| |
| |||||||
Log-Analyse und Auswertung: swvupdater und eGdpSvc.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.07.2013, 01:48
| #1 |
| |  swvupdater und eGdpSvc.exe Hallo, heute ist es seit langer Zeit passiert, dass ich mir scheinbar etwas eingefangen habe. Der Resident Shield von AVG gab eine Alarmmeldung heraus. Seitdem startet im Hintergrund ständig irgendeine Update.exe im Verzeichnis Appdata\Swvupdater\. Außerdem wurde meine Startseite im Browser verändert und auch die Standartsuche. Otl.txt Code:
ATTFilter OTL logfile created on: 16.07.2013 01:59:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,67 Gb Available Physical Memory | 85,68% Memory free 39,87 Gb Paging File | 37,44 Gb Available in Paging File | 93,91% Paging File free Paging file location(s): h:\pagefile.sys 24499 24499 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 24,04 Gb Free Space | 43,08% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 197,71 Gb Free Space | 84,90% Space Free | Partition Type: NTFS Drive F: | 1862,89 Gb Total Space | 1797,72 Gb Free Space | 96,50% Space Free | Partition Type: NTFS Drive H: | 1862,74 Gb Total Space | 1468,61 Gb Free Space | 78,84% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.16 01:59:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe PRC - [2013.07.16 01:58:04 | 000,050,477 | ---- | M] () -- E:\Downloads\Defogger.exe PRC - [2013.07.03 21:38:36 | 000,920,472 | ---- | M] (Mozilla Corporation) -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.06.26 22:34:09 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.06.26 22:34:09 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.06.26 22:34:09 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.05.23 02:13:08 | 000,627,016 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2013.03.24 10:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.02.15 00:21:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.04 14:46:26 | 002,424,832 | ---- | M] (Popfax) -- E:\Program Files (x86)\Popcompanion\Popcompanion.exe PRC - [2011.09.15 00:41:58 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe PRC - [2010.02.08 14:48:18 | 000,192,000 | ---- | M] () -- C:\Users\Markus\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 01:58:04 | 000,050,477 | ---- | M] () -- E:\Downloads\Defogger.exe MOD - [2013.07.03 21:38:36 | 003,285,912 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.06.26 22:34:09 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.06.26 22:34:09 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.06.26 22:34:09 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.05.23 02:13:08 | 000,627,016 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe MOD - [2013.05.15 18:49:16 | 000,587,776 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll MOD - [2013.05.15 18:49:02 | 000,216,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll MOD - [2013.05.15 18:49:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll MOD - [2013.05.15 18:49:00 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll MOD - [2013.05.15 18:48:52 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll MOD - [2012.08.14 16:47:44 | 000,043,008 | ---- | M] () -- E:\Program Files (x86)\Popcompanion\libgcc_s_dw2-1.dll MOD - [2010.02.08 14:48:18 | 000,192,000 | ---- | M] () -- C:\Users\Markus\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe MOD - [2009.01.10 20:32:40 | 000,011,362 | ---- | M] () -- E:\Program Files (x86)\Popcompanion\mingwm10.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.16 00:19:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.06.26 22:34:09 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.15 00:21:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- E:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.11.29 10:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.15 00:41:58 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.11.20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 05:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.26 22:34:09 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.03.29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013.03.21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.10 04:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2012.05.07 22:18:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.05.07 22:18:40 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.04.02 02:31:43 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.03.28 21:47:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.01.11 13:30:56 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.10.04 05:04:29 | 000,215,296 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2011.10.04 05:04:29 | 000,070,912 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2011.09.22 10:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.09.15 00:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011.09.15 00:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011.08.09 07:42:36 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.13 06:47:24 | 000,033,336 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.05.01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2009.05.01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV - [2013.05.23 02:13:08 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64) DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- E:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.12.08 23:42:35 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2012.03.08 02:09:37 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.03.01 22:33:28 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 77 4D C1 BE 5E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1C8800FF4E0B03F3&affID=119498&tt=150713_91114&tsp=4944 IE - HKCU\..\SearchScopes\{1C5CD0B7-5C33-4dd7-A417-038650DEBB66}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD20EZRX-00DC0B0_WD-WMC1T020421804218&ts=1373930260 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A75E261E-B785-4FBF-9FF1-5E3F9B39067C}&mid=2a57fddd568147d19ff1d1530bb9e5ec-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=AVG&pr=fr&d=2012-10-04 23:54:34&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9C8DCFF7-6689-42a3-81DC-0B399A976CC0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKCU\..\SearchScopes\{A25E139E-2C6A-4070-890D-2209F722D5D8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "qvo6" FF - prefs.js..browser.search.order.1: "qvo6" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C8800FF4E0B03F3&affID=119498&tt=150713_91114&tsp=4944" FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: mail%40shopping-preise.de:1.1 FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: xthunder%40lshai.com:1.3.4 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.3.0.11 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: E:\Progs\Amazon Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013.06.26 22:34:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: E:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\mmoewxmt.default\extensions\mail@shopping-preise.de [2012.03.01 22:39:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.16 01:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2012.05.23 19:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.07.16 01:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions [2012.12.14 01:52:01 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions\fdm_ffext@freedownloadmanager.org [2013.07.16 01:19:00 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions\ffxtlbr@delta.com [2012.03.01 22:39:01 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions\mail@shopping-preise.de [2013.07.16 01:17:22 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions\plugin@getwebcake.com [2013.05.01 14:00:20 | 000,000,000 | ---D | M] (xThunder) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\mmoewxmt.default\extensions\xthunder@lshai.com [2012.05.23 19:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Sunbird\Profiles\wnqdb8og.default\extensions [2012.04.17 23:20:28 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\browserprotect@browserprotect.com.xpi [2012.05.16 22:53:35 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.26 20:00:28 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\firebug@software.joehewitt.com.xpi [2013.07.16 01:22:53 | 000,535,736 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.02.26 16:32:15 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.05.10 12:29:56 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.16 01:18:52 | 000,006,549 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\searchplugins\babylon.xml [2013.07.16 01:19:00 | 000,001,294 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\mmoewxmt.default\searchplugins\delta.xml [2013.06.26 22:34:15 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.3.0.11 O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [ghost] C:\Users\Markus\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Popcompanion] E:\Program Files (x86)\Popcompanion\Popcompanion.exe (Popfax) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program Files (x86)\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program Files (x86)\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - E:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0B03F3-BA53-470E-9742-066FC16CD7F0}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22BECC7-DA92-4481-AC96-D0586746CA3C}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a1d7919e-607c-11e1-bf47-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a1d7919e-607c-11e1-bf47-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.16 01:59:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe [2013.07.16 01:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.07.16 01:19:00 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\BabSolution [2013.07.16 01:18:42 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Babylon [2013.07.16 01:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.07.16 01:17:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\SwvUpdater [2013.07.16 01:17:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\WebCake [2013.07.16 01:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013.07.16 01:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.07.16 01:17:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Media Finder [2013.07.16 01:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2013.07.10 01:32:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.08 22:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.07.02 21:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.06.23 22:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.16 01:59:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe [2013.07.16 01:58:32 | 000,000,168 | ---- | M] () -- C:\Users\Markus\defogger_reenable [2013.07.16 01:56:39 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.16 01:56:39 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.16 01:53:51 | 001,712,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.16 01:53:51 | 000,735,564 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.16 01:53:51 | 000,683,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.16 01:53:51 | 000,164,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.16 01:53:51 | 000,134,500 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.16 01:49:39 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013.07.16 01:49:38 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.07.16 01:49:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.16 01:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.10 18:13:25 | 000,309,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.08 22:40:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.07.02 21:45:57 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.06.30 23:09:20 | 000,001,575 | ---- | M] () -- C:\Users\Markus\Desktop\AssassinsCreed_Dx10 - Verknüpfung.lnk [2013.06.26 22:34:09 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.06.25 01:06:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.25 01:06:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.24 22:26:47 | 000,000,207 | ---- | M] () -- C:\Users\Markus\Desktop\Assassin's Creed.url [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.16 01:58:32 | 000,000,168 | ---- | C] () -- C:\Users\Markus\defogger_reenable [2013.07.16 01:17:28 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job [2013.06.30 23:09:23 | 000,001,575 | ---- | C] () -- C:\Users\Markus\Desktop\AssassinsCreed_Dx10 - Verknüpfung.lnk [2013.06.25 01:06:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.25 01:06:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.24 22:26:47 | 000,000,207 | ---- | C] () -- C:\Users\Markus\Desktop\Assassin's Creed.url [2012.12.18 01:19:26 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.12.01 15:25:16 | 000,003,072 | ---- | C] () -- C:\Users\Markus\AppData\Local\file__0.localstorage [2012.10.23 14:53:37 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.08.24 13:49:40 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.07.04 11:16:28 | 000,002,254 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.03.29 21:15:16 | 000,173,973 | ---- | C] () -- C:\Users\Markus\.TransferManager.db [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.02 01:28:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012.03.01 22:38:59 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.02.27 23:46:28 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.02.27 22:54:13 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.27 22:54:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.26 15:43:37 | 001,693,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.26 15:40:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.02.26 15:29:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.07 00:09:57 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Amazon [2013.01.07 22:59:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Ashampoo [2013.03.03 20:31:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Atari [2012.10.04 23:58:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AVG2013 [2013.07.16 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\BabSolution [2013.07.16 01:18:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon [2012.10.26 08:30:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Bioshock [2012.05.11 13:43:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\CD-LabelPrint [2012.04.16 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\com.Rhapsody.Napster5 [2013.01.10 15:07:22 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite [2012.04.03 00:44:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDFab [2012.03.07 00:44:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Easeware [2012.06.07 21:49:12 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\eM Client [2012.08.29 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Free Download Manager [2013.07.04 19:46:19 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\GetRightToGo [2012.09.16 20:00:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Leadertech [2013.07.16 01:47:24 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Media Finder [2012.12.26 21:19:55 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Origin [2012.03.09 15:27:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Philipp Winterberg [2012.07.09 12:27:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PhotoScape [2013.03.06 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ProtectDISC [2013.01.11 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PunkBuster [2012.09.10 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Red Alert 3 Demo [2012.04.30 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Samsung [2013.02.22 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ScummVM [2012.02.27 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Splashtop [2012.04.30 17:56:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Temp [2012.03.09 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ToMMTi-Systems [2012.10.04 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TuneUp Software [2012.12.26 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Ubisoft [2013.07.16 01:17:24 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\WebCake [2012.09.05 19:22:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\wxlauncher [2012.09.10 08:25:56 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1199 bytes -> C:\ProgramData\TEMP:966F7784 < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.07.2013 01:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,95 Gb Total Physical Memory | 13,67 Gb Available Physical Memory | 85,68% Memory free
39,87 Gb Paging File | 37,44 Gb Available in Paging File | 93,91% Paging File free
Paging file location(s): h:\pagefile.sys 24499 24499 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 24,04 Gb Free Space | 43,08% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 197,71 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive F: | 1862,89 Gb Total Space | 1797,72 Gb Free Space | 96,50% Space Free | Partition Type: NTFS
Drive H: | 1862,74 Gb Total Space | 1468,61 Gb Free Space | 78,84% Space Free | Partition Type: NTFS
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files (x86)\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- "E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files (x86)\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files (x86)\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- "E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
"E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = E:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D832CB1-F7A0-4FF2-9FBE-0783257B1495}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F18872-BA3F-4B94-BAFF-7BE2F4BF5782}" = lport=139 | protocol=6 | dir=in | app=system |
"{12B5ED23-1B81-47DB-B040-0C63C90E227E}" = rport=138 | protocol=17 | dir=out | app=system |
"{12BA3CEE-8F86-4D10-AE1A-7085E5D7EC35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14B58311-EDAB-4D35-888F-B5C91427FBA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{163F8749-29CA-414F-94E7-5466305F9F76}" = lport=137 | protocol=17 | dir=in | app=system |
"{19B06F03-55D0-4928-B67A-E0E745B9C6C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42EDED53-9C69-472B-B3EC-9F71B288EFAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D030BDD-6E8A-403A-9ACD-063392525176}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53FFB110-4984-4303-ABBA-8A7A301024EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55665485-E8AA-4477-A764-EB8E2F776DB9}" = rport=445 | protocol=6 | dir=out | app=system |
"{55B00234-9216-48C0-902B-8A14006D7CAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BD4942D-FEC1-477C-8B4B-61DF2BF25E50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{643D6B57-3452-4673-839C-ADFAE3D84FB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BD94BDC-679C-421F-BF9C-646ACFEC174F}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA8EBB2E-E951-4DEE-A911-196662F7AFC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD2446A9-3CC6-4421-A948-C16241EB5FC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFDB87D3-20DC-44A5-B184-94EE9213AEE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3552A27-C9B2-47EA-9888-C39826E37653}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CF67F42E-A909-4087-B51A-80FB67F7F6C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8337B0E-66E2-4B08-B8B1-23F03192D072}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E89728F3-6803-4BAB-9566-257DE42B82CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF0E8FFA-863E-4E2E-AB53-77130ADC609D}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F9BF4D-CED9-4779-A5D5-98F1CB93F934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0361640C-6B4B-4785-9E17-E2CFC3F184C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0656F204-AE1E-4C0E-AB73-805CEA87CD6F}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\settlers 7 gold\data\base\_dbg\bin\release\settlers7r.exe |
"{0C86FF6C-3FA7-423D-8363-9539031E8EFF}" = protocol=6 | dir=in | app=h:\games\assassin's creed revelation\acrsp.exe |
"{0F02DAA0-3B91-4B5F-B72A-DCF19CA3753A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FDB5BE2-B3BA-45F7-A722-BD3E9F3DFC56}" = protocol=6 | dir=in | app=h:\games\steam\steam.exe |
"{137E125E-B9F8-4D7D-8BA1-6035696423DB}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{149915FE-EF22-4000-B512-F91E064676B0}" = protocol=17 | dir=in | app=h:\games\origin\games\medal of honor warfighter\mohw.exe |
"{14CEF794-6D8F-40E4-B755-9CA13B47B255}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\alan wake\alanwake.exe |
"{1C5BCDD2-70AD-43C3-A39B-3B0C6A76F7C6}" = protocol=6 | dir=in | app=h:\games\assassins creed brotherhood\assassinscreedbrotherhood.exe |
"{1CDC5831-E715-4DBC-AA47-9E66E2B5E516}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp.exe |
"{1D575624-6EB0-4FF1-AD8F-F8F2F08FDFB4}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{212154D5-0A1C-45F9-B791-6B64D2620AE0}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\alan wake\alanwake.exe |
"{2136550B-2F53-489F-B346-ACDFDF7CC24A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{21A526E3-12B0-403F-97AD-BE1CEFE82A12}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{22106585-6566-4B8E-AAC1-BEA5DFDE4A08}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{253BED84-8083-429D-BFC2-E215343F3983}" = protocol=17 | dir=in | app=h:\games\bioshock\builds\release\bioshock.exe |
"{26544EDE-96C6-4024-90A7-23119B765BAB}" = protocol=6 | dir=in | app=h:\games\assassin's creed ii\assassinscreedii.exe |
"{2D82469F-423F-4EB2-BED6-75D494E7EEA6}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{30A8279F-CB83-44A0-A17C-4822825EEC73}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{313EFEBC-B055-48C3-AD47-BB3B7C2A80C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{34C7D520-8ED2-44B0-9928-07922E92C783}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{377A326D-450C-433F-AAC8-76D71EF63222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A020E88-31DE-4023-89D4-8DF2918C54EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AC443CE-FFF2-4808-8170-A1178A117DEE}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{3E823BCE-B2EA-4FF2-A211-AD158F20068F}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{404A4345-B2B5-43F0-AAB3-E0C8D9A5EA8A}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp.exe |
"{45603791-3FDE-4E6D-BCDD-302E0C388FE0}" = protocol=17 | dir=in | app=h:\games\assassin's creed iii\assassinscreed3.exe |
"{4997191E-B569-422A-AB11-08C20AD7F7A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{49DC3452-4BCC-45E3-86C6-72DCB8EBFE8B}" = protocol=6 | dir=in | app=h:\games\bioshock\builds\release\bioshock.exe |
"{4ED052D0-B45C-4382-A9B0-A9E6EE26BA6C}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{4FCC49CF-818B-4494-89BF-3415A89EE35F}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{54900C5A-339E-4281-B378-44917E67B1C4}" = protocol=17 | dir=in | app=h:\games\assassin's creed revelation\acrsp.exe |
"{553B5937-7BBD-4AA8-B435-57E7521C6647}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{572956F2-FD5D-46D4-8167-D723D7764BC2}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{574F403B-DFEF-425F-9492-150CDDE9EA4F}" = protocol=6 | dir=in | app=h:\games\assassin's creed revelation\acrmp.exe |
"{58C17D59-AFFD-40CB-B0BF-FB0FFD29DF61}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{5B2ABF13-C6E4-485C-868E-B461EF336FBC}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{5D0AD87E-CB6D-4F33-8435-354154814D63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D47C22A-3CB8-4E39-8290-02C32F19ADF1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5DDC8925-D1CE-4879-873C-31FEDC5AD575}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{604ECB65-FC5F-4DE2-B235-14E959BCC8A1}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{658F5683-7FE2-49F1-80C2-B58F7A9FA3EF}" = protocol=6 | dir=in | app=h:\games\assassin's creed iii\assassinscreed3.exe |
"{68F81818-7768-43B1-B3F7-6CDD9619510A}" = protocol=17 | dir=in | app=h:\games\assassin's creed iii\ac3mp.exe |
"{6ACAC896-4810-4371-9D58-77FF5F9DFE03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D70B43D-435A-4207-A954-47E48B6D5907}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\mafia\game.exe |
"{6E00D716-73B3-46A7-A60D-DBEE14D7DBF5}" = protocol=17 | dir=in | app=h:\games\assassin's creed ii\assassinscreedii.exe |
"{6E547958-44F4-4A0E-88AA-C8671EFADA72}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6E585F80-350F-4011-91F3-F03224A47B6B}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{704F4505-D891-47CB-B0CD-7C8ED8705EF2}" = protocol=6 | dir=in | app=h:\games\origin\games\mass effect 3\binaries\win32\masseffect3.exe |
"{715D008D-974B-4F56-981F-B512B5803421}" = protocol=17 | dir=in | app=h:\games\assassins creed brotherhood\assassinscreedbrotherhood.exe |
"{720EBADF-DC83-456E-AE93-AFF6DD1FF08F}" = protocol=17 | dir=in | app=h:\games\steam\steam.exe |
"{7237373E-7FD3-49FC-89E4-FF61B2E02CF1}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{749D54C8-EF9A-4D4F-83B4-A306101D93E1}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{74B0A07B-D802-4A60-9147-6258BFC35F10}" = protocol=17 | dir=in | app=h:\games\assassin's creed revelation\acrmp.exe |
"{79A44E1B-602F-4C19-87C4-36E9B213683B}" = protocol=17 | dir=in | app=h:\games\assassins creed brotherhood\acbsp.exe |
"{7AA93286-23ED-494F-B66A-6C138F12C170}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DD5794D-34CB-4615-A0CA-A7B8DF345985}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\settlers 7 gold\data\base\_dbg\bin\release\settlers7r.exe |
"{7E4C430C-30DE-4F24-9321-E9EC7B3B8505}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{80C6EC1F-4C3D-4DD4-947E-7F57B702E5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{837E9A40-0598-4970-BFAF-3F6135E7EC38}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\metro 2033\metro2033.exe |
"{838B2A6F-8938-493F-8471-72525B32C2A2}" = protocol=17 | dir=in | app=h:\games\assassin's creed ii\assassinscreediigame.exe |
"{839CC47F-3F9C-4F4D-855F-E2DEBE233E73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{845BE85B-F156-4014-896F-78AFF3798B90}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{84A42EB8-C7B7-4913-A46B-DFD390E79414}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\darksiders\darksiderspc.exe |
"{91537A7D-DCE8-48A4-806B-2A15A618EDE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91E45115-E8AE-442C-A666-CDA149A113E2}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{93A4DFED-5070-4852-8EA6-6C51675E8D0D}" = protocol=6 | dir=in | app=h:\games\assassin's creed iii\ac3sp.exe |
"{9CF1F029-BCAC-45DB-8791-F9F7C9D38A34}" = protocol=6 | dir=in | app=h:\games\assassins creed brotherhood\acbmp.exe |
"{9DF422E3-907A-40DB-B2EB-0DF4659AD4D3}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{9E67FD78-6B18-48BC-87BC-7A639C22C92C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A17C88E8-799E-43F2-955F-B64CC0703F3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A3723BA2-CF36-418A-A501-92FDFE5DA59B}" = protocol=6 | dir=in | app=h:\games\assassins creed brotherhood\acbsp.exe |
"{A44DF3EC-CFF8-44F4-A942-AD016C1AD24C}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{A543877C-27BE-4142-B66E-C7787D85B140}" = protocol=6 | dir=in | app=h:\games\assassin's creed ii\assassinscreediigame.exe |
"{A7B64C90-595A-4DA9-96D7-8F47F5062DD3}" = protocol=6 | dir=in | app=h:\games\origin\games\medal of honor warfighter\mohw.exe |
"{AA6A075D-3554-4D39-AC2F-70939FD21E7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B102E46D-487F-4E9C-800A-3A0BFE66A11A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B12D4738-F63B-41EC-9BCD-230B88F43462}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\mafia\setup.exe |
"{B186C43F-4927-4802-AFEC-B74320CBDE7D}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\mafia\setup.exe |
"{B1AAA689-63E8-4EE3-8CD0-82A78E2F6D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B564A8D4-5D87-47D2-9EB7-33F1705D45F6}" = protocol=17 | dir=in | app=h:\games\assassin's creed ii\uplaybrowser.exe |
"{B735921F-CEBC-4BCC-8221-EFEABD7984DD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B737960B-7B00-4C1B-9CEC-A8F50792F995}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{B7BBB81C-7429-41FB-9B55-4DD9A1CF7815}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B7E7363A-79AC-474E-A921-E222CC961544}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{B866040A-B7C3-44D6-B6F3-478E2844589C}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\darksiders\darksiderspc.exe |
"{B8B1A141-DA8A-4F52-A2D2-70C8FB8B7526}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\mafia\game.exe |
"{B90D94B5-C4B6-4172-9487-B8A08E3EBD58}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{BAF6F70F-909F-424F-9A1E-537E3FB068BF}" = protocol=6 | dir=out | app=system |
"{BB4FB0B3-1586-4737-881D-1911F8D03CCF}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{BD3899E2-8197-4BBE-A086-38611C4238F7}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{C12C0052-61CF-4542-BA1C-06CC8BE0CC61}" = protocol=6 | dir=in | app=h:\games\assassin's creed iii\ac3mp.exe |
"{C468D56F-807B-48EA-8456-8B8CE2790AC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C74783F6-CAA5-4E40-B7F6-9B88EF81DB18}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{C984E8A7-4BA4-4133-A6E3-E0038436120F}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{CC034CFC-58B5-445F-952F-922D25D6585D}" = protocol=6 | dir=in | app=h:\games\assassin's creed ii\uplaybrowser.exe |
"{CF7FEB53-0689-4B3C-A35E-9102081467BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D511BB19-336C-4B8E-B7C3-04762DE850AC}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{D960F8F6-45FC-42FE-A928-42553419CAD5}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D9A29182-D564-465D-912E-FF1BBB6DCF5E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D9CA6A00-E6BD-4288-9FDD-62C693C91CB7}" = protocol=58 | dir=in | app=system |
"{D9F20C46-E91B-4351-9BF1-434AD80C9DC0}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{DAA5C875-21EE-45EE-BF93-75159436A898}" = dir=in | name=youtubecdn |
"{DC70F894-2B47-43B9-BA6E-FC6C2FABF9E7}" = protocol=17 | dir=in | app=h:\games\assassins creed brotherhood\acbmp.exe |
"{DFA960C5-9F80-4375-9584-027FF1140626}" = protocol=17 | dir=in | app=h:\games\assassins creed brotherhood\uplaybrowser.exe |
"{E06A15D5-4289-4118-808E-AF03EAC592B6}" = protocol=6 | dir=in | app=h:\games\assassin's creed revelation\assassinscreedrevelations.exe |
"{E06E4E94-8533-4E5C-9B61-1907B231CDAD}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{E074CC91-70AE-4322-AF6A-865E445A5C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E183B6B1-6658-46F3-91D0-A06ACBAA1D40}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E635DB12-CDFF-40F2-A559-19C40675FB1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E990A354-A5EB-488C-95D7-F79EA90AD1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EB4782E9-6304-4B1C-B1BB-FCF9DB3D3ED1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC60940B-83D9-4B17-984E-431B0F247862}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{ED64BE45-984E-4BCD-9A8A-36A3393B2FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EEBD7488-CCE7-45D6-9362-0567EAA7F104}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\saints row the third\game_launcher.exe |
"{EED3C82D-6EB0-42FC-B0C6-8CD5AE9F78B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EF9FB751-23AE-4C1F-B6A6-EEC9C94971C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFB0FF6F-A72C-490B-A436-EF487003357F}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{F02F12CF-1EE5-4175-9E71-F8EB166EA1C2}" = protocol=17 | dir=in | app=h:\games\assassin's creed iii\ac3sp.exe |
"{F1BB2CDD-551F-4FDF-BDF5-B8AE4568BF99}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{F5662ACC-8FB8-4D18-B345-1D0B83C7C4E9}" = protocol=6 | dir=in | app=h:\games\assassins creed brotherhood\uplaybrowser.exe |
"{F6C1C120-4323-4F5B-A2E7-4584D23AA6B4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F9E29C21-3340-43CC-8D54-E067C4D1E587}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB0619A8-315B-4BF6-B6F3-B3CCF85E5713}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FB52AEDF-4838-43E4-A253-94A2D072204B}" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{FB61264A-4C9F-4524-A4A1-145CD4FAECAD}" = protocol=17 | dir=in | app=h:\games\origin\games\mass effect 3\binaries\win32\masseffect3.exe |
"{FE059F10-64BC-44BD-8A59-04A22C16907B}" = protocol=17 | dir=in | app=h:\games\assassin's creed revelation\assassinscreedrevelations.exe |
"{FF4CD518-BC69-4F52-A8C4-DADC1B01E6DF}" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"TCP Query User{2B2D54BD-5DAD-4996-A632-FAF42671013D}H:\games\assassin's creed revelation\acrpr.exe" = protocol=6 | dir=in | app=h:\games\assassin's creed revelation\acrpr.exe |
"TCP Query User{391E45C1-0701-456B-BE09-763B586224E6}E:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=e:\program files (x86)\free download manager\fdm.exe |
"TCP Query User{3CF54D66-09DC-44BF-8D9B-DE571A1699CE}E:\program files (x86)\plagame benchmark\binaries\win32\plagame.exe" = protocol=6 | dir=in | app=e:\program files (x86)\plagame benchmark\binaries\win32\plagame.exe |
"TCP Query User{71E59184-08FC-4637-9C72-5F847FD71421}H:\games\origin\games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=h:\games\origin\games\crysis 2\bin32\crysis2.exe |
"TCP Query User{8E32693A-4FCC-4639-B0ED-67F74D546C82}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{8E503048-92F9-490C-AD0E-722BE47E01EB}H:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{9EEAFC88-90B7-4FDC-94A2-D6F934E33E43}H:\games\batman - arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=h:\games\batman - arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13F3FDAF-A7D2-486D-ACB7-66563FED5E3A}E:\program files (x86)\plagame benchmark\binaries\win32\plagame.exe" = protocol=17 | dir=in | app=e:\program files (x86)\plagame benchmark\binaries\win32\plagame.exe |
"UDP Query User{35E18C80-F3F1-4A77-BA10-97E8A77126A4}H:\games\batman - arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=h:\games\batman - arkham city\binaries\win32\batmanac.exe |
"UDP Query User{814300D8-BD16-4C2E-B50B-190FCDDE3747}H:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=h:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{8CCC25BB-E03F-49C0-B977-3E7C728F8D75}H:\games\assassin's creed revelation\acrpr.exe" = protocol=17 | dir=in | app=h:\games\assassin's creed revelation\acrpr.exe |
"UDP Query User{A95BD463-829A-4A84-90F5-1012F59B5469}H:\games\origin\games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=h:\games\origin\games\crysis 2\bin32\crysis2.exe |
"UDP Query User{F0BB0308-27EE-4D23-AF4B-138E84548FFF}E:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=e:\program files (x86)\free download manager\fdm.exe |
"UDP Query User{F3482C80-D893-45C0-A941-F55C85609109}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV" = NVIDIA 3DTV Play Activation Utility
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{CED739E0-FCE3-46A9-9F0E-C641D8A842C0}" = Fresco Logic USB3.0 Host Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 16.8.46.0
"Sandboxie" = Sandboxie 3.76 (64-bit)
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = Geeks3D PhysX FluidMark v1.5.0
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1110.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E711815-5F4E-47F2-B1E1-C0B43A8D57F3}" = AIVIA GHOST
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{53B0AB03-FC82-46C8-885B-F0A529FAFFAC}" = 3DPower B11.1115.1
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038302}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038303}" = Batman: Arkham City™
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{765BF404-2FEE-492B-9E7F-A55143796EF1}" = Geheimakte 3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel(R) Rapid Storage Technology enterprise
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB542613-B395-41D2-B24A-4DAD6CC1327B}_is1" = Black Mirror 2
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AVG Secure Search" = AVG Security Toolbar
"Batman - Arkham City" = Batman - Arkham City
"Battlelog Web Plugins" = Battlelog Web Plugins
"BioShock_is1" = BioShock
"Black Mirror III_is1" = Black Mirror III
"Canon RAW Codec" = Canon RAW Codec
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DivX Setup" = DivX-Setup
"DVDFab 9_is1" = DVDFab 9.0.1.6 (14/12/2012) Qt
"EdnaSE" = Edna Bricht Aus - Sammler Edition
"ESN Sonar-0.70.4" = ESN Sonar
"essentials-bundle" = TriDef 3D 5.2
"FAKEFACTORY CM12V12.20FULL" = FAKEFACTORY Cinematic Mod V12
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Freelancer 1.0" = Freelancer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.1110.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.4.0c
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PLAGame Benchmark_is1" = PLAGame Benchmark version V1.0
"Popcompanion" = Popcompanion 2.29
"PrecisionX" = EVGA Precision X 4.2.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"Rockstar Games Social Club" = Rockstar Games Social Club
"RTSS" = RivaTuner Statistics Server 5.1.2
"Steam App 10680" = Aliens vs. Predator
"Steam App 108710" = Alan Wake
"Steam App 110800" = L.A. Noire
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 15100" = Assassin's Creed
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 207610" = The Walking Dead
"Steam App 220" = Half-Life 2
"Steam App 222400" = Call of Juarez Gunslinger Demo
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40990" = Mafia
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 43110" = Metro 2033
"Steam App 48210" = The Settlers 7: Paths to a Kingdom - Gold Edition
"Steam App 49520" = Borderlands 2
"Steam App 50130" = Mafia II
"Steam App 50300" = Spec Ops: The Line
"Steam App 50620" = Darksiders
"Steam App 55230" = Saints Row: The Third
"Steam App 8850" = BioShock 2
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"Uplay" = Uplay
"WinASO RegDefrag_is1" = WinASO RegDefrag 2.5.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"SOE-C:/Users/Markus/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-E:/Games/PS 2" = gamelauncher-ps2-psg
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2013 09:24:24 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 13.03.2013 17:09:08 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.0.0.0, Zeitstempel:
0x72454562 Name des fehlerhaften Moduls: LS3DF.dll, Version: 0.0.0.0, Zeitstempel:
0x3ef851b2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00066aca ID des fehlerhaften Prozesses:
0xef8 Startzeit der fehlerhaften Anwendung: 0x01ce202caf014af3 Pfad der fehlerhaften
Anwendung: H:\Games\Steam\steamapps\common\Mafia\game.exe Pfad des fehlerhaften
Moduls: H:\Games\Steam\steamapps\common\Mafia\LS3DF.dll Berichtskennung: 3e5cec90-8c22-11e2-8273-001a4d5d0c1f
Error - 13.03.2013 17:55:05 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.0.0.0, Zeitstempel:
0x72454562 Name des fehlerhaften Moduls: LS3DF.dll, Version: 0.0.0.0, Zeitstempel:
0x3ef851b2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00066aca ID des fehlerhaften Prozesses:
0x1660 Startzeit der fehlerhaften Anwendung: 0x01ce202f05d86f0b Pfad der fehlerhaften
Anwendung: H:\Games\Steam\steamapps\common\Mafia\game.exe Pfad des fehlerhaften
Moduls: H:\Games\Steam\steamapps\common\Mafia\LS3DF.dll Berichtskennung: a9a4ceef-8c28-11e2-8273-001a4d5d0c1f
Error - 13.03.2013 18:43:25 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 18.03.2013 09:47:00 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 19.03.2013 08:17:45 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 05.04.2013 11:39:37 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 11.04.2013 13:40:47 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 12.04.2013 14:45:31 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 24.04.2013 15:58:39 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Overlord.exe, Version: 1.4.0.0, Zeitstempel:
0x47440a9e Name des fehlerhaften Moduls: Overlord.exe, Version: 1.4.0.0, Zeitstempel:
0x47440a9e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0055465c ID des fehlerhaften Prozesses:
0x52c Startzeit der fehlerhaften Anwendung: 0x01ce41205f265599 Pfad der fehlerhaften
Anwendung: H:\Games\Steam\steamapps\common\Overlord\Overlord.exe Pfad des fehlerhaften
Moduls: H:\Games\Steam\steamapps\common\Overlord\Overlord.exe Berichtskennung: 5aade77e-ad19-11e2-a763-001a4d5d0c1f
[ OSession Events ]
Error - 14.08.2012 14:54:49 | Computer Name = Markus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4342
seconds with 3600 seconds of active time. This session ended with a crash.
Error - 20.09.2012 05:33:40 | Computer Name = Markus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7239
seconds with 3960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.07.2013 19:34:10 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.07.2013 19:35:06 | Computer Name = Markus-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 15.07.2013 19:35:06 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hotspot Shield Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 15.07.2013 19:35:06 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 15.07.2013 19:35:06 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 15.07.2013 19:48:26 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.07.2013 19:49:33 | Computer Name = Markus-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 15.07.2013 19:49:33 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hotspot Shield Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 15.07.2013 19:49:33 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 15.07.2013 19:49:33 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter Residenter Schutz Erkennung
"Name der Bedrohung" "Ergebnis" "Erkennungszeit" "Objekttyp" "Prozess"
"Win32/DH{AB41DCcoXSAiJRMXZA} gefunden, c:\Users\Markus\AppData\Roaming\eIntaller\CFBE2309D0344332AC3B507FA17092F7\eGdpSvc.exe" "Gesichert" "16.07.2013, 01:17:40" "Datei oder Verzeichnis" "E:\Temp\amt_ar_qvo6.exe"
"Trojaner: Downloader.Generic13.AZOT, e:\Temp\tmp2013011630\bpl\uFrm_LollipopIT.bpl" "Gesichert" "16.07.2013, 01:16:35" "Datei oder Verzeichnis" "E:\Temp\tmp2013011630\setup.exe"
"Trojaner: Downloader.Generic13.AYVI, e:\Temp\tmp2013011630\bpl\uFrm_LollipopBR.bpl" "Gesichert" "16.07.2013, 01:16:35" "Datei oder Verzeichnis" "E:\Temp\tmp2013011630\setup.exe"
"Potentiell gefährliches Programm: Toolbar.Babylon, e:\Temp\C06EEAAF-BAB0-7891-A7FD-D045C08FC9FA\Latest\ccp.bao" "Gesichert" "16.07.2013, 01:18:56" "Datei oder Verzeichnis" "E:\Temp\C06EEAAF-BAB0-7891-A7FD-D045C08FC9FA\Latest\Setup.exe"
"Potentiell gefährliches Programm: Toolbar.Babylon, e:\Temp\C06EEAAF-BAB0-7891-A7FD-D045C08FC9FA\Latest\ccp.exe" "Gesichert" "16.07.2013, 01:19:00" "Datei oder Verzeichnis" "E:\Temp\C06EEAAF-BAB0-7891-A7FD-D045C08FC9FA\Latest\Setup.exe"
"Fehlalarm - Trojaner: Agent3.CEOY, c:\Program Files (x86)\Adobe\Reader 10.0\Reader\AXSLE.dll" "Fehl-Erkennung" "10.10.2012, 15:10:04" "Datei oder Verzeichnis" ""
"Adware: Generic5.ABUD, e:\Temp\tmp2013011630\bpl\uFrm_LollipopFR.bpl" "Gesichert" "16.07.2013, 01:16:35" "Datei oder Verzeichnis" "E:\Temp\tmp2013011630\setup.exe"
Ich wäre für Ratschläge extrem dankbar. |
| Themen zu swvupdater und eGdpSvc.exe |
| 7-zip, adware, autorun, avg secure search, avg security toolbar, bho, black, browser, canon, delta chrome toolbar, egdpsvc.exe, error, fehlalarm, fehler, firefox, flash player, format, free download, grand theft auto, helper, hotspot, iexplore.exe, install.exe, launch, logfile, monitor.exe, mozilla, plug-in, realtek, registry, richtlinie, rundll, scan, secure search, security, senden, software, svchost.exe, tarma, trojaner, visual studio, vtoolbarupdater, windows, windows xp |
Baum-Darstellung