo [2013.06.01 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\LolClient [2013.06.07 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\MotioninJoy [2013.06.07 19:48:13 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mumble [2013.06.07 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\raidcall [2013.06.08 11:19:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Stardock [2013.06.16 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TS3Client [2013.05.31 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Unity ========== Purity Check ========== < End of report > |
![]() | #4 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anständig hohe Ram Auslastung Ok, fehlen noch die Extras.txt von OTL und das Gmer-Log.
__________________ cheers, Leo |
![]() | #5 |
| ![]() Anständig hohe Ram Auslastung Ahja:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.06.2013 17:27:24 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Markus\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,89 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 6,93% Memory free 31,89 Gb Paging File | 15,52 Gb Available in Paging File | 48,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 636,92 Gb Total Space | 422,16 Gb Free Space | 66,28% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 39,34 Gb Free Space | 65,57% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MEXEROSERS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0176E249-7535-43DF-BAD8-54777C7507CA}" = rport=138 | protocol=17 | dir=out | app=system | "{03896F01-CC8B-486E-B303-4676A5592604}" = lport=2869 | protocol=6 | dir=in | app=system | "{090A1DC6-BBB4-4B4B-9CE1-0927F37F7750}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{10F1A4D1-B44B-4867-A07D-1881C36BE4AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{192405AE-D54E-4A86-A70E-042CB457C543}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F6AEC3B-2881-4E80-AF09-F9DA89AFB107}" = rport=137 | protocol=17 | dir=out | app=system | "{3ED74EEB-8282-4EE1-8411-2FB04DCBF532}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{455D9AD6-F6E9-4487-A3D7-EF5CC13EE333}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{48236E57-1BA0-420C-8D42-002FD75F0D3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4BBC257A-1661-49BA-ADD4-C3F97D29C697}" = rport=139 | protocol=6 | dir=out | app=system | "{52F166AB-C284-402C-AB2B-53D8627A0C5C}" = lport=139 | protocol=6 | dir=in | app=system | "{53CF33F9-CC66-44F2-8743-214497617712}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D520BDF-88CD-4C69-8BB1-62523F292D78}" = lport=10243 | protocol=6 | dir=in | app=system | "{5EA62F86-D0FF-469D-AA98-8BFC214FE9A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61F4FF39-5760-4927-A693-EDC21E116CAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8E244CF6-0550-40A3-8B25-F1037C907DF7}" = lport=137 | protocol=17 | dir=in | app=system | "{B0B8C32B-919B-4053-849B-4DE6169B6ED0}" = rport=10243 | protocol=6 | dir=out | app=system | "{B274B431-3CBB-47C2-89F3-97D6FEB85E85}" = rport=445 | protocol=6 | dir=out | app=system | "{CD30B51D-7BB7-4596-80B5-2C2AB94D2F85}" = lport=445 | protocol=6 | dir=in | app=system | "{DC93626F-97D7-4FCB-9945-B1174AFA77FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED4E753F-1784-4EA9-8652-336F024DB73E}" = lport=138 | protocol=17 | dir=in | app=system | "{F4581076-A732-4B35-BB2A-84F927C223D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F7218085-98A7-483D-8F82-31BF21913E71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FD25F954-8A9C-4390-A540-17EC69F3A746}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024AB87A-3FA9-469D-B27D-975F106D4C51}" = dir=out | name=tuneup incredilock | "{054C91EF-8480-44A3-8885-BB7B10B93DCD}" = dir=out | name=windows_ie_ac_001 | "{0C835C73-3403-46EC-BD85-E6BDB4EBD0B1}" = dir=in | name=@{magix.musicmakerjam_1.6.1013.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/appname} | "{136D9CB5-3FCD-4BEB-B982-CFF274296EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{16EEFFD0-AD86-4274-8A0B-6849339068FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{196941B5-A6B2-46F1-BD4D-516721E47F53}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1A1423BB-F114-46FB-B999-83F82E74C664}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{1E33B2D1-9DE6-47DD-AD80-C07BE9557568}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{210285A7-CA84-4E31-894C-08484E714EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{26BDE0EF-55EC-4906-BF26-BBCCC344BBFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{27E3B9C1-4C70-489F-9EE8-C46E26E9715A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{27F770EB-133C-4A28-B36B-C261BD0447D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{32F824ED-7095-456D-9E77-AB0FBB668090}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{333DA4B5-61FB-4632-97F9-4BA36D5919F2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{345A2000-106A-47B1-8413-04F0A23E4311}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{34C04AA5-5503-49B9-8134-6339CEF2FAD9}" = dir=out | name=microsoft solitaire collection | "{3674AD3C-7036-44B3-84CA-2DA2219C6488}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3839F2B6-01A0-4BB5-832F-500E447349DB}" = dir=in | name=mitchribarytube | "{3D3A0CF4-F45A-4B6D-82F0-BCFD67FB4AA6}" = protocol=6 | dir=out | app=system | "{3D3D8E66-1097-4ABE-8D1A-E314AF19C2D5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{3D9B63AC-ABC9-4237-ACFA-B9EDA41DB8E2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{3E00E9DB-46E5-46D5-B9D9-A0ACA3974C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{403D0122-3820-4E81-A288-D80CD4B97507}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{40FE3C53-C8B4-43EF-84E2-C97EB4A8534D}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{460515BC-D26E-4ACF-B5BA-33436FB98561}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{464951D5-C2E1-4A32-9279-D50BA051D998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{4E1955CF-98DA-4930-AE47-284EE5BA708D}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{5261DAFC-F03D-4AE9-A439-B850B8E0EC69}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | "{5DCB7D45-6F30-4217-BC4D-B732EF51EF5F}" = dir=out | name=windows_ie_ac_001 | "{5EF70F1D-BE77-4032-8543-81FDBEF4D10C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{616BDAE8-E8DC-4AB7-A317-191AA644369D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{64584F93-0B93-4FC3-A74D-1195EB6FB568}" = dir=out | name=@{magix.musicmakerjam_1.6.1013.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/appname} | "{646F188E-7C04-4FB0-B96E-3FAF902D437D}" = dir=out | name=accuweather for windows 8 | "{67AE0434-FBA7-48F8-8E09-6B39A49F923D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B0C2E5E-C34A-493F-BA84-F25F727343E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6D1B87AF-B605-4228-B3C9-270740F7E3DE}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\bittorrent\bittorrent.exe | "{6E2805FA-C937-40F2-969A-38709DE8675F}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{70B08987-70BE-48F4-BA6D-6E15B7B62FB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{79D006E0-3196-4826-91BA-0A988B9DC480}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | "{7CE5AB18-FE79-498E-9A04-22E0E5856CAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7CE6A78C-52A8-4274-88E1-1A5BC50AACA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{875550CF-6321-4D44-A7F3-C277A18B487E}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{87D774F1-7828-48E7-9E19-8C09EAB5EBB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D974A14-BFA3-4323-BACD-7F7646EE2DD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9092AC50-548F-4B0F-8958-D4B4503620BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{90DF79FC-4DCA-4983-9A16-C01072AE85E8}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{96FC6A67-6086-463D-B6B5-2D5D7DEB3CEF}" = dir=out | name=adera | "{99111A73-54D7-43CA-9DB6-F2126F7955AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{997ECF0E-3637-417B-9E9B-75F24536D2E0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{9D1DBBFB-893E-4976-A031-BE4BDA8320C0}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{9D95E550-67F4-4A3E-B05D-0E6D52C16274}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{9F60C772-C95F-4756-B2C1-81AF137C74C9}" = dir=out | name=taptiles | "{A00407A2-A6C4-436B-9EA4-825C96D06D80}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\bittorrent\bittorrent.exe | "{A0BE2A53-8055-496E-AA40-DBCE0896ADCD}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{A539853C-C2FD-490E-8668-4078C02ED5A0}" = dir=out | name=fresh paint | "{A5FA93B3-B8E9-40E0-A5A2-0C39E4092285}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | "{A6BBF51F-406C-4C7A-A4D2-FC9386D1EE27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A7C408A6-5AC0-4203-8EE1-5E0077B6C915}" = dir=out | name=microsoft minesweeper | "{AA34B494-A756-4A2D-8901-804BA1922137}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AF080FC4-E060-4661-ADCF-FC7B217344EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B4BD58C5-B8DC-450D-9062-04246C859940}" = dir=out | name=microsoft mahjong | "{B50CBC5C-3157-4DBC-AC75-8687DC937D3A}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{C59C8722-243E-43C6-A39B-C24CD11574D8}" = dir=out | name=windows_ie_ac_001 | "{CD948FA2-A0A1-4D96-B7C2-6C42C2F335A8}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{CF45BC30-32FC-40A5-A771-0A834FBDFCCD}" = dir=out | name=pinball fx2 | "{D3FED8B4-F7C2-469F-A9BD-BBBA5ACE4A1C}" = dir=in | app=c:\users\markus\appdata\local\microsoft\skydrive\skydrive.exe | "{D4D9AEAE-69DD-4C7C-9E21-BA4D5A950641}" = dir=out | name=powerdvd for medion | "{D5DEB5D4-C936-45FB-B673-A633EB544B20}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{D6FB08AC-8565-421C-833C-FF8A6BAE1DB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DB136698-924E-4D5F-80AD-EDE7EFDA26F3}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{DB961404-9C1E-45BA-8A03-B51910FB84FD}" = dir=out | name=wordament | "{E0AF375D-3F9B-4F0A-B7EC-96A6A499D97E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{E479083D-320A-4D93-809C-367FC69004D2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E47A1BD0-885B-4D25-94E9-0BCA546BC50E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{E4F048CE-5D33-49D8-B1A4-696A3B0C3C9B}" = dir=out | name=youcam for medion | "{E63C47EB-FD94-4276-82FE-8485573F453F}" = dir=out | name=windows_ie_ac_001 | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7F02DF5-034F-4419-A981-1F6D4A005393}" = dir=out | name=windows_ie_ac_001 | "{E99E9840-D1EE-42E9-89A1-A2ED5F087010}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F0B98F11-50E7-4449-B08F-218AAEC8A60F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{F4357D13-8D92-42C0-956B-9A9E185CE28D}" = dir=in | name=pinball fx2 | "{F7BF8DD8-BF1D-4BC0-A737-C6CA62171E4E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FFDD6C17-5D0A-4AF1-A37D-3EBA73AC4C46}" = dir=in | name=nolag youtube, twitch | "TCP Query User{2486BB4B-BAE5-4678-BEAF-51F7D2228552}C:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{2C56C524-39C3-4E09-AB7B-16F73B791CDD}C:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe | "TCP Query User{304AD12B-B3DE-4A04-BCF7-24265EC44FD2}C:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe | "TCP Query User{494BE46F-557B-4196-B97B-D1954178537D}C:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{5FF1EFC7-58C4-42B2-8B15-D43CA9F95D43}C:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{62DEE25F-7097-4EE6-AC9F-42E753A3B494}C:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe | "TCP Query User{76C61276-A39F-4BF3-BA7F-2C1ABCC71955}C:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{77B69F94-E51A-4044-B014-1E78F12D63CC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "TCP Query User{864E3B86-AF06-4A93-913B-69EB69532C1D}C:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{9120C40B-E680-468B-976E-9275306269C1}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{99A9AD24-6431-4225-BCBC-DF87B2D2EA5B}C:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{9C581774-3818-4797-B6A3-2778CE37303F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{B014FD09-A108-48DA-9798-D8B4F80C2FEF}C:\program files\droidpad\droidpad.exe" = protocol=6 | dir=in | app=c:\program files\droidpad\droidpad.exe | "TCP Query User{B36DDFD5-F46D-4136-B638-5E52C58AC6CC}C:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe | "TCP Query User{B8EE9453-A440-4AE5-BAE3-60FF92B303EF}C:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{D298DD5D-6A77-43C0-8C87-2D615C6E3FCD}C:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{DDCB84C4-F453-4CE6-AC0E-63D1F8844CB9}C:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe | "TCP Query User{E57D148F-4F28-4C10-9742-ED33562CD01A}C:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{0D9D98CC-9049-4EDD-95E7-C9E7EF12EB9E}C:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.774\survivers_beta_3.exe | "UDP Query User{1253DCEC-DA8F-46EA-BCD5-975EA39E80C4}C:\program files\droidpad\droidpad.exe" = protocol=17 | dir=in | app=c:\program files\droidpad\droidpad.exe | "UDP Query User{1436B0A0-3E0A-404D-84FE-9425FAB2394B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{16B2C2D0-F3E4-437D-8352-ED0DC5E6BC5E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "UDP Query User{1D7C37F7-7D38-402E-B4F9-D8503A19AB14}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{1DF5CBEB-95C3-4BF7-8D9E-7342AA2A6DA9}C:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.319\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{54ED0F53-AEFC-491D-93CE-01E8418ECCDE}C:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.048\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{58AB4201-A4FC-4F1C-804E-A45CE96FB34C}C:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.850\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{6013A1D1-A052-4278-80CC-5DE15045E542}C:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.046\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{60EB85AA-AA54-4B9E-8AB4-20C678F18C11}C:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.604\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{6941D28A-AA5E-4755-A0BE-42AA4FFEBA00}C:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.207\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{AD04C0AE-7885-45E7-A215-262D220F8FF5}C:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.988\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{B87C4ECB-47FC-4F02-A932-A4615BF9F338}C:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.016\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{CFDA404B-71F3-4F9E-AB25-811768258A9B}C:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.466\survivers_beta_3.exe | "UDP Query User{D80F1880-2910-4081-88A5-E5EDCBFFEEA1}C:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.530\survivers_beta_3.exe | "UDP Query User{EB65A736-F811-4E76-9BC2-C48ACE4D1D91}C:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.717\64 bit\slendytubbies v2 beta 64bit.exe | "UDP Query User{EE327490-9CA3-4D93-9A36-57ED277C9B73}C:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.659\hammerwatch.exe | "UDP Query User{F915CC5E-45C8-4617-BDFA-421216087834}C:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\rar$exa0.387\64 bit\slendytubbies v2 beta 64bit.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit) "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC (9eb64ec) (64-bit) "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001 "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 4.11.9 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "{E671D411-5F2E-45D6-957C-EB78641192AB}" = Intel® PROSet/Wireless WiFi Software "{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{F8FCD5D3-B610-4F59-9567-D25DF42D4ED3}" = SCM "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251" = KB9X Radio Switch Driver "Elantech" = ETDWare PS/2-X64 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.0 (64-bit) "O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de "ProInst" = Intel PROSet Wireless "TeamSpeak 3 Client" = TeamSpeak 3 Client "Virtual Audio Cable 4.12" = Virtual Audio Cable 4.12 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5 "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker "{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common "{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common "{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack "{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6 "{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10 "{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials "{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker "{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker "{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos "{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common "{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common "{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack "{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar "{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker "{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common "{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials "{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker "{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii "{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker "{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack "{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials "{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AE2B7D4-2BAA-4B9D-A4F4-282D3D30F1D0}" = IObit Apps Toolbar v7.2 "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker "{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials "{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials "{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker "{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών "{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials "{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack "{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker "{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live "{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common "{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker "{AF348C2E-7596-481B-92E0-B211836AB949}" = Mumble 1.2.4 "{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5 "{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CDF246AE-C6E3-438F-AA76-21700DCC15F6}" = inSSIDer 3 "{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack "{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5 "{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár "{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek "{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials "{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common "{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery "{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 6 "Avira AntiVir Desktop" = Avira Free Antivirus "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 5.0.1 "BitTorrent" = BitTorrent "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10 "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2 "LogMeIn Hamachi" = LogMeIn Hamachi "RaidCall" = RaidCall "Razer Comms" = Razer Comms "Razer Core" = Razer Core "Stardock Fences 2" = Stardock Fences 2 "Stardock Start8" = Stardock Start8 "Steam App 218230" = PlanetSide 2 "Steam App 72850" = The Elder Scrolls V: Skyrim "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.06.2013 14:00:43 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002 Description = Programm rads_user_kernel.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a80 Startzeit: 01ce5fbb13f2df76 Endzeit: 1 Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 565cf364-cbae-11e2-be97-84a6c8d1bfcc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 03.06.2013 15:04:11 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002 Description = Programm Gw2.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14bc Startzeit: 01ce608d03002c7c Endzeit: 2271 Anwendungspfad: C:\Program Files (x86)\Guild Wars 2\Gw2.exe Berichts-ID: 5bb79001-cc80-11e2-be98-84a6c8d1bfcc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 04.06.2013 13:25:37 | Computer Name = Mexerosers-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error - 04.06.2013 13:25:43 | Computer Name = Mexerosers-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error - 04.06.2013 15:29:23 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002 Description = Programm Gw2.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d4c Startzeit: 01ce6157306d5b08 Endzeit: 383 Anwendungspfad: C:\Program Files (x86)\Guild Wars 2\Gw2.exe Berichts-ID: 09fda575-cd4d-11e2-be98-84a6c8d1bfcc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 05.06.2013 14:52:45 | Computer Name = Mexerosers-PC | Source = .NET Runtime | ID = 1022 Description = Error - 05.06.2013 15:03:22 | Computer Name = Mexerosers-PC | Source = .NET Runtime | ID = 1022 Description = Error - 06.06.2013 13:06:23 | Computer Name = Mexerosers-PC | Source = RzOvlMon | ID = 0 Description = Error - 06.06.2013 13:32:51 | Computer Name = Mexerosers-PC | Source = Perflib | ID = 1023 Description = Error - 06.06.2013 13:34:05 | Computer Name = Mexerosers-PC | Source = Application Hang | ID = 1002 Description = Programm RazerCore.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3d4 Startzeit: 01ce62dbb538e9e7 Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\Razer\Core\RazerCore.exe Berichts-ID: 3e7b0fcf-cecf-11e2-be99-84a6c8d1bfcc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 05.01.2013 15:25:28 | Computer Name = WIN-SNSKCS72U9K | Source = DCOM | ID = 10010 Description = Error - 29.05.2013 17:28:42 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: %%2147770990 Error - 29.05.2013 17:28:43 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%1058 Error - 29.05.2013 17:28:45 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet: %%21 Error - 29.05.2013 17:29:15 | Computer Name = Mexerosers-PC | Source = DCOM | ID = 10010 Description = Error - 29.05.2013 17:33:35 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 29.05.2013 17:33:35 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 29.05.2013 17:36:12 | Computer Name = Mexerosers-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Search" wurde nicht richtig gestartet. < End of report > Gmer kommt sofort Hatte 2,3 Mal die Fehlermeldung, dass der Pc auf gewisse Ordner (C://Windows/System/...) nicht zugreifen konnte, da diese Datei in einem anderen Programm geöffnet sei, wobei ich vorhin ansich alles geschlossen habe... Nun ist mir also bei dem GMER Scan nur dies herausgekommen: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover Rootkit scan 2013-06-17 21:10:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000048 HITACHI_HTS727575A9E364 rev.JF4ZD0H0 698,64GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwriyfob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff80340e6341c 1 byte [31] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001b6c00 7 bytes [40, A3, 82, 01, 00, 52, F2] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001b6c08 7 bytes [01, 04, C2, FF, 00, A4, DC] ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
![]() | #6 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anständig hohe Ram Auslastung Hallo, schauen wir mal.. Schritt 1
Schritt 2 Downloade Dir bitte ![]()
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Anständig hohe Ram Auslastung |
![]() | #7 |
| ![]() Anständig hohe Ram Auslastung Soo, also vielen, vielen Dank für die Hilfe, mein PC hat sich gestern halt leider plötzlich gar nicht mehr hochgefahren(lag aber an einem anderen Grund) und nun habe ich eine Systemwiderherstellung gemacht und dadurch hat sich auch mein Arbeitsspeicher Problem gelöst.... Trotzdem, danke, ich melde mich, falls das Problem wieder auftritt, aber dann weiß ich schon was zu tun ist (welche Logs zu posten sind) ![]() ![]() |
![]() | #8 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anständig hohe Ram Auslastung Ok, danke für die Mitteilung. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
![]() |
Themen zu Anständig hohe Ram Auslastung |
angezeigte, antwort, arbeitsspeicher, auslastung, betriebssystem, brauch, dankeschön, durchgeführt, frage, fragen, großes, hohe, hohe ram auslastung, laptop, medion, neuer, nichts, problem, prozesse, ram, ram auslastung, scan, start, ständiger, taskmanager, virenscan |