arpeu.exe alias AudibleAssault2011.exe
Hallo liebe Leute,
mir ist letztens ein Programm ins Auge gestochen, das ich nicht kenne und eine Internetverbindung herstellen wollte. Lag utner C:/Users/username/AppData/Roaming/Utxyv/arpeu.exe (inkl. den Ordnern Hoqoq + Muheza)
Weißt alles auf ZBot hin, allerdings kann ich Ihn nicht mit dem ZBot-Entfernungtool entfernen.
Hier OTLogfile:
OTL Logfile: Code:
OTL Extras logfile created on: 10.07.2012 18:49:50 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,28% Memory free
15,95 Gb Paging File | 14,68 Gb Available in Paging File | 92,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 84,99 Gb Free Space | 35,64% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 99,03 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 791,08 Gb Free Space | 84,92% Space Free | Partition Type: NTFS
Drive J: | 232,79 Gb Total Space | 20,88 Gb Free Space | 8,97% Space Free | Partition Type: NTFS
Computer Name: DANIEL | User Name: root | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0924AF2F-33E9-47A5-985F-F5ECE18EF493}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0C5C0018-327D-401A-B47E-34854FE56063}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{15F0F34E-0C67-441E-A681-8899B5A0EE8D}" = lport=445 | protocol=6 | dir=in | app=system |
"{19D644A9-57B9-498D-9625-557836A99E6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{201CD349-878A-483B-B5D7-09D364506A0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AA76990-4FFA-415E-A073-BD440F0C0337}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B7F9C57-53AB-4302-A378-FDD1CBE3B63A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38173DD8-06D6-4BEE-9385-5A4665DF86AD}" = lport=56510 | protocol=6 | dir=in | name=pando media booster |
"{3FAA88C6-F9A8-40C1-A49C-62F2DE4CF7DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4287AACC-B86E-482E-A739-806F79411A24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CDAE9D7-4F1E-4F4E-BB17-4C847D775C11}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{5034C11A-8C9C-460E-91E9-79148261094E}" = lport=137 | protocol=17 | dir=in | app=system |
"{55A46DCB-CFDE-4A77-935C-55DC70D222A9}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 |
"{65E016C3-EE69-4E07-9F03-7C30BD60859E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69727D18-F286-42C3-972A-FFD5B3EE416A}" = lport=56510 | protocol=6 | dir=in | name=pando media booster |
"{8622A527-2ACD-4B0D-A5EE-7ED852BE934E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8FED7075-776B-4B1C-A410-AAD5750581ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9483D32D-DCF2-44A3-863F-A60F35485213}" = rport=139 | protocol=6 | dir=out | app=system |
"{A50C3723-AB6E-4940-B101-10119A43F6BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B948EDC5-FD20-450F-A5DC-879160AA2AC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9927E68-1951-4393-A471-E041D98CB481}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD9D73E6-186D-40E5-934C-E590069F4672}" = lport=56510 | protocol=17 | dir=in | name=pando media booster |
"{C268D54F-C897-4958-B899-5B6CF58C8D40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4726E93-31D3-4167-886E-1ECC630C805B}" = lport=138 | protocol=17 | dir=in | app=system |
"{D0EED18C-49F2-4BFD-B724-5ACE276F1C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E718F8C4-914B-4BDF-B071-0EBAE6B807A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB49F79F-ABB6-48D2-91A7-C074AE320D86}" = lport=56510 | protocol=17 | dir=in | name=pando media booster |
"{F1B539AD-DB17-41C3-AD35-3550D02BDBB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBD4486F-5EC8-4B18-A406-C89346B25902}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE8743E8-DBFD-411F-AF27-09DADC3DEFE8}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015DE345-00B7-45AF-882E-205BD908DA74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe |
"{0E5EF8ED-B5B7-4042-A50C-0FD8C882AF5E}" = protocol=6 | dir=in | app=f:\worldofwarcraft\launcher.exe |
"{0FED9BBE-5AA8-45F6-B9C5-5DFFFEDD6777}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{100C6B05-32BC-4FEB-AED4-FD7C2A58951C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{10440278-6C6F-4916-A87A-AEE1B078DD9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10948682-7759-446C-B395-4D2696A94D24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{159BFF6A-624D-481A-821A-C58C09842370}" = protocol=17 | dir=in | app=f:\programme\assassin's creed brotherhood\acbmp.exe |
"{1C08E9CB-FBDC-4A2B-BE8E-52F473D758CF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{1D6DD0FC-5996-4D55-903E-53E949FD8883}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{21C92653-FDDA-4D2B-9660-14E220A49F02}" = protocol=6 | dir=in | app=f:\programme\assassin's creed brotherhood\uplaybrowser.exe |
"{21E1E77B-5604-4BF4-88B2-CA51C2116DCE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{233902B3-34CE-460A-91DA-4B0DAD358ABB}" = protocol=17 | dir=in | app=c:\worldofwarcraft\launcher.exe |
"{2795BE48-E67A-4E28-A73B-1530AB424C0C}" = protocol=6 | dir=in | app=f:\programme\skyrim\skyrimlauncher.exe |
"{28D5D448-9769-41BE-8EE6-36743106DDA5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2DB566EC-C372-4494-B84A-754775E5F5E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33F01FA1-1F4A-4985-9209-73C130F66C14}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3A7C2DFA-0F0B-4848-86B8-00EF4C91C406}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B743593-F7CC-439B-B3A2-BBFE3A542979}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{3C6563F0-015F-4B0D-AE17-89FEBEF8F78A}" = protocol=17 | dir=in | app=f:\programme\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{3F212195-CA67-4BD3-8FCE-D6E3D9ED9F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe |
"{416A5162-B648-4A1A-81AF-B75428D29901}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{420B2A01-62E7-4125-8FCF-9FC9235CCB5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{441EE017-AFA3-4271-BEDA-CD5E47F1E75C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{48A80A05-5FF0-450C-B65E-40E49BA6E28A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B32A8F3-1A52-4F4C-97E4-562EC15CF20F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4EA7F501-48AC-4298-8E10-51A28D989645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F01E89D-BEB8-4423-B8ED-9AB274FBE4F7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{4F601647-A9C8-4F28-807A-14C80E9C2A95}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{5291EEFD-749E-4518-BE83-A55EF5892CD6}" = protocol=6 | dir=in | app=c:\users\root\appdata\roaming\dropbox\bin\dropbox.exe |
"{543363FF-672E-41E1-B9FD-8DD72B6B5565}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5489E6C9-CDEF-48D7-B8BA-13AB6F6A7542}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5760D345-FC00-4294-ABDE-37FE2DA0259A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{58104126-ACE3-49AC-A1D1-5B4EA151BDF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{584F6596-E0DD-4F0C-AD89-364BCDF847D3}" = protocol=6 | dir=in | app=c:\users\root\appdata\roaming\spotify\spotify.exe |
"{590EC1FB-1B80-40C4-823E-F2B5A16FB2D6}" = protocol=17 | dir=in | app=f:\programme\assassin's creed brotherhood\acbsp.exe |
"{5B31FA3D-6929-4161-A613-443830B7C220}" = protocol=17 | dir=in | app=f:\worldofwarcraft\launcher.exe |
"{5CC7435B-BDA5-4C63-B374-F6F3D2192CA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{604D956D-1BB1-4789-B850-52643CEB1CAB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{60E8F0A9-A91B-4CE4-A091-42C691E986D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{67F9A3A4-F11F-473D-A42A-5B5E61030C6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\day of defeat source\hl2.exe |
"{6CC44748-9F39-4E6D-A98A-FC227E315BD4}" = protocol=17 | dir=in | app=f:\programme\assassin's creed brotherhood\uplaybrowser.exe |
"{6D6278BE-CDF1-46DD-A6EA-795D21F149A1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6E4355A9-D420-40FD-A925-1AA5EB689602}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{716E3994-4AC9-40CA-9B1A-8144C336A53B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72221345-573E-44D1-A83F-9484C70E88E1}" = protocol=6 | dir=in | app=f:\programme\assassin's creed brotherhood\acbsp.exe |
"{74A6F875-6BEE-4EA2-B724-D830DDFDF954}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{756D0410-821F-413B-9876-B17ABA43674E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{76EA5A05-0F46-4E22-AAFA-F0AC61F9780A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{775EFA7F-7825-47FA-A5A9-0D017CCF5FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{776EBA35-894B-44BE-B102-0161F875B362}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7CF3B7E1-746C-4289-A173-5200B943BFD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7CF9844C-A1C0-41CE-8914-781C8BA5E2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{801AB2F6-37C9-485D-9DE8-17A06E2E6959}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{82DE83B5-DBE3-4C58-90E1-CD96339C977C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{84F0B43B-A608-4378-8596-6E3E29F6300C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{89076BF9-14DF-4889-BDDA-F3A848C51578}" = protocol=6 | dir=in | app=f:\programme\assassin's creed brotherhood\acbmp.exe |
"{8C479647-1C35-491E-895D-81404100E20E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{8D8CA097-8FB4-4C4F-B706-D7B9E877F409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{90308E65-D289-478A-9264-26329D233215}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{906E15FF-1A49-4540-BB16-CA98EBF06EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{915E26FB-9B0D-4D62-B923-F41ED4B13F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{92F3940B-78F4-4F91-9AB6-8B937AC54C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\day of defeat source\hl2.exe |
"{96F8B66C-792C-4E4C-A83E-6212DA3510F6}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{99D61D84-F7B3-496D-8422-5E499F7C74A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BBA7CE7-A791-4AA8-87D8-DD6BD156D7E9}" = protocol=17 | dir=in | app=f:\programme\skyrim\skyrimlauncher.exe |
"{9DB9BCDA-CF04-48E3-8559-DBA83A6E062B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9F492CFF-6B85-4068-8F6F-10DA71B8F122}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A0CEADCC-6583-4403-BFF4-26912F424701}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A3B10B46-293E-4E4A-8593-1854D46B3474}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A41E97C7-5C20-47F4-A4D8-62396C17E9A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{ABCAEFBC-0DDC-4F65-A4EF-67EDFDEDDC0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AFD501E9-BF92-4920-A96F-00E65FBF85AD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B16B13A1-DF2D-4214-8985-E966E0103555}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1B886E2-B872-4020-9586-600F04928975}" = protocol=17 | dir=in | app=c:\users\root\appdata\roaming\spotify\spotify.exe |
"{B3008BE9-4042-4825-8E04-83135775FC66}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{B49ACC59-3D6E-4B73-9A55-451FF67AB9B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B4EE8BC8-AA10-4AFC-A610-C20D172BD0F9}" = protocol=6 | dir=in | app=f:\programme\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{B7DCD764-518A-45FB-A3DB-799BF2822BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{B92A9F38-E3A3-4466-9D6C-6DE342AD1909}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C18418D7-32CD-496C-BFF5-12D8683D3FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{C1FF3301-51A2-4D79-A9C6-22C9609D3A5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold 2\stronghold2.exe |
"{C36C9B4B-BE56-49BC-8D42-0BEAB2E9BD7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{CB4728AC-393E-4CD6-A3B6-46B8CEC0A682}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CB98BA3B-42B6-4B17-877A-CBA3B1EAFFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC6D8039-01B0-482F-9625-9E2D5224EF60}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CEEBAE1B-B8A8-4033-BCB1-0576CEB5B2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold 2\stronghold2.exe |
"{D4F4A3E5-12FF-4732-89E8-00196A2F3C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA3974E2-54B3-4731-B491-E4997C913A88}" = protocol=6 | dir=out | app=system |
"{DA9EF53E-D657-4295-BE8C-7D271314CC22}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{DBBC3C02-60B1-4E6A-AA55-65EABBB5CDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DE85AA33-3C65-4E6A-81CF-FA0A5F30F3EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF9AE2BC-B72C-4AF3-A181-39867E16DAA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2B4A9B9-5C27-4FEC-AFA7-3744C9C6ABFA}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{E339AD0B-7F85-4651-BC5A-F19640F2CFBF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{E489C9DD-A4C8-484E-892F-A098395CC7AD}" = protocol=17 | dir=in | app=c:\users\root\appdata\roaming\dropbox\bin\dropbox.exe |
"{E87DB0E6-7978-4E26-A14B-8E80CC99A39C}" = protocol=6 | dir=in | app=c:\worldofwarcraft\launcher.exe |
"{F89FEF85-2076-4FB0-8BDF-503C13F48305}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{FCD8EF43-EDF8-402D-B312-152A6A30290F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE1D2E65-A38F-4DF6-AD99-B3125004CF8F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{FF43BD4F-CE17-4968-B070-EC1BEA5C8A00}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0BEB8874-0476-478E-9A6F-087173B76B88}J:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=j:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{0F784764-ED67-4882-9D31-530477CABE41}E:0\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:0\xampp\apache\bin\httpd.exe |
"TCP Query User{155A79AA-F7DF-422E-B28A-9950FCF2101B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{199B67E7-458F-4F65-B13D-3BC3E805164F}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{1B779D56-9D57-40BB-9D00-6E056ADC0ABA}G:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"TCP Query User{2FCC61A1-EBCA-4BB3-8DF4-B40906DD54FD}F:\downloads\phonerbeta\phoner.exe" = protocol=6 | dir=in | app=f:\downloads\phonerbeta\phoner.exe |
"TCP Query User{36332EAB-ADF1-41A0-B400-FCB53FFB5FFB}F:\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=f:\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{3932C51E-8B1F-4E60-BE8C-7D4072A8F252}C:\users\root\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\root\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3BC936A5-E2C9-4E38-AFE8-826683B94578}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4000438D-9739-4B06-AB92-41527CDA5347}F:\worldofwarcraft\launcher.patch.exe" = protocol=6 | dir=in | app=f:\worldofwarcraft\launcher.patch.exe |
"TCP Query User{40F9BE93-254F-4E56-A501-5C379472130D}E:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"TCP Query User{418ED0EB-6C81-4EAF-840C-F4B278291983}C:\worldofwarcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\worldofwarcraft\backgrounddownloader.exe |
"TCP Query User{444511D2-BBD7-4FF7-A833-ECB8BE6E91E8}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{465BDBA5-AAC2-4E7B-902B-02D089B1C793}F:\worldofwarcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\worldofwarcraft\backgrounddownloader.exe |
"TCP Query User{4ED15DDC-4214-4082-AB29-6547F6E8CE63}G:\daten\progs\phraseexpress_portable\phraseexpress.exe" = protocol=6 | dir=in | app=g:\daten\progs\phraseexpress_portable\phraseexpress.exe |
"TCP Query User{4FE41960-B2FB-406C-8B99-28C199CF8B40}C:\users\root\appdata\roaming\utxyv\arpeu.exe" = protocol=6 | dir=in | app=c:\users\root\appdata\roaming\utxyv\arpeu.exe |
"TCP Query User{5641F925-683A-448B-9DB5-4E57FFA61007}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{57DCECD6-62B1-432D-9EDF-5880816234A4}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{5E1390D9-C2F1-4A37-8B02-313BCC537095}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{5FFCF790-CBB4-4BDA-8A5A-2A1356EE4E94}C:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{665EC0F6-E25E-4845-9248-C12B9964DF1E}C:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe |
"TCP Query User{719B54B2-0A51-4581-AD4C-E62274EC8637}E:0\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:0\xampp\mysql\bin\mysqld.exe |
"TCP Query User{756BC394-47BB-4689-A69A-FECA2793AAA3}D:\daten\phraseexpress_portable\phraseexpress.exe" = protocol=6 | dir=in | app=d:\daten\phraseexpress_portable\phraseexpress.exe |
"TCP Query User{7D6938E6-171F-4E58-A70C-5F01BF0771A6}E:\downloads\eigene daten dn\visual basic\laptop\test\server\projekt1.exe" = protocol=6 | dir=in | app=e:\downloads\eigene daten dn\visual basic\laptop\test\server\projekt1.exe |
"TCP Query User{80F8BD19-0DD0-4F41-A606-265C0675241E}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{82F4280C-F957-4AAA-8FBE-14E64B1315D0}C:\program files\eslwire\wire.exe" = protocol=6 | dir=in | app=c:\program files\eslwire\wire.exe |
"TCP Query User{92B6C09A-1DD0-4EEB-8579-895279A11D13}F:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{A0741169-63A2-4DD4-A781-6F3C94BEDF70}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{BBBFB608-90D8-4A0F-A33B-D5400DE6C499}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{CD0B6384-B6FB-446E-A235-6626F44375CF}F:\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=f:\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"TCP Query User{DAC388B3-711D-4DF5-B041-7FAC66ADC676}J:\program files (x86)\polareditoctagon1018\polaredit1018.exe" = protocol=6 | dir=in | app=j:\program files (x86)\polareditoctagon1018\polaredit1018.exe |
"TCP Query User{E17729AA-BA9A-4CC9-92F9-6B2524CBE362}C:\program files (x86)\steam\steamapps\hj88_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hj88_\counter-strike source\hl2.exe |
"TCP Query User{EE6AF65B-1055-40A4-950D-6AD88E1EAB46}C:\worldofwarcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\worldofwarcraft\launcher.patch.exe |
"TCP Query User{F6C1B100-7C40-427F-8E96-A2254F736CF7}H:\phraseexpress_portable\phraseexpress.exe" = protocol=6 | dir=in | app=h:\phraseexpress_portable\phraseexpress.exe |
"UDP Query User{007F4CD5-96F5-4C0F-AB74-46474C394A46}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{00F60976-26CE-403F-BDBB-FEEA35DE4841}F:\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=f:\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"UDP Query User{031DD36B-F2B1-46B7-B7F6-E1FE0463FD51}G:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"UDP Query User{1602CF57-99A2-4947-A72D-54B269DE307E}E:\downloads\eigene daten dn\visual basic\laptop\test\server\projekt1.exe" = protocol=17 | dir=in | app=e:\downloads\eigene daten dn\visual basic\laptop\test\server\projekt1.exe |
"UDP Query User{17301E45-D0EB-4272-8091-35D86C59F8C0}E:0\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:0\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1AECA064-EB71-4321-A6C8-528BCA3AA751}F:\worldofwarcraft\launcher.patch.exe" = protocol=17 | dir=in | app=f:\worldofwarcraft\launcher.patch.exe |
"UDP Query User{1B310080-7B7A-4BD0-B4A0-BA1422012AC0}E:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"UDP Query User{2EB0C645-3618-47A2-9EB0-7D0DE2560A85}J:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=j:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{3239AB4E-055E-471A-B634-25A14B5DF4EF}F:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{35DAE184-2867-41DC-BAA5-52FFBCD36D05}C:\worldofwarcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\worldofwarcraft\launcher.patch.exe |
"UDP Query User{3FBE8429-D6EA-4A75-BE90-3453A9633442}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{42097C9B-2918-40C2-83B5-4B6875BE0D82}C:\users\root\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\root\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{55E996ED-CF3C-4599-88C8-DF682A76BD91}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{5D552DAF-F7BA-4BD7-B4DA-0A2EF3051A6A}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5DCAC263-0954-454E-BC5A-E47018131901}G:\daten\progs\phraseexpress_portable\phraseexpress.exe" = protocol=17 | dir=in | app=g:\daten\progs\phraseexpress_portable\phraseexpress.exe |
"UDP Query User{5FEE2069-E9A8-4CFB-8F78-A1009A40899B}H:\phraseexpress_portable\phraseexpress.exe" = protocol=17 | dir=in | app=h:\phraseexpress_portable\phraseexpress.exe |
"UDP Query User{7217DB20-0AF0-403B-818B-85100C29006E}F:\downloads\phonerbeta\phoner.exe" = protocol=17 | dir=in | app=f:\downloads\phonerbeta\phoner.exe |
"UDP Query User{73FE9201-D151-4430-A7E6-941F1E2E29AC}C:\program files (x86)\steam\steamapps\hj88_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hj88_\counter-strike source\hl2.exe |
"UDP Query User{752AD137-5F57-4D34-BBFF-1282C95B2965}J:\program files (x86)\polareditoctagon1018\polaredit1018.exe" = protocol=17 | dir=in | app=j:\program files (x86)\polareditoctagon1018\polaredit1018.exe |
"UDP Query User{8BB68EBC-ECBD-427A-AD51-36DE6E8DF28C}C:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\steamname\counter-strike source\hl2.exe |
"UDP Query User{9905C71A-F6F2-4477-BF88-1E0557E3F12B}E:0\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:0\xampp\apache\bin\httpd.exe |
"UDP Query User{9C56FBAF-AC03-4133-BC19-A0D50804FAF8}C:\worldofwarcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\worldofwarcraft\backgrounddownloader.exe |
"UDP Query User{9D94C300-6F4F-4207-AF85-9A284DBEB50C}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{B5E32D07-81A4-4046-B155-47011D3F9F06}C:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\worldofwarcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{BA5A9996-3A8B-4C72-889C-22A10398E757}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{C43DFB6A-DE31-4F68-AC08-F13EC8B4C3FF}C:\program files\eslwire\wire.exe" = protocol=17 | dir=in | app=c:\program files\eslwire\wire.exe |
"UDP Query User{C7025BF1-8B9E-4AD2-9119-60EFCD675A89}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C72E3E22-C7C7-4A77-B972-1EAC6CBDDFA3}F:\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=f:\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{CD517C4B-1355-4482-A7D9-101F1C5402D3}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{D4D8C1D0-BECF-4641-8C21-F44259B88FCF}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{E14278B3-3AC3-43D0-B20A-DB4FC224D208}C:\users\root\appdata\roaming\utxyv\arpeu.exe" = protocol=17 | dir=in | app=c:\users\root\appdata\roaming\utxyv\arpeu.exe |
"UDP Query User{F0135211-6111-48C5-8041-17C2E81E06FF}F:\worldofwarcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\worldofwarcraft\backgrounddownloader.exe |
"UDP Query User{F1A544B4-5D6A-4C5D-8A1C-1850F70EB6D1}D:\daten\phraseexpress_portable\phraseexpress.exe" = protocol=17 | dir=in | app=d:\daten\phraseexpress_portable\phraseexpress.exe |
"UDP Query User{F3B48590-A19F-4C8E-A6BA-5D08E1B07013}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.13
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"GameSpy Arcade" = GameSpy Arcade
"HyperSnap 7" = HyperSnap 7
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LOLReplay" = LOLReplay
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 3.0.79 (remove only)
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 300" = Day of Defeat: Source
"Steam App 40960" = Stronghold 2
"Steam App 40970" = Stronghold Crusader + Extreme
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"Wireshark" = Wireshark 1.6.5
"ZOTAC FireStorm" = ZOTAC FireStorm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.3.4
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.07.2012 14:23:43 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4febb13c Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ff1ec29 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6c5be279
ID
des fehlerhaften Prozesses: 0x1ad0 Startzeit der fehlerhaften Anwendung: 0x01cd5c6b3719bef6
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\steamname\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
e1c64518-c860-11e1-84de-8c89a5867258
Error - 07.07.2012 20:06:13 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4febb13c Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ff1ec29 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7125e279
ID
des fehlerhaften Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0x01cd5c99cf5f3bce
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\steamname\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
ba85cdba-c890-11e1-84de-8c89a5867258
Error - 08.07.2012 11:31:18 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold Crusader.exe, Version:
1.0.0.1, Zeitstempel: 0x4a66f6ce Name des fehlerhaften Moduls: Stronghold Crusader.exe,
Version: 1.0.0.1, Zeitstempel: 0x4a66f6ce Ausnahmecode: 0xc0000005 Fehleroffset:
0x0008a604 ID des fehlerhaften Prozesses: 0x15f0 Startzeit der fehlerhaften Anwendung:
0x01cd5d1da3bfed60 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
crusader extreme\Stronghold Crusader.exe Pfad des fehlerhaften Moduls: c:\program
files (x86)\steam\steamapps\common\stronghold crusader extreme\Stronghold Crusader.exe
Berichtskennung:
f615a845-c911-11e1-8a45-8c89a5867258
Error - 08.07.2012 12:33:33 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: MSVCR71.dll, Version: 7.10.3052.4,
Zeitstempel: 0x3e561eac Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c312 ID des fehlerhaften
Prozesses: 0x1238 Startzeit der fehlerhaften Anwendung: 0x01cd5d27467ac5b5 Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\stronghold
2\MSVCR71.dll Berichtskennung: a7f42d20-c91a-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:52:01 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: granny2.dll, Version: 2.6.0.14,
Zeitstempel: 0x43f625dd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00031b1d ID des fehlerhaften
Prozesses: 0x584 Startzeit der fehlerhaften Anwendung: 0x01cd5d29f52a13b5 Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\stronghold
2\granny2.dll Berichtskennung: 3c5c4250-c91d-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:52:31 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: granny2.dll, Version: 2.6.0.14,
Zeitstempel: 0x43f625dd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00031b1d ID des fehlerhaften
Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01cd5d2a016ef923 Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\stronghold
2\granny2.dll Berichtskennung: 4ea1cd9d-c91d-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:53:53 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: Stronghold2.exe, Version:
1.4.0.0, Zeitstempel: 0x4ab39c11 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00300002
ID
des fehlerhaften Prozesses: 0x145c Startzeit der fehlerhaften Anwendung: 0x01cd5d2a337a11d9
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Berichtskennung: 7f5da51a-c91d-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:53:56 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: MSVCR71.dll, Version: 7.10.3052.4,
Zeitstempel: 0x3e561eac Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007835 ID des fehlerhaften
Prozesses: 0x145c Startzeit der fehlerhaften Anwendung: 0x01cd5d2a337a11d9 Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\stronghold
2\MSVCR71.dll Berichtskennung: 81653c86-c91d-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:56:57 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fb0a ID des fehlerhaften
Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0x01cd5d2a45f023bc Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ecc9a754-c91d-11e1-ba38-8c89a5867258
Error - 08.07.2012 12:58:43 | Computer Name = daniel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 1.4.0.0,
Zeitstempel: 0x4ab39c11 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fb0a ID des fehlerhaften
Prozesses: 0x33c Startzeit der fehlerhaften Anwendung: 0x01cd5d2acee9c63e Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\stronghold
2\Stronghold2.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2bf9cf8f-c91e-11e1-ba38-8c89a5867258
[ System Events ]
Error - 10.07.2012 12:14:44 | Computer Name = daniel | Source = DCOM | ID = 10005
Description =
Error - 10.07.2012 12:14:49 | Computer Name = daniel | Source = DCOM | ID = 10005
Description =
Error - 10.07.2012 12:15:04 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:04 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:04 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:04 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:06 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:06 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:15:06 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.07.2012 12:16:39 | Computer Name = daniel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 10.07.2012 18:49:50 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,28% Memory free
15,95 Gb Paging File | 14,68 Gb Available in Paging File | 92,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 84,99 Gb Free Space | 35,64% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 99,03 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 791,08 Gb Free Space | 84,92% Space Free | Partition Type: NTFS
Drive J: | 232,79 Gb Total Space | 20,88 Gb Free Space | 8,97% Space Free | Partition Type: NTFS
Computer Name: DANIEL | User Name: root | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.10 18:48:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.06.16 16:34:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.16 16:34:47 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.09 17:34:27 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.03 16:41:12 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2012.07.02 12:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.06.23 10:35:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 15:10:39 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.16 16:34:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.11 22:29:37 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.07.06 07:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.07.06 07:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 16:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.16 19:16:26 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.07 01:44:51 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.09.29 18:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.23 20:30:18 | 000,033,160 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wod0205.sys -- (wod0205)
DRV:64bit: - [2011.03.14 11:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.14 11:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.07.09 17:34:16 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.07.09 17:34:15 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010.10.22 11:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 11:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2010.01.18 11:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 74 58 89 C3 5B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..extensions.enabledItems: {6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}:1.2.0
FF - prefs.js..extensions.enabledItems: chris.tomlinson@keefox:0.70
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {09F060FA-566D-42D7-BF79-97AB30863433}:11.1.6.9453
FF - prefs.js..extensions.enabledItems: {00F0643E-B367-4779-B45D-7046EBA37A88}:11.1.6.9453
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 16:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.19 21:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.03.16 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2012.06.30 09:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\6b2kwd5b.default\extensions
[2012.06.13 17:31:13 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\6b2kwd5b.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.03.16 17:55:43 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\6b2kwd5b.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.03.16 17:55:43 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\6b2kwd5b.default\extensions\DeviceDetection@logitech.com
[2012.01.28 17:05:01 | 000,000,727 | ---- | M] () -- C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\6b2kwd5b.default\searchplugins\phpnet.xml
[2010.03.27 23:16:53 | 000,001,767 | ---- | M] () -- C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\6b2kwd5b.default\searchplugins\wowdbbuffedde.xml
[2012.04.26 19:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.27 21:23:32 | 000,075,799 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
[2011.12.11 10:14:11 | 000,520,267 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.28 20:59:26 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.11 10:14:11 | 000,688,596 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.01.07 20:40:16 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2012.01.28 17:01:23 | 000,025,781 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
[2011.10.28 20:59:19 | 000,221,023 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2011.12.11 10:14:12 | 001,242,930 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.12.13 22:27:44 | 000,091,081 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\FIREPHPEXTENSION-BUILD@FIREPHP.ORG.XPI
[2012.02.18 17:22:31 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6B2KWD5B.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.06.16 16:34:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.03.23 00:12:54 | 000,000,870 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BootStartBRC] C:\Program Files (x86)\MSI\BiosRomCheck\BootStartBiosRomCheck.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [HtsApp] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\root\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0B3147-7277-4817-B702-110F64F3E848}: Domain = fritz.box
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0B3147-7277-4817-B702-110F64F3E848}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\root\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig:64bit - StartUpReg: Super-Charger - hkey= - key= - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012.07.09 17:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.07.09 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.09 17:30:35 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\Anti-Malware
[2012.07.09 17:22:28 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.07.09 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.07.08 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\My Cheat Tables
[2012.07.08 22:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.07.08 22:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.07.08 22:35:48 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.07.08 22:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.07.08 21:19:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Muheza
[2012.07.08 21:19:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Hoqoq
[2012.07.08 21:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.07.08 18:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2012.07.08 18:32:50 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\Stronghold 2
[2012.07.08 17:45:23 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.07.08 17:44:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\LogMeIn Hamachi
[2012.07.08 17:12:02 | 000,000,000 | ---D | C] -- C:\Users\root\temp
[2012.07.08 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\Tunngle
[2012.07.08 17:10:38 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Tunngle
[2012.07.08 17:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2012.07.08 17:10:37 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2012.07.08 17:06:08 | 000,033,160 | ---- | C] (WeOnlyDo Software) -- C:\Windows\SysNative\drivers\wod0205.sys
[2012.07.08 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Wippien
[2012.07.08 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Wippien
[2012.07.08 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\Stronghold Crusader
[2012.07.07 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2012.06.29 17:22:31 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\ManyCam
[2012.06.29 17:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.06.29 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\ManyCam
[2012.06.29 17:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.06.29 17:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.06.29 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.06.27 11:39:05 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\ElevatedDiagnostics
[2012.06.26 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Hyperionics
[2012.06.26 10:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012.06.23 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\Dynamic PHP_CSS menu by roScripts-Dateien
[2012.06.23 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Macromedia
[2012.06.20 20:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.06.19 18:44:43 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\test_fag3
[2012.06.18 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Subversion
[2012.06.16 20:15:40 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\76629
[2012.06.16 00:34:55 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\HLSW
[2012.06.15 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
[2012.06.15 22:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESEA
[2012.06.15 22:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESEA
[2012.06.12 17:36:14 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\Neuer Ordner
========== Files - Modified Within 30 Days ==========
[2012.07.10 18:19:14 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.10 18:19:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.10 18:19:14 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.10 18:19:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.10 18:19:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.10 18:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 18:14:36 | 2126,118,911 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.09 23:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 18:34:19 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 18:34:19 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 18:34:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.09 17:49:26 | 000,010,132 | ---- | M] () -- C:\Users\root\Desktop\test123
[2012.07.09 17:40:56 | 000,000,047 | ---- | M] () -- C:\Users\root\AppData\Roaming\mbam.context.scan
[2012.07.09 17:30:48 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.09 17:22:28 | 000,002,971 | ---- | M] () -- C:\Users\root\Desktop\HiJackThis.lnk
[2012.07.08 17:56:43 | 000,337,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.04 23:28:48 | 000,000,990 | ---- | M] () -- C:\Users\root\Desktop\ESEA Client.lnk
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 16:41:12 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.07.03 16:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.06.29 17:22:34 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.27 21:48:17 | 000,012,297 | ---- | M] () -- C:\Users\root\Desktop\FENSTER_TROLOLOL.png
[2012.06.23 21:57:09 | 000,000,600 | ---- | M] () -- C:\Users\root\winscp.RND
[2012.06.23 21:38:09 | 000,000,098 | ---- | M] () -- C:\Windows\config6.ini
[2012.06.23 12:20:49 | 000,001,451 | ---- | M] () -- C:\Users\root\Desktop\Dynamic PHP_CSS menu by roScripts.htm
[2012.06.20 20:42:50 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.06.18 23:47:19 | 000,118,684 | ---- | M] () -- C:\Users\root\Desktop\886535_02.jpg
[2012.06.17 21:50:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.17 21:50:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.17 21:49:54 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.16 20:15:09 | 003,830,344 | R--- | M] () -- C:\Users\root\Desktop\76629.zip
[2012.06.15 22:51:31 | 000,009,119 | ---- | M] () -- C:\Users\root\Desktop\Aufnahme1.png
[2012.06.12 19:47:31 | 000,037,018 | ---- | M] () -- C:\Users\root\Desktop\GCountries.rar
[2012.06.11 20:16:48 | 000,002,000 | -H-- | M] () -- C:\Users\root\Documents\Default.rdp
========== Files Created - No Company Name ==========
[2012.07.09 17:49:26 | 000,010,132 | ---- | C] () -- C:\Users\root\Desktop\test123
[2012.07.09 17:40:56 | 000,000,047 | ---- | C] () -- C:\Users\root\AppData\Roaming\mbam.context.scan
[2012.07.09 17:30:48 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.07.09 17:22:28 | 000,002,971 | ---- | C] () -- C:\Users\root\Desktop\HiJackThis.lnk
[2012.06.29 17:22:34 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.27 21:48:17 | 000,012,297 | ---- | C] () -- C:\Users\root\Desktop\FENSTER_TROLOLOL.png
[2012.06.26 09:31:55 | 000,315,392 | ---- | C] () -- C:\Users\root\Desktop\no_ds_pg.exe
[2012.06.26 09:31:55 | 000,001,673 | ---- | C] () -- C:\Users\root\Desktop\mk_bcdentry.cmd
[2012.06.23 12:20:48 | 000,001,451 | ---- | C] () -- C:\Users\root\Desktop\Dynamic PHP_CSS menu by roScripts.htm
[2012.06.20 20:42:50 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.06.18 23:47:19 | 000,118,684 | ---- | C] () -- C:\Users\root\Desktop\886535_02.jpg
[2012.06.16 20:15:04 | 003,830,344 | R--- | C] () -- C:\Users\root\Desktop\76629.zip
[2012.06.15 22:56:45 | 000,000,990 | ---- | C] () -- C:\Users\root\Desktop\ESEA Client.lnk
[2012.06.15 22:51:31 | 000,009,119 | ---- | C] () -- C:\Users\root\Desktop\Aufnahme1.png
[2012.06.12 19:47:29 | 000,037,018 | ---- | C] () -- C:\Users\root\Desktop\GCountries.rar
[2012.06.11 15:16:57 | 000,345,600 | ---- | C] () -- C:\Windows\SysNative\K8055D.dll
[2012.06.05 21:20:06 | 000,873,303 | ---- | C] () -- C:\Users\root\AppData\Local\census.cache
[2012.06.05 21:19:58 | 000,115,305 | ---- | C] () -- C:\Users\root\AppData\Local\ars.cache
[2012.06.05 21:12:21 | 000,000,036 | ---- | C] () -- C:\Users\root\AppData\Local\housecall.guid.cache
[2012.04.23 22:24:11 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.31 11:54:42 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.27 16:54:09 | 000,007,656 | ---- | C] () -- C:\Users\root\AppData\Local\Resmon.ResmonCfg
[2012.03.23 22:58:51 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Local\PUTTY.RND
[2012.03.23 22:58:05 | 000,000,600 | ---- | C] () -- C:\Users\root\winscp.RND
[2012.03.22 23:42:59 | 000,000,218 | ---- | C] () -- C:\Users\root\.recently-used.xbel
[2012.03.20 23:06:57 | 000,000,098 | ---- | C] () -- C:\Windows\config6.ini
[2012.03.16 21:27:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.16 21:27:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
========== LOP Check ==========
[2012.03.31 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\.minecraft
[2012.07.09 18:27:16 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Dropbox
[2012.04.10 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\e-academy Inc
[2012.07.06 20:08:49 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software
[2012.03.22 23:38:20 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\gtk-2.0
[2012.06.16 00:35:08 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\HLSW
[2012.07.08 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Hoqoq
[2012.06.26 10:03:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Hyperionics
[2012.03.16 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech
[2012.03.17 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\LolClient
[2012.05.24 18:48:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\LolClient2
[2012.06.29 17:59:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ManyCam
[2012.07.08 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Muheza
[2012.03.16 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++
[2012.03.16 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Origin
[2012.03.16 21:27:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PunkBuster
[2012.03.17 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Scooter Software
[2012.06.28 18:00:31 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Spotify
[2012.06.18 20:24:40 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Subversion
[2012.03.24 16:14:49 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\TeamViewer
[2012.03.16 18:58:44 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird
[2012.03.22 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\TrueCrypt
[2012.07.08 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Tunngle
[2012.03.19 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Ubisoft
[2012.07.08 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Wippien
[2012.03.22 23:51:07 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Wireshark
[2012.05.27 08:45:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.03.24 20:05:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.09 18:31:43 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.05.12 05:23:48 | 000,000,000 | ---D | M] -- C:\Diablo-III-8370-deDE-Installer
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.03.16 17:05:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.05.12 18:34:36 | 000,000,000 | ---D | M] -- C:\Fraps
[2012.03.16 17:06:51 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.17 10:50:11 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.05.27 22:10:40 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.08 17:06:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.09 18:31:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.08 18:33:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.03.16 17:05:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.16 17:05:20 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.16 22:30:39 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.03.16 19:36:53 | 000,000,000 | -H-D | M] -- C:\SuperChargerProfile
[2012.07.09 18:31:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.05.27 22:01:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.06 18:54:08 | 000,000,000 | ---D | M] -- C:\Windows
[2012.06.07 23:43:03 | 000,000,000 | ---D | M] -- C:\WorldofWarcraft
[2012.04.13 23:03:36 | 000,000,000 | ---D | M] -- C:\XAMPP
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Users\root\Desktop\nLite\treiber\AHCI\f6flpy32\F32\iastor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.03.22 23:42:59 | 000,000,218 | ---- | M] () -- C:\Users\root\.recently-used.xbel
[2012.07.10 18:51:17 | 007,077,888 | -HS- | M] () -- C:\Users\root\NTUSER.DAT
[2012.07.10 18:51:17 | 000,262,144 | -HS- | M] () -- C:\Users\root\ntuser.dat.LOG1
[2012.03.16 17:05:21 | 000,000,000 | -HS- | M] () -- C:\Users\root\ntuser.dat.LOG2
[2012.03.16 17:10:58 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.03.16 17:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.03.16 17:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.03.16 17:05:21 | 000,000,020 | -HS- | M] () -- C:\Users\root\ntuser.ini
[2012.06.23 21:57:09 | 000,000,600 | ---- | M] () -- C:\Users\root\winscp.RND
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< End of report >
--- --- --- |
