| |
| |||||||
Log-Analyse und Auswertung: Live Securtiy Platinum VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.09.2012, 13:28
| #1 | |
 |  Live Securtiy Platinum Virus Hallo ich habe seit heute früh ein Problem mit dem Live Securtiy Platinum Virus. Ich habe meinen Rechner im abgesicherten Modus erst einmal Internetfähig bekommen und nun einen Scan mit Malwarebytes nach Anleitung gemacht. Hier ist mein Log dazu. Zitat:
Ich hoffe mir kann jemand helfen. EDIT Ich habe noch einen OTL Scan gemacht. Hier sind die logs. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.09.2012 14:38:58 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free 15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32 Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe PRC - [2012.08.08 11:22:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.06 09:02:51 | 000,366,968 | ---- | M] (Twain Working Group) -- C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2010.10.27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2012.07.13 12:09:34 | 000,115,137 | ---- | M] () -- C:\Users\Beachboy\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.06.17 03:08:41 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.17 03:08:32 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.17 03:08:30 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.17 03:08:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.17 03:08:24 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.12 20:28:22 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.12 20:27:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 20:27:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.12 09:41:31 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 09:38:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.12 09:38:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.12 09:38:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.12 09:38:10 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.12 09:38:06 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2010.10.27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010.10.27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010.10.27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.04.16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008.04.02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008.04.02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008.04.02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.04 12:36:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.11 14:43:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 14:43:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.11.04 09:21:05 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.31 17:09:56 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.10.27 03:25:56 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm) DRV:64bit: - [2011.10.27 03:25:56 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) DRV:64bit: - [2011.10.27 03:25:56 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) DRV:64bit: - [2011.10.27 03:25:56 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8E1BFCE8-CFCB-4D46-9ECE-A14FD5B7F369}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=91186C84-7B31-426F-9206-2ED0CB937D7B&apn_sauid=C18BD8B9-A3B2-4B08-8884-29CAF470E74A IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.22 20:04:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 20:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Extensions [2012.04.06 13:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions [2012.03.11 09:46:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.04.06 13:16:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.24 09:57:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.20 20:36:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.02.24 21:53:11 | 000,000,933 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\11-suche.xml [2011.07.26 19:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\askcom.xml [2012.02.24 21:53:11 | 000,002,419 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\englische-ergebnisse.xml [2012.02.24 21:53:11 | 000,010,525 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\gmx-suche.xml [2012.02.24 21:53:11 | 000,002,457 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\lastminute.xml [2011.12.20 20:36:46 | 000,003,915 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\sweetim.xml [2012.02.24 21:53:11 | 000,005,508 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\webde-suche.xml [2012.03.09 19:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.09 19:07:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.11.24 09:58:13 | 000,095,441 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.11.22 20:07:11 | 000,048,898 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.24 21:53:09 | 000,577,788 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157 CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/ CHR - homepage: hxxp://battlelog.battlefield.com/bf3/de/gate/?returnUrl=|bf3|de| CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSConfig] H:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [{3BF6B3E9-56A7-AD41-5F8A-2E73672A0D6E}] C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Twain Working Group) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C783C802-FB37-4948-94D1-DCA36132B876}: DhcpNameServer = 192.168.170.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFB619D4-A159-4887-93D6-F9EE256E1325}: NameServer = 62.109.123.196 213.191.74.18 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell\AutoRun\command - "" = L:\RunGame.exe O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell\AutoRun\command - "" = I:\RunGame.exe O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 14:37:25 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe [2012.09.04 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\AppData\Roaming\Malwarebytes [2012.09.04 14:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.04 14:18:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.04 14:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.04 13:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\225932DFC99A2705862C02154F147C45 [2012.09.04 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\Desktop\Minimal [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Beachboy\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Beachboy\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\bass.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.04 14:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 14:18:10 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.04 14:17:50 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.04 14:17:50 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.04 14:17:50 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.04 14:17:50 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.04 14:17:50 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.04 14:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 14:11:53 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys [2012.09.04 14:11:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe [2012.09.04 13:05:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000UA.job [2012.08.29 20:07:20 | 292,675,006 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3 [2012.08.29 20:05:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000Core.job [2012.08.28 10:14:33 | 005,037,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.26 21:06:10 | 232,222,685 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3 [2012.08.26 20:26:35 | 305,061,386 | ---- | M] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 20:22:46 | 279,839,774 | ---- | M] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3 [2012.08.26 19:56:55 | 217,419,163 | ---- | M] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.14 11:06:51 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.13 23:27:12 | 213,559,518 | ---- | M] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.13 13:44:31 | 310,335,697 | ---- | M] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3 [2012.08.09 17:31:55 | 009,928,126 | ---- | M] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.04 14:18:10 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.26 18:16:50 | 232,222,685 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3 [2012.08.26 18:15:44 | 217,419,163 | ---- | C] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 18:15:36 | 292,675,006 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3 [2012.08.26 18:15:32 | 305,061,386 | ---- | C] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 18:15:30 | 279,839,774 | ---- | C] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3 [2012.08.13 23:31:09 | 000,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.08.13 23:01:03 | 213,559,518 | ---- | C] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.13 13:09:20 | 310,335,697 | ---- | C] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3 [2012.08.09 17:31:48 | 009,928,126 | ---- | C] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3 [2012.04.21 17:10:35 | 001,535,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.26 20:26:10 | 000,000,132 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.15 11:22:01 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.12.06 09:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.28 20:55:21 | 000,001,478 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\RecConfig.xml [2011.11.04 10:12:32 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.04 10:12:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.04 10:12:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.10.31 18:13:08 | 000,000,482 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\All CPU Meter_Settings.ini [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2011.12.25 13:17:38 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ableton [2011.12.26 15:47:13 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ashampoo [2011.12.28 02:29:16 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\bizarre creations [2012.01.15 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Canon [2011.11.04 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DAEMON Tools Lite [2012.04.06 13:16:58 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoft [2012.04.06 13:16:53 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.05 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\kiosk__ [2011.10.31 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Leadertech [2011.11.28 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\MAGIX [2012.01.14 13:52:24 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Miranda Fusion [2011.12.01 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Nik Software [2012.03.22 13:28:25 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Opera [2012.08.13 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Origin [2012.01.19 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\PunkBuster [2011.11.29 09:55:59 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Samsung [2012.01.15 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\ScanSoft [2011.12.27 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Sierra [2012.05.26 21:31:46 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Solveig Multimedia [2012.04.02 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Spotify [2012.07.13 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Temp [2012.03.24 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\TS3Client [2011.11.06 09:02:51 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Yfuje [2012.07.31 14:16:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.09.2012 14:38:58 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free
15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS
Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32
Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BC56FD-B1AE-4419-8CAC-C1BE337A6192}" = lport=139 | protocol=6 | dir=in | app=system |
"{13ECFAA4-AF4F-4C50-BAED-A3A454D3B587}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15DDC1D4-5152-4E84-9EFC-018FF7FA1AE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{235EDC0A-6FAC-4C8A-97F4-170BFB358059}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3A9B0B6A-1EC3-40D3-A54A-E7B395819BFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB0F851-5759-42EE-9713-C0066320FE78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{502E41F7-78BD-4035-B568-1A4AF7E648F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{51EEAA11-D2A3-4865-8CE9-73E8D8BC7AFB}" = rport=139 | protocol=6 | dir=out | app=system |
"{53871FAD-FBB4-401B-84C9-24CC4085D23D}" = lport=445 | protocol=6 | dir=in | app=system |
"{54D48E06-64C7-427B-9579-CEEC2705F942}" = rport=138 | protocol=17 | dir=out | app=system |
"{56025BE6-EB8C-4FFD-9AEF-76E5388DEEAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65050760-747D-42AB-A484-0BF7CC448C85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E3FA577-7D71-48FB-8EFE-55040BC84F6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{806F2F65-7923-47EB-B700-12E3FFD35B25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82615A51-FA71-4420-896F-0424D715F034}" = lport=25219 | protocol=6 | dir=in | name=tcp 25219 |
"{9E916B37-F704-41BA-9926-E6633D6F0A1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B602BB6F-E7CC-4466-9D02-40709DA28A16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE3315E2-CAA6-4661-9024-3293DF800884}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2BA1D39-2D09-4C81-B748-7D1E483B7669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4FCF9CE-4997-4209-88E2-0448A5051F89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8EEA66E-F37A-4F68-A1A6-2586E613F6B7}" = lport=17539 | protocol=6 | dir=in | name=tcp 17539 |
"{CDA99B93-64E3-47D4-B537-7EA53B7E9B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDDEC04D-3C8A-4B77-8313-853279F18969}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD8B696A-0E67-4CAB-BFBE-D4ADFECE47A2}" = lport=27243 | protocol=17 | dir=in | name=udp 27243 |
"{E050EAC1-D4B6-430B-BA90-A07071DE7E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F01DB530-7B64-4B74-B26C-3ABFF172B657}" = lport=26044 | protocol=17 | dir=in | name=udp 26044 |
"{F915D701-77E3-44FB-B8E9-1AC33172EA37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDD9D147-3E42-4446-8EDF-5E102594146D}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8F246-ECE7-4E31-A470-9193F019A61A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{02FD0E58-B1B7-4B62-821C-73DE97B1DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{03E43E9E-9FA1-43C7-BEB4-0F53EB8B5779}" = protocol=6 | dir=out | app=system |
"{0C00199E-18A1-4E95-B11B-345096D08987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1196D9DC-18C3-402A-94F1-C5A1B8CAAECE}" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"{11A5130F-1D0D-48E2-9263-504D4970744C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{125CA631-CCF3-40F1-8349-5B894257ACE4}" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"{1513CF50-3C70-460E-B9B3-B262EE20D93C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1580AF80-0257-48BF-A0F3-45A5120507B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{168B6FA6-8AD7-4A10-9678-B4C11814A4D6}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{17082941-42D0-45C9-B104-F56FA14194CA}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{1B8B02A7-52E3-4EB4-86C0-7F7D3693970E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1C7AB1DD-C139-48ED-86E1-EAC405765663}" = protocol=6 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{1D9AF154-B320-40E6-93F8-AC6B5B3E6C13}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23BAEFBE-4D41-4310-95F6-F91F4FA1A102}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C096A78-B0E0-4BA9-98E3-64230CCE91A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2E108A45-732B-4452-B5B9-FD0E55CEC4FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2F166BB9-E21B-42A3-B911-358F4B2B094E}" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"{315E55C8-9E93-47F3-9927-F24DC4F26B0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{39C2FD6E-FA3F-4FF8-B3B2-C03EEEDF3D66}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{3D5E23E6-0832-4057-9C51-7D666C157151}" = protocol=17 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{3F8E3481-5A47-4283-930D-455B0D17F916}" = protocol=17 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{3FA1CA9B-A953-4124-B6A0-E936D5524BAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{40259775-E022-4B4B-9247-389AB960EA5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4435BC4D-7907-4F05-AC8B-60DC07D81E78}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{460EDFFE-9C07-4CBA-ACA0-B3BD4758701E}" = protocol=17 | dir=in | app=e:\blur\blur.exe |
"{48C942A9-6476-4CD4-9BE9-EB4BFE766F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4AD1060A-1E3A-4738-8BF5-C8F560569652}" = protocol=17 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{4B7F2580-642C-44CF-877F-8D3AB97980B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F4C1A97-6DB8-4BB8-B370-2E1B551E57EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{519F13C0-38FC-463E-8962-483395134D61}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{55A01113-80E8-4BD8-9195-1DCC9CEADE1D}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{5AA69139-7919-491B-BFD0-CF059E5A618F}" = protocol=6 | dir=in | app=e:\racedriver grid\grid.exe |
"{64A70BF1-9B0F-42B9-A654-A7F80DC747B4}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"{668D57EC-D535-4363-8491-F7EECC7B529B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67B8F6EC-EA21-4A8D-B42B-10F83398CCA3}" = protocol=17 | dir=in | app=e:\racedriver grid\grid.exe |
"{6B44C6D6-50FC-4626-B03B-5E8DDC4E06D1}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{732CE301-55E8-4B44-9E19-BB815DB6720A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73323C52-4599-4927-A41A-35491F85C4D5}" = protocol=17 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{74DCF93B-B536-4B3F-AFEF-38F5B932204A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{775C13B4-492A-47B3-8B02-7E15ED177602}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7D6EF875-EB06-4F06-A3B3-508180C8B4F6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7EAA2859-EA13-480A-A23E-C8EAE7274D95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82CD8BA0-6C19-48A4-A165-4CC4C678EDB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89ABE586-E160-4517-86D5-4EFA78993048}" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"{8AB64601-601F-424A-9950-2D0A2457CDD3}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8D91DDE1-5565-4AA5-A51E-0541221F266B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E06B688-C069-4540-A1C2-F4422F443100}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8E16D9A7-38FE-4750-8594-A7959AC57D3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90922079-B5EE-4115-B356-698F38A80054}" = protocol=17 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{95079124-A564-43DC-BB2A-AD6C035D4F09}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{9C94842A-A162-4C24-87DC-3F78D9326CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{9D8C4757-05DD-4232-AB68-01DC0183BAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A114C68A-1840-446E-A242-FE09A00AAC36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1BBB6C1-FF5F-4991-A5E7-84B00CF91C12}" = protocol=6 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{AC4699B4-3B0F-401E-A3B7-CDD6847705BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ACFCAEE7-D3B6-4731-A17B-CFC1E34719EB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{B30C3917-2079-43F5-82BA-BA66C411B97A}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{B5FA64FB-27B1-4CE8-B022-26B22AFA4196}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{B7FF7C47-78BA-4D95-AB6B-F83E27E147E9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C3B881D9-5C59-49C6-B47A-2ACE98AA9C67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD9529A-884C-40BE-9923-901E9A1C3772}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{CDA4FF6B-8434-4E4A-AF13-CB6F7530B151}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D07409C6-EE3F-465F-BD0A-2445091BCA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{D11B178D-3F59-478C-B161-D4454596D6D9}" = protocol=6 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{D3BA29CD-0992-4353-A333-665A3F389DCC}" = protocol=6 | dir=in | app=e:\blur\blur.exe |
"{D743BE3F-F39B-4E36-8AFB-1A30E147F3DB}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{DAAD8FFD-C58F-4548-820C-79C7DAFE0C8F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DB0E05CD-F94A-4380-85DC-5CC1C0616B14}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{DE2CCE9E-033E-402D-AEE3-561B33EAB97B}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{E20B9521-92DA-44EB-8015-F63C72A235B8}" = protocol=6 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{E2AE6D68-BAC1-463D-93E1-FF0D9BE8F6D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6ABBEF6-2664-42FB-9E16-7E79FC0C211D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E81FEA4E-B85C-466B-B719-CE140483F52C}" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"{EAD25147-77BD-4BE3-A328-F082BCF2A417}" = protocol=6 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{F7FAA337-8BB7-40D8-80A0-B0C8FA394859}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F9A54A9C-A655-4B90-824F-67F2E1642170}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB2B1990-51B1-42C2-B81B-232F17FD5009}" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"{FB7D7C82-D2C7-467C-BBCB-FED280E1D616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBD01D49-9BF3-4BE5-99CE-CBD7EDABF4A5}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{1207DDB5-2CE7-4A62-A69D-F49D8F8E40DD}E:\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"TCP Query User{15339FC2-66BC-42FA-847F-4BAE150466CE}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2170864C-D764-4D2F-8022-8ADC1B3E6C59}E:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=e:\dead island\deadislandgame.exe |
"TCP Query User{36EE16DC-BA66-4942-B572-C59150B695D1}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{5F95C314-0565-4005-9AE0-005895152F33}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{81C89D3A-5E6D-4DB5-B8D6-8AC9293A5897}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8A3712DA-ECF3-4044-9D14-2D203DFCF00B}E:\empire earth 2\ee2.exe" = protocol=6 | dir=in | app=e:\empire earth 2\ee2.exe |
"TCP Query User{99CF7144-998E-4E8B-9BB8-8E489A165727}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{99FF1918-3C95-47ED-A588-D3EC3C2E34FA}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{AC06EBB9-DC4C-4067-A463-7FE67D360616}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{BC29863B-CF5E-46FF-BF63-E994570A1082}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=6 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"TCP Query User{D80843AB-1F92-4A02-B29C-E67457AD02D3}E:\cs1.6\hl.exe" = protocol=6 | dir=in | app=e:\cs1.6\hl.exe |
"TCP Query User{E2B15E20-B70F-4DF2-A470-2F0BD4BAD182}E:\metin2\metin2.exe" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"TCP Query User{E672CEE4-DA9B-4A70-A6EE-C860CB9AA6EC}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{058B89D3-4CEA-4BA7-A7B6-92CB2770CF22}E:\metin2\metin2.exe" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"UDP Query User{4D2B5556-1F16-4350-B0F4-6BAC08CA7CFE}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{59722CC7-51DC-46CD-9BAD-D5EA4028DA0C}E:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=e:\dead island\deadislandgame.exe |
"UDP Query User{6D2D8A2C-B96D-4427-9C9C-1F26FAD7D476}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6DCA73E4-1822-446A-8EF3-514D832194C3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{86DB5C75-9DE5-4CBD-A3F6-D9BD0F02FBEE}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{9163FBAE-102E-4618-85ED-5A941008EB6A}E:\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"UDP Query User{931A29B9-DFEF-4BD6-A9BB-8BCB75AB7067}E:\empire earth 2\ee2.exe" = protocol=17 | dir=in | app=e:\empire earth 2\ee2.exe |
"UDP Query User{9F1B2249-7406-4582-96C3-86DFC5FE8C54}E:\cs1.6\hl.exe" = protocol=17 | dir=in | app=e:\cs1.6\hl.exe |
"UDP Query User{B8DAEEAF-ACA9-46FA-B324-CA8B8965EEA9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CB73CE89-5825-4A3C-B3D1-DEFFB72882D6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{CE6AC62D-2705-4F87-A3A5-870064491769}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=17 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"UDP Query User{E144B367-FAF8-46EF-9D8C-40F18E7C2315}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{E46A58EA-7218-46D0-B5E9-377AE4EF451B}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F110B6A-60A2-4542-BB19-AD6234E2969D}" = SAMSUNG Moblie USB Driver
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C485220-4029-48E7-9F27-965DA4A78D5E}" = Samsung Networking Wizard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{109CCC7F-155C-4EC5-958B-F1B186E68DB9}" = MAGIX Video Pro X2
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6B7E4A1A-BBE1-4E8F-ABD2-7FCE1168E032}" = MAGIX 3D Maker (embedded MSI)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97922AE1-B850-4B21-85EF-FD1E7ED20D65}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter Strike 1.6 - By PirocaHP.F!N4LShare" = Counter Strike 1.6 - By PirocaHP.F!N4LShare
"Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare" = Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastFM_is1" = Last.fm 1.5.4.27091
"Live 8.2" = Live 8.2
"Live 8.2.7" = Live 8.2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Metin2_is1" = Metin2
"MirandaFusion" = Miranda Fusion 3.1.5
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.01.1532" = Opera 12.01
"Origin" = Origin
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Videodeluxe16_pro" = MAGIX Video Pro X2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Worms Reloaded_is1" = Worms Reloaded
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 18:13:47 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016092
ID
des fehlerhaften Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0x01cd79a0c532a542
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 26f91c20-e594-11e1-b28d-4061862eeb01
Error - 13.08.2012 18:14:49 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01cd79a0e98e1f6d
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 4b884728-e594-11e1-b28d-4061862eeb01
Error - 26.08.2012 09:25:06 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 09:25:29 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 12:40:23 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 04:34:00 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 08:35:04 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 10:44:21 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 11:58:04 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x3f4 Startzeit der fehlerhaften Anwendung: 0x01cd85f49e789083
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506a9319-f1f2-11e1-867b-4061862eeb01
Error - 29.08.2012 12:10:14 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.09.2012 18:28:15 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.09.2012 07:20:18 | Computer Name = PC-Beachboy | Source = VSS | ID = 8194
Description =
Error - 04.09.2012 07:31:05 | Computer Name = PC-BEACHBOY | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei C:\Users\Beachboy\Desktop\Bilder\100CANON\IMG_2342.JPG. [ACCESS_VIOLATION
Exception!! EIP = 0x1df6d92] Bitte Avira informieren und die obige Datei übersenden!
[ System Events ]
Error - 02.05.2012 10:41:01 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
< End of report >
Geändert von Be4chb0y (04.09.2012 um 13:46 Uhr) |
|
04.09.2012, 22:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Live Securtiy Platinum Virus Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
08.09.2012, 19:50
| #3 |
| | Live Securtiy Platinum Virus Danke für deine Antwort. Es hat leider ein wenig gedauert bis ich die Tests durchführen konnte da ich nicht in der Nähe meines Rechners war.
__________________Hier die Logs. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f04ed2730a09194b940e9e6eead27652
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-08 12:01:19
# local_time=2012-09-08 02:01:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 27014758 27014758 0 0
# compatibility_mode=5893 16776574 100 94 331918 99495265 0 0
# compatibility_mode=8192 67108863 100 0 78151 78151 0 0
# scanned=315399
# found=11
# cleaned=0
# scan_time=16084
C:\Users\Beachboy\AppData\Local\Temp\HsMKIcCB.exe.part multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Beachboy\AppData\Local\Temp\jar_cache7819315967618888065.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Beachboy\AppData\Local\Temp\NERO13349\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Beachboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\384d4663-5d08bf7a Java/Exploit.Agent.NCB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Beachboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\7885b464-67d9e4a7 multiple threats (unable to clean) 00000000000000000000000000000000 I
E:\Bulletstorm\Binaries\Win32\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\DiRT 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\DiRT 3\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Die Sims 3\Die Sims 3.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Need for Speed Hot Pursuit\rld-nshp.iso a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean) 00000000000000000000000000000000 I
Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.04.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Beachboy :: PC-BEACHBOY [Administrator] 04.09.2012 14:19:53 mbam-log-2012-09-04 (14-23-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220393 Laufzeit: 2 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Trojan.ZbotR.Gen) -> 2708 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BF6B3E9-56A7-AD41-5F8A-2E73672A0D6E} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.09.2012 14:38:58 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free 15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32 Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe PRC - [2012.08.08 11:22:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.06 09:02:51 | 000,366,968 | ---- | M] (Twain Working Group) -- C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2010.10.27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2012.07.13 12:09:34 | 000,115,137 | ---- | M] () -- C:\Users\Beachboy\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.06.17 03:08:41 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.17 03:08:32 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.17 03:08:30 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.17 03:08:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.17 03:08:24 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.12 20:28:22 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.12 20:27:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 20:27:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.12 09:41:31 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 09:38:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.12 09:38:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.12 09:38:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.12 09:38:10 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.12 09:38:06 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2010.10.27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010.10.27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010.10.27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.04.16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008.04.02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008.04.02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008.04.02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.04 12:36:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.11 14:43:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 14:43:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.11.04 09:21:05 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.31 17:09:56 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.10.27 03:25:56 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm) DRV:64bit: - [2011.10.27 03:25:56 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) DRV:64bit: - [2011.10.27 03:25:56 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) DRV:64bit: - [2011.10.27 03:25:56 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8E1BFCE8-CFCB-4D46-9ECE-A14FD5B7F369}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=91186C84-7B31-426F-9206-2ED0CB937D7B&apn_sauid=C18BD8B9-A3B2-4B08-8884-29CAF470E74A IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.22 20:04:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.22 20:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Extensions [2012.04.06 13:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions [2012.03.11 09:46:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.04.06 13:16:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.24 09:57:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.20 20:36:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.02.24 21:53:11 | 000,000,933 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\11-suche.xml [2011.07.26 19:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\askcom.xml [2012.02.24 21:53:11 | 000,002,419 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\englische-ergebnisse.xml [2012.02.24 21:53:11 | 000,010,525 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\gmx-suche.xml [2012.02.24 21:53:11 | 000,002,457 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\lastminute.xml [2011.12.20 20:36:46 | 000,003,915 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\sweetim.xml [2012.02.24 21:53:11 | 000,005,508 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\webde-suche.xml [2012.03.09 19:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.09 19:07:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.11.24 09:58:13 | 000,095,441 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.11.22 20:07:11 | 000,048,898 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.24 21:53:09 | 000,577,788 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157 CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/ CHR - homepage: hxxp://battlelog.battlefield.com/bf3/de/gate/?returnUrl=|bf3|de| CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSConfig] H:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto File not found O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [{3BF6B3E9-56A7-AD41-5F8A-2E73672A0D6E}] C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Twain Working Group) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C783C802-FB37-4948-94D1-DCA36132B876}: DhcpNameServer = 192.168.170.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFB619D4-A159-4887-93D6-F9EE256E1325}: NameServer = 62.109.123.196 213.191.74.18 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell\AutoRun\command - "" = L:\RunGame.exe O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell\AutoRun\command - "" = I:\RunGame.exe O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell - "" = AutoRun O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 14:37:25 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe [2012.09.04 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\AppData\Roaming\Malwarebytes [2012.09.04 14:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.04 14:18:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.04 14:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.04 13:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\225932DFC99A2705862C02154F147C45 [2012.09.04 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\Desktop\Minimal [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Beachboy\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Beachboy\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\bass.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.04 14:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 14:18:10 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.04 14:17:50 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.04 14:17:50 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.04 14:17:50 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.04 14:17:50 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.04 14:17:50 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.04 14:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 14:11:53 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys [2012.09.04 14:11:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe [2012.09.04 13:05:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000UA.job [2012.08.29 20:07:20 | 292,675,006 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3 [2012.08.29 20:05:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000Core.job [2012.08.28 10:14:33 | 005,037,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.26 21:06:10 | 232,222,685 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3 [2012.08.26 20:26:35 | 305,061,386 | ---- | M] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 20:22:46 | 279,839,774 | ---- | M] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3 [2012.08.26 19:56:55 | 217,419,163 | ---- | M] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.14 11:06:51 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.13 23:27:12 | 213,559,518 | ---- | M] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.13 13:44:31 | 310,335,697 | ---- | M] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3 [2012.08.09 17:31:55 | 009,928,126 | ---- | M] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.04 14:18:10 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.26 18:16:50 | 232,222,685 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3 [2012.08.26 18:15:44 | 217,419,163 | ---- | C] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 18:15:36 | 292,675,006 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3 [2012.08.26 18:15:32 | 305,061,386 | ---- | C] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.26 18:15:30 | 279,839,774 | ---- | C] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3 [2012.08.13 23:31:09 | 000,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.08.13 23:01:03 | 213,559,518 | ---- | C] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3 [2012.08.13 13:09:20 | 310,335,697 | ---- | C] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3 [2012.08.09 17:31:48 | 009,928,126 | ---- | C] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3 [2012.04.21 17:10:35 | 001,535,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.26 20:26:10 | 000,000,132 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.15 11:22:01 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.12.06 09:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.28 20:55:21 | 000,001,478 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\RecConfig.xml [2011.11.04 10:12:32 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.04 10:12:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.04 10:12:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.10.31 18:13:08 | 000,000,482 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\All CPU Meter_Settings.ini [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2011.12.25 13:17:38 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ableton [2011.12.26 15:47:13 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ashampoo [2011.12.28 02:29:16 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\bizarre creations [2012.01.15 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Canon [2011.11.04 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DAEMON Tools Lite [2012.04.06 13:16:58 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoft [2012.04.06 13:16:53 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.05 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\kiosk__ [2011.10.31 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Leadertech [2011.11.28 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\MAGIX [2012.01.14 13:52:24 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Miranda Fusion [2011.12.01 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Nik Software [2012.03.22 13:28:25 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Opera [2012.08.13 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Origin [2012.01.19 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\PunkBuster [2011.11.29 09:55:59 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Samsung [2012.01.15 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\ScanSoft [2011.12.27 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Sierra [2012.05.26 21:31:46 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Solveig Multimedia [2012.04.02 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Spotify [2012.07.13 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Temp [2012.03.24 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\TS3Client [2011.11.06 09:02:51 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Yfuje [2012.07.31 14:16:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.09.2012 14:38:58 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free
15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS
Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32
Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BC56FD-B1AE-4419-8CAC-C1BE337A6192}" = lport=139 | protocol=6 | dir=in | app=system |
"{13ECFAA4-AF4F-4C50-BAED-A3A454D3B587}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15DDC1D4-5152-4E84-9EFC-018FF7FA1AE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{235EDC0A-6FAC-4C8A-97F4-170BFB358059}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3A9B0B6A-1EC3-40D3-A54A-E7B395819BFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB0F851-5759-42EE-9713-C0066320FE78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{502E41F7-78BD-4035-B568-1A4AF7E648F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{51EEAA11-D2A3-4865-8CE9-73E8D8BC7AFB}" = rport=139 | protocol=6 | dir=out | app=system |
"{53871FAD-FBB4-401B-84C9-24CC4085D23D}" = lport=445 | protocol=6 | dir=in | app=system |
"{54D48E06-64C7-427B-9579-CEEC2705F942}" = rport=138 | protocol=17 | dir=out | app=system |
"{56025BE6-EB8C-4FFD-9AEF-76E5388DEEAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65050760-747D-42AB-A484-0BF7CC448C85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E3FA577-7D71-48FB-8EFE-55040BC84F6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{806F2F65-7923-47EB-B700-12E3FFD35B25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82615A51-FA71-4420-896F-0424D715F034}" = lport=25219 | protocol=6 | dir=in | name=tcp 25219 |
"{9E916B37-F704-41BA-9926-E6633D6F0A1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B602BB6F-E7CC-4466-9D02-40709DA28A16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE3315E2-CAA6-4661-9024-3293DF800884}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2BA1D39-2D09-4C81-B748-7D1E483B7669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4FCF9CE-4997-4209-88E2-0448A5051F89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8EEA66E-F37A-4F68-A1A6-2586E613F6B7}" = lport=17539 | protocol=6 | dir=in | name=tcp 17539 |
"{CDA99B93-64E3-47D4-B537-7EA53B7E9B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDDEC04D-3C8A-4B77-8313-853279F18969}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD8B696A-0E67-4CAB-BFBE-D4ADFECE47A2}" = lport=27243 | protocol=17 | dir=in | name=udp 27243 |
"{E050EAC1-D4B6-430B-BA90-A07071DE7E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F01DB530-7B64-4B74-B26C-3ABFF172B657}" = lport=26044 | protocol=17 | dir=in | name=udp 26044 |
"{F915D701-77E3-44FB-B8E9-1AC33172EA37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDD9D147-3E42-4446-8EDF-5E102594146D}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8F246-ECE7-4E31-A470-9193F019A61A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{02FD0E58-B1B7-4B62-821C-73DE97B1DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{03E43E9E-9FA1-43C7-BEB4-0F53EB8B5779}" = protocol=6 | dir=out | app=system |
"{0C00199E-18A1-4E95-B11B-345096D08987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1196D9DC-18C3-402A-94F1-C5A1B8CAAECE}" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"{11A5130F-1D0D-48E2-9263-504D4970744C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{125CA631-CCF3-40F1-8349-5B894257ACE4}" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"{1513CF50-3C70-460E-B9B3-B262EE20D93C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1580AF80-0257-48BF-A0F3-45A5120507B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{168B6FA6-8AD7-4A10-9678-B4C11814A4D6}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{17082941-42D0-45C9-B104-F56FA14194CA}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{1B8B02A7-52E3-4EB4-86C0-7F7D3693970E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1C7AB1DD-C139-48ED-86E1-EAC405765663}" = protocol=6 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{1D9AF154-B320-40E6-93F8-AC6B5B3E6C13}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23BAEFBE-4D41-4310-95F6-F91F4FA1A102}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C096A78-B0E0-4BA9-98E3-64230CCE91A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2E108A45-732B-4452-B5B9-FD0E55CEC4FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2F166BB9-E21B-42A3-B911-358F4B2B094E}" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"{315E55C8-9E93-47F3-9927-F24DC4F26B0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{39C2FD6E-FA3F-4FF8-B3B2-C03EEEDF3D66}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{3D5E23E6-0832-4057-9C51-7D666C157151}" = protocol=17 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{3F8E3481-5A47-4283-930D-455B0D17F916}" = protocol=17 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{3FA1CA9B-A953-4124-B6A0-E936D5524BAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{40259775-E022-4B4B-9247-389AB960EA5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4435BC4D-7907-4F05-AC8B-60DC07D81E78}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{460EDFFE-9C07-4CBA-ACA0-B3BD4758701E}" = protocol=17 | dir=in | app=e:\blur\blur.exe |
"{48C942A9-6476-4CD4-9BE9-EB4BFE766F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4AD1060A-1E3A-4738-8BF5-C8F560569652}" = protocol=17 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{4B7F2580-642C-44CF-877F-8D3AB97980B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F4C1A97-6DB8-4BB8-B370-2E1B551E57EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{519F13C0-38FC-463E-8962-483395134D61}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{55A01113-80E8-4BD8-9195-1DCC9CEADE1D}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{5AA69139-7919-491B-BFD0-CF059E5A618F}" = protocol=6 | dir=in | app=e:\racedriver grid\grid.exe |
"{64A70BF1-9B0F-42B9-A654-A7F80DC747B4}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"{668D57EC-D535-4363-8491-F7EECC7B529B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67B8F6EC-EA21-4A8D-B42B-10F83398CCA3}" = protocol=17 | dir=in | app=e:\racedriver grid\grid.exe |
"{6B44C6D6-50FC-4626-B03B-5E8DDC4E06D1}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{732CE301-55E8-4B44-9E19-BB815DB6720A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73323C52-4599-4927-A41A-35491F85C4D5}" = protocol=17 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{74DCF93B-B536-4B3F-AFEF-38F5B932204A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{775C13B4-492A-47B3-8B02-7E15ED177602}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7D6EF875-EB06-4F06-A3B3-508180C8B4F6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7EAA2859-EA13-480A-A23E-C8EAE7274D95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82CD8BA0-6C19-48A4-A165-4CC4C678EDB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89ABE586-E160-4517-86D5-4EFA78993048}" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"{8AB64601-601F-424A-9950-2D0A2457CDD3}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8D91DDE1-5565-4AA5-A51E-0541221F266B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E06B688-C069-4540-A1C2-F4422F443100}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8E16D9A7-38FE-4750-8594-A7959AC57D3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90922079-B5EE-4115-B356-698F38A80054}" = protocol=17 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{95079124-A564-43DC-BB2A-AD6C035D4F09}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{9C94842A-A162-4C24-87DC-3F78D9326CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{9D8C4757-05DD-4232-AB68-01DC0183BAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A114C68A-1840-446E-A242-FE09A00AAC36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1BBB6C1-FF5F-4991-A5E7-84B00CF91C12}" = protocol=6 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{AC4699B4-3B0F-401E-A3B7-CDD6847705BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ACFCAEE7-D3B6-4731-A17B-CFC1E34719EB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{B30C3917-2079-43F5-82BA-BA66C411B97A}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{B5FA64FB-27B1-4CE8-B022-26B22AFA4196}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{B7FF7C47-78BA-4D95-AB6B-F83E27E147E9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C3B881D9-5C59-49C6-B47A-2ACE98AA9C67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD9529A-884C-40BE-9923-901E9A1C3772}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{CDA4FF6B-8434-4E4A-AF13-CB6F7530B151}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D07409C6-EE3F-465F-BD0A-2445091BCA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{D11B178D-3F59-478C-B161-D4454596D6D9}" = protocol=6 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{D3BA29CD-0992-4353-A333-665A3F389DCC}" = protocol=6 | dir=in | app=e:\blur\blur.exe |
"{D743BE3F-F39B-4E36-8AFB-1A30E147F3DB}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{DAAD8FFD-C58F-4548-820C-79C7DAFE0C8F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DB0E05CD-F94A-4380-85DC-5CC1C0616B14}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{DE2CCE9E-033E-402D-AEE3-561B33EAB97B}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{E20B9521-92DA-44EB-8015-F63C72A235B8}" = protocol=6 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{E2AE6D68-BAC1-463D-93E1-FF0D9BE8F6D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6ABBEF6-2664-42FB-9E16-7E79FC0C211D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E81FEA4E-B85C-466B-B719-CE140483F52C}" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"{EAD25147-77BD-4BE3-A328-F082BCF2A417}" = protocol=6 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{F7FAA337-8BB7-40D8-80A0-B0C8FA394859}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F9A54A9C-A655-4B90-824F-67F2E1642170}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB2B1990-51B1-42C2-B81B-232F17FD5009}" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"{FB7D7C82-D2C7-467C-BBCB-FED280E1D616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBD01D49-9BF3-4BE5-99CE-CBD7EDABF4A5}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{1207DDB5-2CE7-4A62-A69D-F49D8F8E40DD}E:\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"TCP Query User{15339FC2-66BC-42FA-847F-4BAE150466CE}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2170864C-D764-4D2F-8022-8ADC1B3E6C59}E:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=e:\dead island\deadislandgame.exe |
"TCP Query User{36EE16DC-BA66-4942-B572-C59150B695D1}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{5F95C314-0565-4005-9AE0-005895152F33}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{81C89D3A-5E6D-4DB5-B8D6-8AC9293A5897}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8A3712DA-ECF3-4044-9D14-2D203DFCF00B}E:\empire earth 2\ee2.exe" = protocol=6 | dir=in | app=e:\empire earth 2\ee2.exe |
"TCP Query User{99CF7144-998E-4E8B-9BB8-8E489A165727}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{99FF1918-3C95-47ED-A588-D3EC3C2E34FA}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{AC06EBB9-DC4C-4067-A463-7FE67D360616}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{BC29863B-CF5E-46FF-BF63-E994570A1082}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=6 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"TCP Query User{D80843AB-1F92-4A02-B29C-E67457AD02D3}E:\cs1.6\hl.exe" = protocol=6 | dir=in | app=e:\cs1.6\hl.exe |
"TCP Query User{E2B15E20-B70F-4DF2-A470-2F0BD4BAD182}E:\metin2\metin2.exe" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"TCP Query User{E672CEE4-DA9B-4A70-A6EE-C860CB9AA6EC}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{058B89D3-4CEA-4BA7-A7B6-92CB2770CF22}E:\metin2\metin2.exe" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"UDP Query User{4D2B5556-1F16-4350-B0F4-6BAC08CA7CFE}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{59722CC7-51DC-46CD-9BAD-D5EA4028DA0C}E:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=e:\dead island\deadislandgame.exe |
"UDP Query User{6D2D8A2C-B96D-4427-9C9C-1F26FAD7D476}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6DCA73E4-1822-446A-8EF3-514D832194C3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{86DB5C75-9DE5-4CBD-A3F6-D9BD0F02FBEE}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{9163FBAE-102E-4618-85ED-5A941008EB6A}E:\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"UDP Query User{931A29B9-DFEF-4BD6-A9BB-8BCB75AB7067}E:\empire earth 2\ee2.exe" = protocol=17 | dir=in | app=e:\empire earth 2\ee2.exe |
"UDP Query User{9F1B2249-7406-4582-96C3-86DFC5FE8C54}E:\cs1.6\hl.exe" = protocol=17 | dir=in | app=e:\cs1.6\hl.exe |
"UDP Query User{B8DAEEAF-ACA9-46FA-B324-CA8B8965EEA9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CB73CE89-5825-4A3C-B3D1-DEFFB72882D6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{CE6AC62D-2705-4F87-A3A5-870064491769}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=17 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"UDP Query User{E144B367-FAF8-46EF-9D8C-40F18E7C2315}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{E46A58EA-7218-46D0-B5E9-377AE4EF451B}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F110B6A-60A2-4542-BB19-AD6234E2969D}" = SAMSUNG Moblie USB Driver
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C485220-4029-48E7-9F27-965DA4A78D5E}" = Samsung Networking Wizard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{109CCC7F-155C-4EC5-958B-F1B186E68DB9}" = MAGIX Video Pro X2
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6B7E4A1A-BBE1-4E8F-ABD2-7FCE1168E032}" = MAGIX 3D Maker (embedded MSI)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97922AE1-B850-4B21-85EF-FD1E7ED20D65}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter Strike 1.6 - By PirocaHP.F!N4LShare" = Counter Strike 1.6 - By PirocaHP.F!N4LShare
"Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare" = Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastFM_is1" = Last.fm 1.5.4.27091
"Live 8.2" = Live 8.2
"Live 8.2.7" = Live 8.2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Metin2_is1" = Metin2
"MirandaFusion" = Miranda Fusion 3.1.5
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.01.1532" = Opera 12.01
"Origin" = Origin
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Videodeluxe16_pro" = MAGIX Video Pro X2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Worms Reloaded_is1" = Worms Reloaded
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 18:13:47 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016092
ID
des fehlerhaften Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0x01cd79a0c532a542
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 26f91c20-e594-11e1-b28d-4061862eeb01
Error - 13.08.2012 18:14:49 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01cd79a0e98e1f6d
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 4b884728-e594-11e1-b28d-4061862eeb01
Error - 26.08.2012 09:25:06 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 09:25:29 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 12:40:23 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 04:34:00 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 08:35:04 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 10:44:21 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 11:58:04 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x3f4 Startzeit der fehlerhaften Anwendung: 0x01cd85f49e789083
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506a9319-f1f2-11e1-867b-4061862eeb01
Error - 29.08.2012 12:10:14 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.09.2012 18:28:15 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.09.2012 07:20:18 | Computer Name = PC-Beachboy | Source = VSS | ID = 8194
Description =
Error - 04.09.2012 07:31:05 | Computer Name = PC-BEACHBOY | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei C:\Users\Beachboy\Desktop\Bilder\100CANON\IMG_2342.JPG. [ACCESS_VIOLATION
Exception!! EIP = 0x1df6d92] Bitte Avira informieren und die obige Datei übersenden!
[ System Events ]
Error - 02.05.2012 10:41:01 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
< End of report >
|
|
10.09.2012, 15:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Securtiy Platinum VirusCode:
ATTFilter E:\DiRT 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\DiRT 3\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Die Sims 3\Die Sims 3.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
E:\Installs\Need for Speed Hot Pursuit\rld-nshp.iso a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean) 00000000000000000000000000000000 I
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Live Securtiy Platinum Virus |
| abgesicherten, administrator, anleitung, anti-malware, appdata, autostart, dateien, document, explorer, gen, install, install.exe, jdownloader, launch, live, log, malwarebytes, mein log, metin2, microsoft, nvidia update, platinum, plug-in, problem, rechner, richtlinie, roaming, scan, secur, security, software, speicher, storm, sweetim, version, virus |
Linear-Darstellung
