| |
| |||||||
Log-Analyse und Auswertung: Computer infiziert? Latenz und InternetproblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2012, 13:57
| #1 |
| |  Computer infiziert? Latenz und Internetprobleme Hallo liebe Experten. Ich würde mich freuen, wenn jemand einen Blick auf mein Logfile werfen könnte. Habe die Anleitung durchgearbeitet und mit OTL den PC gescannt. Ich habe starke Probleme mit meiner Latenz bzw. generell sehr starke Schwankungen meiner Internetleistung. Kaspersky hat zwar nichts gefunden, trotzdem habe ich den Verdacht einen Virus zu haben. Vlt liegt es auch am Router. Aber bevor ich mir einen neuen zulege wollte ich erst das Virus Thema ausschließen. Unten habe ich auch noch einen Screenshot auf dem man die Geräte im Netzwerk sieht. Zwei davon kenne ich nicht. Vlt bedeutet das ja was. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2012 14:03:24 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\BASTI\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,28% Memory free 8,00 Gb Paging File | 6,52 Gb Available in Paging File | 81,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 51,04 Gb Free Space | 10,96% Space Free | Partition Type: NTFS Drive D: | 7,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 867,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BASTIS_FREUND | User Name: BASTI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.09 14:02:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\BASTI\Downloads\OTL.exe PRC - [2012.05.19 13:58:02 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.04.27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.04.24 16:48:03 | 008,674,800 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe PRC - [2012.01.07 13:03:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.05.19 13:58:08 | 000,115,137 | ---- | M] () -- C:\Users\BASTI\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2012.05.19 13:58:02 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.10 09:11:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.10 09:10:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 09:09:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.09 09:03:46 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll MOD - [2012.05.09 09:03:35 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll MOD - [2012.05.09 09:03:28 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll MOD - [2012.05.09 09:03:27 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 09:01:02 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll MOD - [2012.05.09 09:00:59 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.09 09:00:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.09 09:00:55 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll MOD - [2012.05.09 09:00:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.09 09:00:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.09 09:00:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.04.24 16:48:03 | 000,422,896 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll MOD - [2012.04.24 16:48:03 | 000,232,944 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll MOD - [2012.04.24 16:48:03 | 000,230,384 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll MOD - [2012.04.24 16:48:03 | 000,159,216 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll MOD - [2011.05.12 12:19:06 | 007,859,200 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll MOD - [2011.05.12 12:19:06 | 002,210,816 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll MOD - [2011.05.12 12:19:06 | 000,814,080 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll MOD - [2011.05.12 12:19:06 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll MOD - [2011.05.12 12:19:06 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.03.30 19:45:38 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.04.28 16:14:16 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.11 09:21:22 | 000,784,792 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.01.22 16:15:32 | 002,230,416 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.01.07 13:03:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.28 10:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService) SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.23 11:49:17 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.16 21:27:38 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.23 11:48:46 | 000,323,472 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.06.24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=8db3bb41-d0ca-11e0-a4eb-6c626d75f077 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{42E5F45D-913F-44CE-8588-8CD61DE03E54}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=8db3bb41-d0ca-11e0-a4eb-6c626d75f077&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=8db3bb41-d0ca-11e0-a4eb-6c626d75f077 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 A1 9E 19 A2 9B CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {D080E886-EC6C-4E79-8A2F-60D751C7FAA2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{42E5F45D-913F-44CE-8588-8CD61DE03E54}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{A19CDEB3-F605-4670-A850-EFC53C2A7C90}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=8db3bb41-d0ca-11e0-a4eb-6c626d75f077&q={searchTerms} IE - HKCU\..\SearchScopes\{D080E886-EC6C-4E79-8A2F-60D751C7FAA2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1&cf=8db3bb41-d0ca-11e0-a4eb-6c626d75f077" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BASTI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BASTI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.10.21 19:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.10.21 19:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.10.21 19:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.02 00:04:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2012.02.25 12:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2012.02.20 18:50:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.21 18:14:02 | 000,000,000 | ---D | M] [2010.12.14 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BASTI\AppData\Roaming\mozilla\Extensions [2012.06.02 15:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BASTI\AppData\Roaming\mozilla\Firefox\Profiles\fhhxxgsu.default\extensions [2011.11.23 22:22:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\BASTI\AppData\Roaming\mozilla\Firefox\Profiles\fhhxxgsu.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} [2011.08.27 16:41:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\BASTI\AppData\Roaming\mozilla\Firefox\Profiles\fhhxxgsu.default\extensions\firefox@tvunetworks.com [2012.06.02 15:04:05 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\BASTI\AppData\Roaming\mozilla\Firefox\Profiles\fhhxxgsu.default\extensions\netvideohunter@netvideohunter.com [2011.04.04 19:57:36 | 000,002,002 | ---- | M] () -- C:\Users\BASTI\AppData\Roaming\Mozilla\Firefox\Profiles\fhhxxgsu.default\searchplugins\donnerwetter.xml [2011.04.06 16:48:47 | 000,002,740 | ---- | M] () -- C:\Users\BASTI\AppData\Roaming\Mozilla\Firefox\Profiles\fhhxxgsu.default\searchplugins\imdb.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\BASTI\AppData\Roaming\Mozilla\Firefox\Profiles\fhhxxgsu.default\searchplugins\startsear.xml [2012.04.11 22:40:06 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.04.11 22:40:06 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF [2012.01.18 17:17:44 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHHXXGSU.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI [2012.06.02 15:00:05 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHHXXGSU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.02 15:00:04 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHHXXGSU.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Orbit Downloader (Disabled) = C:\Users\BASTI\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Google Update (Enabled) = C:\Users\BASTI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - Extension: Angry Birds = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Bouncy Mouse = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\ CHR - Extension: VshareComplete plugin for chrome = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\.orig CHR - Extension: AdBlock = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\ CHR - Extension: Facebook Video = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfampnnghmhngkollbpnnlgdbmjipidk\2.2.6_0\ CHR - Extension: Cargo Bridge = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: vshare plugin = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\ CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\BASTI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011.06.30 15:46:53 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\BASTI\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\WinDir\Svchosst.exe O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E9629DE-3E7F-44F3-AC01-AB1E363BEEAA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O27:64bit: - HKLM IFEO\veohwebplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\wegame.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\veohwebplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\wegame.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2012.02.23 18:51:58 | 000,000,080 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{21f3e29f-bc33-11e0-ace0-6c626d75f077}\Shell - "" = AutoRun O33 - MountPoints2\{21f3e29f-bc33-11e0-ace0-6c626d75f077}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{3240b74b-e5c9-11e0-9078-6c626d75f077}\Shell - "" = AutoRun O33 - MountPoints2\{3240b74b-e5c9-11e0-9078-6c626d75f077}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2012.02.23 19:07:18 | 001,594,696 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.04 01:09:06 | 000,000,000 | ---D | C] -- C:\Users\BASTI\AppData\Roaming\Tropico 4 [2012.06.04 01:08:31 | 000,000,000 | ---D | C] -- C:\Users\BASTI\AppData\Roaming\Kalypso Media [2012.06.04 00:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media [2012.06.02 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\BASTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012.06.02 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\BASTI\Desktop\Fraps v3.4.7.13808 [2012.05.30 08:29:18 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012.05.30 08:29:14 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012.05.21 14:07:25 | 000,000,000 | ---D | C] -- C:\Users\BASTI\Documents\FLiNGTrainer [2012.05.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\BASTI\Desktop\Neuer Ordner (2) [2012.05.19 14:02:23 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.05.19 14:02:23 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.05.19 13:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.05.19 13:11:59 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.02.26 15:00:24 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\BASTI\AppData\Roaming\MinecraftSP.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.09 14:01:33 | 000,000,168 | ---- | M] () -- C:\Users\BASTI\defogger_reenable [2012.06.09 13:19:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4154261489-1260865570-2883060403-1001UA.job [2012.06.09 11:30:50 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.09 11:30:50 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.09 11:23:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.08 23:41:15 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.08 23:41:15 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.08 23:41:15 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.08 23:41:15 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.08 23:41:15 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.08 19:29:50 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4154261489-1260865570-2883060403-1001Core.job [2012.06.02 14:57:57 | 000,055,692 | ---- | M] () -- C:\Users\BASTI\Desktop\http___static.ak.fbcdn.net_rsrc.php_v1_y2_r_5l8_EVv_jyW.swf [2012.06.02 14:19:20 | 000,000,572 | ---- | M] () -- C:\Users\BASTI\Desktop\Fraps.lnk [2012.06.02 14:08:15 | 000,020,992 | ---- | M] () -- C:\Users\BASTI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.30 08:29:18 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012.05.24 11:20:52 | 000,002,406 | ---- | M] () -- C:\Users\BASTI\Desktop\Google Chrome.lnk [2012.05.19 13:56:33 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.05.11 19:13:28 | 000,000,219 | ---- | M] () -- C:\Users\BASTI\Desktop\Dota 2.url [2012.05.11 15:20:53 | 000,001,344 | ---- | M] () -- C:\Users\BASTI\Desktop\Herunterfahren.lnk [2012.05.11 14:34:26 | 000,000,146 | ---- | M] () -- C:\Users\BASTI\Desktop\Sound - Verknüpfung.lnk [2012.05.11 14:33:32 | 000,000,355 | ---- | M] () -- C:\Users\BASTI\Desktop\Computer - Verknüpfung.lnk [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.09 14:01:33 | 000,000,168 | ---- | C] () -- C:\Users\BASTI\defogger_reenable [2012.06.02 14:57:04 | 000,055,692 | ---- | C] () -- C:\Users\BASTI\Desktop\http___static.ak.fbcdn.net_rsrc.php_v1_y2_r_5l8_EVv_jyW.swf [2012.06.02 14:19:20 | 000,000,572 | ---- | C] () -- C:\Users\BASTI\Desktop\Fraps.lnk [2012.05.19 13:56:33 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.05.11 19:13:28 | 000,000,219 | ---- | C] () -- C:\Users\BASTI\Desktop\Dota 2.url [2012.05.11 15:20:30 | 000,001,344 | ---- | C] () -- C:\Users\BASTI\Desktop\Herunterfahren.lnk [2012.05.11 14:34:26 | 000,000,146 | ---- | C] () -- C:\Users\BASTI\Desktop\Sound - Verknüpfung.lnk [2012.05.11 14:33:32 | 000,000,355 | ---- | C] () -- C:\Users\BASTI\Desktop\Computer - Verknüpfung.lnk [2012.04.21 12:32:50 | 000,000,132 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.02.18 01:10:41 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.12 17:57:52 | 000,020,992 | ---- | C] () -- C:\Users\BASTI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.19 22:13:34 | 000,058,115 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\BASTI3SQLite3.dll [2011.06.02 15:35:21 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.31 15:13:12 | 000,000,132 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.03.16 10:22:32 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.16 10:22:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.16 09:05:05 | 000,017,408 | ---- | C] () -- C:\Users\BASTI\AppData\Local\WebpageIcons.db [2011.03.02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.02.26 15:00:24 | 000,290,797 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\minecraft_name.jar [2011.02.26 15:00:24 | 000,232,501 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\Minecraft.exe [2011.02.26 15:00:24 | 000,051,765 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\Minecraft.jar [2011.02.26 15:00:24 | 000,030,304 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\mod_ZanMinimap.class [2011.02.26 15:00:24 | 000,010,251 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\roundmap.png [2011.02.26 15:00:24 | 000,003,310 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\waypoint.png [2011.02.26 15:00:24 | 000,003,305 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\minimap.png [2011.02.26 15:00:24 | 000,003,257 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\compass.png [2011.02.26 15:00:24 | 000,003,169 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\mmarrow.png [2011.02.26 15:00:24 | 000,002,874 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\marker.png [2011.02.26 15:00:24 | 000,000,848 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\Waypoint.class [2011.02.26 15:00:24 | 000,000,133 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\zan.settings [2011.02.26 15:00:24 | 000,000,008 | ---- | C] () -- C:\Users\BASTI\AppData\Roaming\lastlogin [2011.02.24 01:45:53 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.01.08 18:45:28 | 000,147,814 | ---- | C] () -- C:\Windows\hphins32.dat [2011.01.08 18:45:28 | 000,000,558 | ---- | C] () -- C:\Windows\hphmdl32.dat [2010.12.14 18:24:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.05.06 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\.minecraft [2012.04.21 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\.minecraft_xray [2011.11.18 22:42:35 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Atari [2011.07.30 15:23:28 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Audacity [2011.09.16 00:57:52 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\bin [2011.09.12 20:12:56 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.03.16 17:14:24 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\CheckPoint [2011.02.10 02:21:16 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\DAEMON Tools Lite [2011.09.12 18:22:59 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\DVDVideoSoft [2011.01.04 03:46:25 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.14 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Easeware [2012.04.14 19:12:22 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\FLAC to MP3 Converter [2012.05.14 05:22:48 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\foobar2000 [2011.12.29 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\FreeFLVConverter [2011.02.27 17:40:04 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\GHISLER [2012.01.30 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\GrabPro [2012.03.23 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\ICQ [2012.06.04 01:08:31 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Kalypso Media [2011.02.06 23:28:04 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\LolClient [2011.02.25 19:33:30 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\minecraft_name_src [2011.02.26 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Minimap [2011.02.27 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Mp3tag [2011.09.22 09:47:30 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\OpenCandy [2010.12.18 02:38:01 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\OpenOffice.org [2012.02.10 19:13:23 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Orbit [2012.01.07 12:59:07 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Origin [2011.09.12 17:43:18 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\PACE Anti-Piracy [2012.04.22 00:54:46 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\PC Cleaners [2012.04.22 01:07:14 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\PCPro [2012.01.30 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\ProgSense [2011.02.14 16:20:06 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\ProtectDisc [2011.03.16 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\PunkBuster [2011.02.25 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\resources [2012.05.19 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Samsung [2011.01.20 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\saves [2011.08.02 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Sierra [2011.08.10 02:19:40 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Sierra Entertainment [2012.01.18 17:59:29 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Simfy [2011.10.17 02:39:44 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Spore [2011.10.17 02:44:57 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\SPORE Creature Creator [2011.03.31 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.05.19 13:57:40 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Temp [2011.01.03 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\texturepacks [2011.10.29 14:55:48 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Thunderbird [2012.06.08 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Tropico 4 [2012.04.24 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\TS3Client [2012.04.22 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\TuneUp Software [2011.12.03 19:48:42 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Ubisoft [2011.11.23 22:25:37 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\VshareComplete [2011.06.19 23:51:14 | 000,000,000 | RHSD | M] -- C:\Users\BASTI\AppData\Roaming\WinDir [2005.10.06 06:47:08 | 000,000,000 | RHSD | M] -- C:\Users\BASTI\AppData\Roaming\windows [2011.05.05 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\BASTI\AppData\Roaming\Wuala [2012.05.19 13:53:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 991 bytes -> C:\Users\BASTI\AppData\Local\0uZAvrGkw29TwXO:TdKW8uZqCsI14xSsnzGIKBX0aS @Alternate Data Stream - 977 bytes -> C:\Users\BASTI\AppData\Local\KIFPVnZIz2xT2:0T4q3sbT6lUXnHFW9WR @Alternate Data Stream - 1110 bytes -> C:\Users\BASTI\AppData\Local\DMVbgRPO13lpA0T:GaBAvE8KaCwnifye1h0kv < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2012 14:03:24 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\BASTI\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,28% Memory free
8,00 Gb Paging File | 6,52 Gb Available in Paging File | 81,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 51,04 Gb Free Space | 10,96% Space Free | Partition Type: NTFS
Drive D: | 7,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 867,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BASTIS_FREUND | User Name: BASTI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137392B-C110-46F5-88FC-A162A502688D}" = rport=445 | protocol=6 | dir=out | app=system |
"{0365A3C4-9D92-439C-B3BA-43C2E5BCB5A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C5B8539-C0B9-46DF-9AE8-DD3E8DD7DEE9}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |
"{16594A69-DC19-43B2-8A85-7AC1C8883DE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{193E84A8-2096-4AF2-AA22-4BEAE1F2DCDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{24E2195A-7AD2-4568-8A98-70A121AE7B9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33BCC6E0-7439-4CF3-9DFA-D595BD61C66E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4E2015BA-83D7-488B-9280-146C5EC2879D}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{5C3A9FFD-8E6E-481F-905D-A5ECFE8F2071}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B527737-840F-4CF9-B7FB-058FD7B4E9D2}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{6EDFC84B-FDF2-4FBE-A50E-7E757E184EEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{7704CF45-A2F8-4A61-B2D6-5013E611D65D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83788869-1EA5-4947-A170-9ED54BF7CB0B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{8EB81121-CA86-4AA9-9DB6-0434AD9D9652}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7D62E30-C1A1-4E6A-8A25-93EB47F2075F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7580505-4324-47D0-9337-044B57A2E6E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E2DEE24C-99FC-410E-B923-B7F4E1D77145}" = lport=138 | protocol=17 | dir=in | app=system |
"{EBA00985-02AA-4733-BC4E-50ABA7CB96A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{F6761C2B-6F20-47C4-A600-113A8A5C669F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0171BE7D-9B5B-44A5-B5A9-A2E0F9E45F33}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{0473DD96-B344-4A2E-A106-A723E3E2CAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E7748B3-4B2A-43E7-A4FD-BDAE11C7CB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{10E6B04B-A57A-4D58-8283-D89BF33EDBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{16C18A2C-957B-413B-8930-AFE4A06D34A0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1791BBED-8D9F-47C4-959B-A80B74A0C699}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1B46BA40-FD9B-48DF-8DA2-2B351C98E013}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1B4DA48E-376B-4350-B2EF-1174271A3D84}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1EB4E51B-78F7-4D3C-A21F-4B036DABAFD6}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{219A5EAE-327C-417F-B785-51D589F51000}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{237E45F3-A378-42F8-8BE0-B4087FE6EAC7}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2546DA93-66D7-4918-8DB3-BB0CE4A9B97D}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{290C1EF3-3766-4E1D-8131-06A21EE381F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2A100D29-B282-4B53-9D89-07CF0840AC36}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2F3BA67A-D97F-463C-9A55-F89EE6B40ABE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FBC059A-2570-401E-913B-C754F907F73D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3020B330-0FC6-48F8-AD1C-7457582E85AC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31E958E2-F0AF-4B7C-88CB-403369F585DD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{33B829A2-1BFF-47FD-B79B-7659745D2502}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{3683069F-77C2-476B-9AD1-05E894E5327E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{43A12857-1A50-4FB1-83FC-9D8DFD10C263}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{483416CB-C538-4850-8AEC-F86F2BB243A4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4B1E62D8-30F7-4E9B-AC99-D8FD80FAC0B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F25D9CA-FE19-416A-AA0E-19CDF6803C0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4FBB43B2-4BF1-4879-ADF2-39BA5AF20289}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{51716D10-E364-48A9-8519-E5A8F871426D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{53865DA8-EB3B-4AE2-AC1E-75608D7AD4F0}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{5866E143-2408-4F42-85A6-3F060072C5D7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5AF70457-0B9B-4A18-8595-A2252CC204B7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{5CCC1BBB-D144-4DDA-81ED-FD45E2AA735E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3-beta\bf3.exe |
"{5F2301B6-3405-453F-983B-2B199589F692}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{5F6FE7D0-2FA0-4C4B-A189-968A966E3AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{609F2741-AF1A-4B43-AD05-0EB13D54E119}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6160A4A9-30A6-4A21-9285-F4D6E243BB8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\wo_otz2\counter-strike source\hl2.exe |
"{61F8CBE7-680A-440B-BE47-38EADD73B1E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69E399F0-D047-43C0-A0E5-DFF6BB384182}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6BDB198E-29B5-4629-9D3C-4F6AF3D2DDEE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6CB865D3-E25F-4A8F-98E2-0E7671AF68A0}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{6DEB235A-BE24-4178-A508-61B2AE35EC67}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7317B97C-4AD2-4A35-BAF3-3285B5A7A1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{752DF391-542C-46F3-AA6D-9E1CA59FF7D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{754FCBEF-4F46-44CB-8BE9-4FD4B46350C3}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{7D207444-B972-4E83-BB4F-DE94952AC1DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\wo_otz2\counter-strike source\hl2.exe |
"{7D963E47-D77D-4F04-9A9A-0966325EB4C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7EFF190A-FA23-4EA3-B05C-7600F89284F3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8DFAA849-7E4B-4E36-B163-867A1EA1335A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{8F27B18E-32CA-4ED8-B232-AFA82AC089D9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{927FF088-0FE1-4663-82B1-FD25638A8166}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{971A138F-D941-41C7-8D1B-773659BDB557}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A15200D5-852A-4E5D-920E-8964A087476A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{A4E835DA-0655-46B5-BA52-B3E3D1348EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3-beta\bf3.exe |
"{A7CC8B17-EAA9-4B7E-9CA8-5646AD4DF8AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{A8F2B291-99BB-4DD4-B865-F437C12A4AD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA0BB454-0B2F-4266-9606-3A88DC387B88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AC340517-3583-4105-BEE6-8D8B1EDB8129}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{B21978FB-41B2-4C02-A506-57EE50EF5338}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B2C40A7B-5984-42C3-ABB4-B3A8FBEC36B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{B5FC069A-5B08-4B3A-9F27-E0C2FB93BA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B730D3D3-E91C-4E68-9CB5-C6F1D01B8D86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{BB34932C-6302-4C8C-9A0F-B678DA4E552D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{BD871656-260A-4803-9E06-68B863470770}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{BE9B8524-825B-4259-90D2-CBA6304F080B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BFBF76CD-4C00-479F-BFAE-5C487DDD823E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C3FCC8ED-6FDA-427F-B7DE-1E5894C747F6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{C743EC03-323A-4D81-BEA0-9205EBC8877A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C7E22839-892C-4290-B8B7-128886A55E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C8866CC4-2FD9-4DF6-BA4B-A346F6AA30C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBDF644A-9E32-40FE-A810-81B2A4B0C5B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CFC29BCF-DD9B-4995-9C53-27154B0382E8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{D42B9359-2797-42AA-9C46-6E4E594291FC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D506C4BB-483F-404C-A0F2-2312C9AAC4F5}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{DA8E2562-6EB2-483E-B221-3CD8DE3BE890}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{DB3185FF-4B6F-40A1-8CA4-E18174703FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E3C41716-327C-45BB-A6A4-4D6BD8FCAB82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC982CAD-15CC-4534-B320-5B63D10F3F8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F6A7B587-471E-459A-AF69-11E2346E9CC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7F7D9CD-7456-49CD-97D9-281FFCF92C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{F85177D6-4F20-4840-89D7-5824B097B815}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{FC008305-671D-43F0-82B5-193F2BD8B697}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FCBC9D08-1B3E-4EC0-9DE8-0D01A0901441}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFF216F2-7678-41D7-B60A-6DCF6BAE5149}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FFF6720C-D4E1-4EE1-A483-F0428FDBA67C}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"TCP Query User{2BA89DDB-9A62-40E7-8234-8668FD6BC517}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3C7C736C-4CB2-456E-9A66-C200BA5B3183}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{3F086741-070D-45CB-88C8-E05D7DE9F792}C:\program files (x86)\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 7\plugin-container.exe |
"TCP Query User{4B690E4C-FA7B-4A0D-8FBC-17A0524EA0DF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{751473CD-3CB4-458B-97FD-A83A60B93EB9}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{BEFF4FB8-BF4A-4374-8646-71CB3D716052}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{022CE4B9-7B42-4C50-AA3C-0287A439F5DA}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{285D29C3-1C01-465B-8B52-AEBD55F19B7F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{864A3595-1F42-44FB-B985-0BAFB220C58A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{912F2BC8-DD72-4088-A1AD-80A539432CDF}C:\program files (x86)\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 7\plugin-container.exe |
"UDP Query User{D675FCA4-7BB6-430E-96A2-D8A16EEB1B5F}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{FCE31C2F-463F-4106-A8BC-D96C499C99EC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{6DC8FF97-A9CF-02F2-8FC1-F5E1B69A34E3}" = AMD AVIVO64 Codecs
"{7B8E0D63-C8FB-4F04-8B3A-029C4707693A}" = HP Deskjet D2600 Printer Driver 14.0 Rel. 5
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 Beta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D40F840-30CA-4747-B988-E86C4C5F3B12}" = A New Beginning
"{4D7E3776-89D4-48A9-8FC4-5CECFA7DADF4}" = BGB-Kommentar
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7DBB1B3D-8F4F-486F-871D-6467E0FF625C}" = YouTube Downloader Toolbar v5.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{85D4B12C-E234-4915-88BA-A5AEBBE67293}" = DJ_SF_05_D2600_Software_Min
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client 2.4.3.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alan Wake_is1" = Alan Wake
"Anti-Twin 2011-12-09 03.55.32" = Anti-Twin (Installation 09.12.2011)
"Assassins Creed: Revelations Rip_is1" = Assassins Creed Revelations
"DAEMON Tools Lite" = DAEMON Tools Lite
"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.8
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"foobar2000" = foobar2000 v1.1.1
"Fraps" = Fraps (remove only)
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Giraffic" = Veoh Giraffic Video Accelerator
"Harvey" = Harveys Neue Augen
"hon" = Heroes of Newerth
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lost Chronicles of Zerzura_is1" = Lost Chronicles of Zerzura
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"NewBlue Light Effects for Windows" = NewBlue Light Effects for Windows
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Simfy" = simfy
"Steam App 104700" = Super Monday Night Combat
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.7
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR
"Wuala CBFS" = Wuala CBFS
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlashMute" = FlashMute
"Google Chrome" = Google Chrome
"Tropico 4" = Tropico 4 1.00
"Wuala" = Wuala
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2012 08:23:55 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:55 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:55 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:57 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 08:23:58 | Computer Name = BASTIS_FREUND | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 04.06.2012 14:25:30 | Computer Name = BASTIS_FREUND | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.32 registriert werden. Der Computer mit IP-Adresse 192.168.178.31
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 04.06.2012 14:25:59 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 05.06.2012 06:55:48 | Computer Name = BASTIS_FREUND | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?06.?2012 um 02:42:29 unerwartet heruntergefahren.
Error - 05.06.2012 06:56:58 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.06.2012 03:07:20 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.06.2012 12:55:05 | Computer Name = BASTIS_FREUND | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 08.06.2012 03:01:39 | Computer Name = BASTIS_FREUND | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2012 um 02:09:15 unerwartet heruntergefahren.
Error - 08.06.2012 03:02:58 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.06.2012 05:24:13 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.06.2012 06:59:26 | Computer Name = BASTIS_FREUND | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
[ TuneUp Events ]
Error - 31.08.2011 06:13:37 | Computer Name = BASTIS_FREUND | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 31.08.2011 06:13:37 | Computer Name = BASTIS_FREUND | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 31.08.2011 06:13:37 | Computer Name = BASTIS_FREUND | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Screenshot Router:  Geändert von Sierb (09.06.2012 um 14:05 Uhr) |
|
11.06.2012, 22:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Computer infiziert? Latenz und InternetproblemeZitat:
Wie siehts mit der Absicherung des WLANs aus?
__________________ |
|
| Themen zu Computer infiziert? Latenz und Internetprobleme |
| 7-zip, adblock, alternate, bho, computer, device driver, downloader, eraser, error, fehler, firefox, flash player, helper, home, iexplore.exe, infiziert?, install.exe, installation, ip-adresse, jdownloader, langs, launch, league of legends, locker, logfile, mp3, notification, object, plug-in, problem, realtek, registry, schattenkopien, searchscopes, security, software, storm, svchost.exe, tastatur, teamspeak, total commander, usb, virus, windows, youtube downloader |
Linear-Darstellung
