| |
| |||||||
Log-Analyse und Auswertung: fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.02.2013, 18:21
| #16 |
| /// Malware-holic   |  fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? ok, welche Probleme gibts aktuell noch? neues otl log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 20:46
| #17 |
 | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Der Browser kommt mir langsam vor, aber weiß nicht obs nur am pc liegt. Danke für die ganze Hilfe und die Mühe
__________________ OTL Logfile:Code:
ATTFilter OTL logfile created on: 2/25/2013 8:25:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 39.29% Memory free 8.00 Gb Paging File | 5.20 Gb Available in Paging File | 65.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.08 Gb Total Space | 55.54 Gb Free Space | 18.63% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 35.76 Gb Free Space | 3.84% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 26.53 Gb Free Space | 11.39% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 84.27 Gb Free Space | 36.19% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/21 06:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/04 17:25:57 | 014,597,616 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe PRC - [2012/08/23 21:49:57 | 003,491,264 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/11/20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010/11/20 13:17:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpshare.exe PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008/05/05 08:53:00 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7311\Monitor.exe PRC - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SecurWall\SWService.exe ========== Modules (No Company Name) ========== MOD - [2013/02/21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll MOD - [2013/02/21 06:23:43 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll MOD - [2013/02/21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/21 06:22:51 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libglesv2.dll MOD - [2013/02/21 06:22:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libegl.dll MOD - [2013/02/21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2007/09/13 17:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2011/04/07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2013/02/16 01:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/08/18 00:00:56 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/08/17 16:25:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service) SRV - [2010/08/17 16:25:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/19 16:52:44 | 000,166,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2008/03/19 16:52:38 | 000,051,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SecurWall\SWService.exe -- (SWService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter) DRV:64bit: - [2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/10/03 17:28:52 | 000,030,720 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prot6flt.sys -- (Prot6Flt) DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/03/14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/17 00:07:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011/02/17 00:07:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/04/27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/04/27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/04/27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV:64bit: - [2006/11/08 08:59:36 | 000,602,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PA707UCM.SYS -- (PAC7311) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/10 16:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lobi-n-ger.bei-uns.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 48 82 1B 59 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.team-andro.com/" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/20 23:07:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] [2013/02/20 23:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions [2013/02/25 00:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions [2013/02/25 00:41:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/02/22 19:14:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/20 23:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/02/16 01:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/02/16 01:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/16 01:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Wajam (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Adblock Plus = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: DoNotTrackMe = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\ CHR - Extension: AdBlock = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Social Fixer for Facebook = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\ CHR - Extension: Forecastfox = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\ CHR - Extension: Hover Zoom = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.11_0\ O1 HOSTS File: ([2013/02/16 19:08:30 | 000,444,966 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15308 more lines... O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CED122-BDD9-49F5-A14F-68721DB39CBF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE472497-C90C-4D55-B013-530656FD91CC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\AutorunsDisabled - No CLSID value found O18:64bit: - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/17 23:20:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/25 20:23:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2013/02/22 23:14:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Adobe [2013/02/21 23:16:59 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\SCE [2013/02/21 21:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2013/02/21 21:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2013/02/21 21:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2013/02/21 21:36:03 | 004,102,656 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll [2013/02/21 21:36:00 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2013/02/21 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2013/02/21 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\RAT [2013/02/20 23:07:32 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Mozilla [2013/02/20 23:07:32 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Mozilla [2013/02/20 23:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/02/20 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/02/20 19:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/02/20 19:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/02/20 19:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/02/20 18:40:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/19 19:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013/02/17 00:22:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013/02/17 00:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2013/02/17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013/02/16 19:32:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Safer Networking [2013/02/16 19:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking [2013/02/16 19:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking [2013/02/16 19:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/02/14 15:03:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/14 14:55:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/14 13:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender [2013/02/13 16:05:03 | 000,045,368 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/02/13 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Zemana [2013/02/13 16:04:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529} [2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger [2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger [2013/02/13 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware [2013/02/13 15:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Zemana AntiMalware [2013/02/13 02:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2013/02/13 02:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo [2013/02/12 02:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/02/12 01:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/02/11 04:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/11 04:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Programs [2013/02/11 03:48:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2013/02/11 03:48:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/11 03:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/11 03:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/02/11 03:08:46 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/02/11 03:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/02/11 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/11 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Removal [2013/02/10 22:09:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Vitalwerks [2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC [2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/25 20:24:04 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/25 20:18:22 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/25 20:18:21 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/25 20:14:41 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/25 20:13:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/25 20:13:00 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2013/02/25 18:14:36 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/25 18:14:36 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/25 18:14:36 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/24 22:35:01 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001UA.job [2013/02/24 19:36:10 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/24 19:36:10 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/24 19:36:10 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/24 01:35:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001Core.job [2013/02/23 14:28:37 | 000,002,279 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/02/22 17:28:00 | 000,607,185 | ---- | M] () -- C:\Users\Matthias\Desktop\Lobi.jpg [2013/02/21 21:52:46 | 002,335,270 | ---- | M] () -- C:\Windows\SysWow64\43f8105.mht [2013/02/16 23:34:26 | 000,000,222 | ---- | M] () -- C:\Users\Matthias\Desktop\Microsoft Flight.url [2013/02/16 23:32:26 | 000,000,222 | ---- | M] () -- C:\Users\Matthias\Desktop\PlanetSide 2.url [2013/02/16 23:30:29 | 000,000,222 | ---- | M] () -- C:\Users\Matthias\Desktop\RaceRoom Racing Experience.url [2013/02/16 23:28:40 | 000,000,219 | ---- | M] () -- C:\Users\Matthias\Desktop\Team Fortress 2.url [2013/02/16 22:20:03 | 000,000,219 | ---- | M] () -- C:\Users\Matthias\Desktop\Portal.url [2013/02/16 20:13:13 | 002,335,270 | ---- | M] () -- C:\Windows\SysWow64\cef68A4.mht [2013/02/16 19:08:30 | 000,444,966 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/16 17:26:03 | 001,054,288 | ---- | M] () -- C:\Users\Matthias\Desktop\yes.xspf [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2013/02/15 02:43:31 | 000,085,504 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/14 15:37:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/02/14 15:10:57 | 007,706,908 | ---- | M] () -- C:\Users\Matthias\Documents\AutoRuns.arn [2013/02/13 16:33:44 | 003,065,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/02/12 03:14:32 | 000,000,017 | ---- | M] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg [2013/02/12 02:13:52 | 003,319,110 | ---- | M] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html [2013/02/11 01:20:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130216-190830.backup [2013/02/10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013/02/06 19:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll [2013/01/26 22:32:50 | 002,370,461 | ---- | M] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/22 23:25:52 | 009,766,729 | ---- | C] () -- C:\Users\Matthias\Desktop\Grip Experts.pdf [2013/02/22 16:59:30 | 000,607,185 | ---- | C] () -- C:\Users\Matthias\Desktop\Lobi.jpg [2013/02/21 21:52:46 | 002,335,270 | ---- | C] () -- C:\Windows\SysWow64\43f8105.mht [2013/02/21 21:39:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013/02/21 21:36:04 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013/02/21 21:36:03 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013/02/21 21:36:03 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013/02/21 21:36:00 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/02/21 21:35:54 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013/02/20 23:07:25 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/20 19:22:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/16 23:34:26 | 000,000,222 | ---- | C] () -- C:\Users\Matthias\Desktop\Microsoft Flight.url [2013/02/16 23:32:26 | 000,000,222 | ---- | C] () -- C:\Users\Matthias\Desktop\PlanetSide 2.url [2013/02/16 23:30:29 | 000,000,222 | ---- | C] () -- C:\Users\Matthias\Desktop\RaceRoom Racing Experience.url [2013/02/16 23:28:40 | 000,000,219 | ---- | C] () -- C:\Users\Matthias\Desktop\Team Fortress 2.url [2013/02/16 22:20:03 | 000,000,219 | ---- | C] () -- C:\Users\Matthias\Desktop\Portal.url [2013/02/16 20:13:13 | 002,335,270 | ---- | C] () -- C:\Windows\SysWow64\cef68A4.mht [2013/02/16 17:26:02 | 001,054,288 | ---- | C] () -- C:\Users\Matthias\Desktop\yes.xspf [2013/02/12 03:14:32 | 000,000,017 | ---- | C] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg [2013/02/12 02:13:51 | 003,319,110 | ---- | C] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html [2013/02/11 14:00:03 | 007,706,908 | ---- | C] () -- C:\Users\Matthias\Documents\AutoRuns.arn [2013/02/11 03:10:36 | 000,002,279 | ---- | C] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/02/11 03:09:02 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/11 03:09:00 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/11 03:08:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013/01/26 23:24:38 | 002,370,461 | ---- | C] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf [2013/01/26 22:46:54 | 004,119,594 | ---- | C] () -- C:\Users\Matthias\Desktop\Chris_Aceto_-_Championship_Bodybuilding.pdf [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/05/09 20:34:54 | 000,000,218 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel [2011/04/13 20:26:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011/02/17 01:34:29 | 000,011,125 | ---- | C] () -- C:\Users\Matthias\gsview64.ini [2011/02/17 01:26:46 | 000,001,515 | ---- | C] () -- C:\Users\Matthias\gsview32.ini [2010/11/12 00:32:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/08/18 18:43:04 | 000,085,504 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/22 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\.visualvm [2010/08/20 23:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ableton [2012/12/28 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon [2011/10/04 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft [2010/08/20 21:22:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo [2013/01/09 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avnex [2010/09/11 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bump Technologies, Inc [2010/10/14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Deckadance [2013/02/25 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DMCache [2010/10/14 19:23:06 | 000,000,000 | -H-D | M] -- C:\Users\Matthias\AppData\Roaming\FDBTemp [2010/08/17 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FlashFXP [2011/10/02 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FreeFLVConverter [2013/02/14 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2013/02/10 01:20:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IDM [2012/12/26 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\iPumper [2010/09/28 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010/10/18 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Morphine [2010/10/14 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Propellerhead Software [2011/01/04 23:35:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\RouterControl [2013/02/16 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Safer Networking [2012/12/28 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung [2010/11/12 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrojanHunter [2012/10/02 22:44:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay [2013/01/06 00:06:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay_hook_win64 [2010/10/14 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Waves Audio ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/25/2013 8:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 39.29% Memory free
8.00 Gb Paging File | 5.20 Gb Available in Paging File | 65.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 55.54 Gb Free Space | 18.63% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 35.76 Gb Free Space | 3.84% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 26.53 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 84.27 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = DragonHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = DragonHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C01ED9D-A8F8-4A7F-B240-927C76423FC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{308B1E42-0A9C-4603-9AEE-BB241B9332E0}" = lport=139 | protocol=6 | dir=in | app=system |
"{3214967B-8806-4BF9-A88E-173C2CFDF8BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A5F6588-08B5-4991-A205-B0F61584A1B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{444B7ADA-FF8A-4AFC-842C-401FD622CC98}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{44929747-5538-4888-80A8-DF1BF0159F00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BE64E88-10D7-421B-82B0-EB85125FA824}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C40BEA4-56EF-4AF7-85B4-A4D85E6B3E78}" = rport=139 | protocol=6 | dir=out | app=system |
"{614B3614-EAA2-4F27-9677-F30B90C1387F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{62CF851F-F915-430D-AA2C-4539481D5E99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76DA96BB-2751-416C-B8C9-EB0F42C6AC03}" = rport=138 | protocol=17 | dir=out | app=system |
"{79CCDD93-3FE1-471D-8F40-70A7BCA907D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F1CBD4-1179-4AA6-95FF-AD128534C594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B438F17-C432-4B87-AADB-FDAB28F48507}" = lport=445 | protocol=6 | dir=in | app=system |
"{8007C5C1-D167-4DCD-B008-83F0CF73D61E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83649496-3C0C-4FAA-82C0-28911153DB35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83C94C05-42B8-417A-BD54-7231939AAD4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8D557B80-99AD-4CF7-A9F3-DA065DA8D8B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{925A3220-CB78-40D6-A882-19EF3DB7DFF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{955E1871-7A3E-47E1-8A51-6DBC6430B055}" = lport=138 | protocol=17 | dir=in | app=system |
"{B86CDE5A-CC7A-43B8-B3F8-BD2008206BBD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA72AD2E-BD62-4AB0-8F2E-4D96F3FDB37C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2DEDFE1-337A-4191-A21D-0FABB9A90003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D58D25C4-77E9-4327-8986-E2E768D4F9A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5CF0BF5-06EF-494F-9732-8E99DA5F4F39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFBFE8F2-33DF-41C0-8482-E52076189011}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF114374-EE27-4450-8E72-CAB0E7B79C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00489E2B-E747-4949-ADAC-C32041FFAE89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{00E495B2-E345-4A41-BE29-9288C300E3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{02F2C00C-01FD-42B4-9B42-01EF3B2F7602}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{0539F33F-7C16-4D59-B813-E3964D44BF33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{079AA8ED-2169-4868-A7A8-BE6F9E80F7F4}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"{0933007F-6E19-4FA4-B54E-326136F543E3}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{0C999DF0-AD07-4026-BFD2-CAF1F44D00CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0DFE99DA-C425-4111-9A93-6EA53736F5C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E10F473-4A81-43E2-807A-A75E56F402A2}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"{188337FF-6531-445B-925E-9DCC3BEEF135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1C2DAB61-2DA9-4F2F-8B48-013FA5BB046C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{21F2790D-799B-4602-ABAA-A623E4205BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{2883C7DF-B342-4A1B-AFEA-671974DEFD9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F104665-2E4B-4086-895A-511F4CC8CEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{31D1E290-4EB2-4EE0-927A-2725222861C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33DF270C-7BF5-416D-9154-41AD6B553538}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{346FFD43-91CB-4357-90E7-88F13501101E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{34D8977A-3728-4930-B913-FE426B986875}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"{376B44FB-8CF1-4A61-9E6A-3DB9AD1ED828}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3C09434A-D2AB-429C-866C-0F8BC147774B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{3EDE8534-B31F-4E62-8339-E59A03207AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{3F39ED13-9251-48A9-A221-2782C8E48ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4667A036-245E-42E1-B18A-0E5198DC9C58}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{495896D0-B71A-4CEF-A361-F30403402F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4AE889AD-3FED-4771-940D-9A2E1AA8C21A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{4C727BEC-42BA-497C-9280-0B06D6F5DDC1}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{502C1DE8-4716-4F49-8D72-DD668180FD09}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{53A99386-FE2C-4BA9-9BD8-4D59486A46F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{56D761D6-9D77-430C-A94D-9F03FB63EC18}" = protocol=6 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"{591D31F6-280A-4E83-8D66-9F51029B3693}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{594F6714-BEB7-4C4A-A7BA-2DCDF01A6672}" = protocol=17 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"{5BE35FE3-9D3D-4954-822D-12E45D1981A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{5C23F47C-0AE6-4046-8282-7C188568A126}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{5D431BC4-F252-43AC-AEFB-0BB96AED02EC}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"{5DBE2321-40E7-4525-9EA0-A0D16B298BEE}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"{61679743-203D-44A5-83DB-5858484F34B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{6196174B-523B-4117-AEF3-D47BDF4341A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62474D13-E09C-453E-9F70-AEF8ED53EA9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{6BC9D432-87C7-4C0E-95AA-05D49DCCF119}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{6C0A4FA3-37D4-4416-9E14-29A01D93B14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74BE9CC4-9B59-4184-A6FC-0CA576C739AD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7531484B-D116-40C2-B656-E283983E4438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{84A9BDC5-C4E8-41B7-A305-7B9F5EFEF409}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{8574BA6B-FB5C-497A-A7F1-F22C7F204417}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{874C16C3-4D28-4186-A91A-E012832EAC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8C63E70A-7CE0-4638-AD88-6FAB48E15F32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{8EDC0D92-9EEC-41FC-8EFC-4634B62D4FF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9819A37A-42EB-49F1-ACA9-16066EC35FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9867861D-61B0-45FA-A6B0-6ED729EAEE87}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{99E9A571-CF7F-4335-B69B-3EB1843434EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{9B521F36-B04D-4718-A349-0C874C852139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B9A1E5A-3422-4E22-BC2E-BD09A43829E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9DB1370D-939D-4DA8-955D-1C96B25D81E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{9F5F22BB-7A16-472F-B96D-A1EE9CFE6EA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A10AA53B-0A50-4D57-995F-E6E63907EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{A2F4EAEB-9B4F-4CC9-9B46-8287F31947D8}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"{A7C99E25-2C90-4D35-B342-F5ECFAB62EF1}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"{A8CEF28E-E982-47DD-BBE0-52030E1CB16C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AAB099D4-72A6-4EF2-BA98-9BA1D67B90F3}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{B19DE333-CD49-4985-BBD7-DA129C27DB59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{B5B41F9B-59BA-47D7-960E-2BFD97E726CB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{BC0B6B78-E913-4DA0-BBD6-B1E0E1804E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE2BB99B-4940-43E5-8F32-948F13E3469F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{C7EE13D4-BF09-4060-9DED-CFA7D538ACA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D735B421-1A04-462B-9157-54E42B507C22}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{DAD3B541-3844-4115-AA59-23ABA3BC22C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DC1E0A32-527E-4CE1-8168-1DD82D12935A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{E029CFC1-8687-4A84-85DB-069E08D1C2E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{E11A6793-9D6E-4629-8F3D-FDBDEF01C167}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E524C95F-A50B-4E2D-AAA3-CE76F2A2EC9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E89130D6-99E3-4D78-9D64-0DC2F161C624}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EAB52413-1F4C-40BB-8EED-A72C971ADA3F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{EB49F344-7F3E-4E11-AD12-844160C23BBA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F58EF2C4-0915-4987-8FCC-72D333A7CC08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{F85A7F83-A8E5-49AC-907C-7F2A31523F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{F9DD2B10-0B2A-4F9C-B119-6F72A0391678}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{F9F75914-CEE9-4021-8297-3D09C9A74BE6}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"TCP Query User{01BAD8FF-70CD-4075-8D34-3B33D70FE4B7}C:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"TCP Query User{0300A993-FB27-4656-9683-5A42BD7CE5CF}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"TCP Query User{0AD30EB8-3D1F-41F3-A462-3400580561EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{14A179D3-2255-40B4-A3BC-5B0C4B17E583}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"TCP Query User{16A052A4-78CD-4F86-8BA3-592D101F9AC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{45DD3CF1-EBAE-46DE-A307-B89F15AFD996}F:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe" = protocol=6 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"TCP Query User{4856034E-5293-4A2C-859E-9A05ECFAF688}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"TCP Query User{61D09912-6118-438A-9EA8-B73027A297BF}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{7C8D8BD1-300C-43C2-8FE9-71481A91F347}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"TCP Query User{A324C4B7-503D-46F6-B7A8-9306729C2571}C:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"TCP Query User{B97E66D0-836F-410B-A324-7502A88AD500}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{BB233369-31D0-44EA-9C02-2261E201FF3B}C:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"TCP Query User{BFF0AEDB-00DA-424F-95DF-353A95FD5127}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{C435D892-27E9-49CE-ADE1-63FE45C7E02D}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"TCP Query User{C62408C4-B732-42B0-A051-A7F5139AD9CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E285A76F-6465-42DD-92A6-E9D3791823D6}C:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"UDP Query User{0CA28F9C-7953-4B48-B338-9A09EE1C26B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{0D7BE103-49EC-48D2-9226-8B58F37C7639}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"UDP Query User{11CBF97D-C502-424D-A0A7-C848B74C1C14}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"UDP Query User{2B11E244-77F0-4BE5-871F-9643351F43D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{42A71C00-08FE-43CA-89F1-199B1A504DA4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4B523CCD-F2EA-4246-8011-ACB130CE7CFD}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{62A2D94D-6E4B-4B18-B754-774D07E5F094}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"UDP Query User{86D0EF58-F211-4CA7-9C6E-452F7EEA069F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8B6D7B20-44A1-4A97-B34D-ADAD878ACB74}F:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe" = protocol=17 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"UDP Query User{8E949DBC-20B4-446B-93B4-11A0063D6E5F}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"UDP Query User{9042E328-37F4-46A5-BD4F-34173A076BA5}C:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"UDP Query User{B4CA0FAA-268A-4422-B6C3-259B852865D0}C:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"UDP Query User{C1C42195-3BCF-4E52-874F-1606715C82B3}C:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"UDP Query User{E60037CD-38E7-4AB2-B5E7-986F6E45301E}C:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"UDP Query User{F9EC08AD-291B-4997-B828-F7EF27BBC0E0}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"UDP Query User{FC11DDB3-6E44-4A1D-8A78-FE14308628B6}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9641237-252F-467E-88FB-5CAB9E42583E}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BB5A44CB-3045-43E2-BEB0-B64E477D4633}" = EZXFunkmasters
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}" = EZXJazz
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0630-0716-3135-7887" = JDownloader 2
"3DMIDI" = Creative 3DMIDI Player
"Addictive Drums" = Addictive Drums
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntiLogger" = AntiLogger
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IL Download Manager" = IL Download Manager
"Image Line ToxicIII v1.41 VSTi" = Image Line ToxicIII v1.41 VSTi
"Image-Line PoiZone v2.1" = Image-Line PoiZone v2.1
"InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.5
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Morphine" = Morphine
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Native Instruments Vokator" = Native Instruments Vokator
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pianoteq23" = Pianoteq v2.3.0
"PunkBusterSvc" = PunkBuster Services
"Rammfire" = Rammfire
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"ReFX PlastiCZ VSTi v1.02" = ReFX PlastiCZ VSTi v1.02
"reFX quadraSID 1.6.0_is1" = reFX quadraSID 1.6.0
"reFX Vanguard 1.7.2_is1" = reFX Vanguard 1.7.2
"Sawer" = Sawer
"Steam App 203850" = Microsoft Flight
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 218230" = PlanetSide 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Toxic Biohazard" = Toxic Biohazard
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.1.2
"Waves Mercury Bundle" = Waves Mercury Bundle
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/23/2013 9:28:58 AM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 1:56:32 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 1:56:44 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 2:02:34 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 3:12:53 PM | Computer Name = Matthias-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2/24/2013 2:27:03 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/24/2013 2:51:28 PM | Computer Name = Matthias-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2/25/2013 12:55:55 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/25/2013 12:56:36 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/25/2013 3:15:24 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 2/16/2013 12:44:54 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Base Filtering Engine service,
but this action failed with the following error: %%1056
Error - 2/16/2013 3:32:48 PM | Computer Name = Matthias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:30:49 on ?16.?02.?2013 was unexpected.
Error - 2/16/2013 3:32:50 PM | Computer Name = Matthias-PC | Source = BugCheck | ID = 1001
Description =
Error - 2/16/2013 3:34:01 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Message
Queuing service to connect.
Error - 2/16/2013 3:34:01 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = The Message Queuing service failed to start due to the following error:
%%1053
Error - 2/16/2013 8:52:32 PM | Computer Name = Matthias-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 2/16/2013 10:55:45 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115
Error - 2/20/2013 1:28:38 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Message
Queuing service to connect.
Error - 2/20/2013 1:28:38 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = The Message Queuing service failed to start due to the following error:
%%1053
Error - 2/22/2013 12:16:22 PM | Computer Name = Matthias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:12:14 on ?22.?02.?2013 was unexpected.
< End of report >
|
|
25.02.2013, 20:48
| #18 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? hi,
__________________auch der internetexplorer?
__________________ |
|
25.02.2013, 20:49
| #19 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/25/2013 8:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 39.29% Memory free
8.00 Gb Paging File | 5.20 Gb Available in Paging File | 65.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 55.54 Gb Free Space | 18.63% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 35.76 Gb Free Space | 3.84% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 26.53 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 84.27 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = DragonHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = DragonHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C01ED9D-A8F8-4A7F-B240-927C76423FC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{308B1E42-0A9C-4603-9AEE-BB241B9332E0}" = lport=139 | protocol=6 | dir=in | app=system |
"{3214967B-8806-4BF9-A88E-173C2CFDF8BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A5F6588-08B5-4991-A205-B0F61584A1B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{444B7ADA-FF8A-4AFC-842C-401FD622CC98}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{44929747-5538-4888-80A8-DF1BF0159F00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BE64E88-10D7-421B-82B0-EB85125FA824}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C40BEA4-56EF-4AF7-85B4-A4D85E6B3E78}" = rport=139 | protocol=6 | dir=out | app=system |
"{614B3614-EAA2-4F27-9677-F30B90C1387F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{62CF851F-F915-430D-AA2C-4539481D5E99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76DA96BB-2751-416C-B8C9-EB0F42C6AC03}" = rport=138 | protocol=17 | dir=out | app=system |
"{79CCDD93-3FE1-471D-8F40-70A7BCA907D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F1CBD4-1179-4AA6-95FF-AD128534C594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B438F17-C432-4B87-AADB-FDAB28F48507}" = lport=445 | protocol=6 | dir=in | app=system |
"{8007C5C1-D167-4DCD-B008-83F0CF73D61E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83649496-3C0C-4FAA-82C0-28911153DB35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83C94C05-42B8-417A-BD54-7231939AAD4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8D557B80-99AD-4CF7-A9F3-DA065DA8D8B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{925A3220-CB78-40D6-A882-19EF3DB7DFF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{955E1871-7A3E-47E1-8A51-6DBC6430B055}" = lport=138 | protocol=17 | dir=in | app=system |
"{B86CDE5A-CC7A-43B8-B3F8-BD2008206BBD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA72AD2E-BD62-4AB0-8F2E-4D96F3FDB37C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2DEDFE1-337A-4191-A21D-0FABB9A90003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D58D25C4-77E9-4327-8986-E2E768D4F9A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5CF0BF5-06EF-494F-9732-8E99DA5F4F39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFBFE8F2-33DF-41C0-8482-E52076189011}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF114374-EE27-4450-8E72-CAB0E7B79C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00489E2B-E747-4949-ADAC-C32041FFAE89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{00E495B2-E345-4A41-BE29-9288C300E3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{02F2C00C-01FD-42B4-9B42-01EF3B2F7602}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{0539F33F-7C16-4D59-B813-E3964D44BF33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{079AA8ED-2169-4868-A7A8-BE6F9E80F7F4}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"{0933007F-6E19-4FA4-B54E-326136F543E3}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{0C999DF0-AD07-4026-BFD2-CAF1F44D00CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0DFE99DA-C425-4111-9A93-6EA53736F5C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E10F473-4A81-43E2-807A-A75E56F402A2}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"{188337FF-6531-445B-925E-9DCC3BEEF135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1C2DAB61-2DA9-4F2F-8B48-013FA5BB046C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{21F2790D-799B-4602-ABAA-A623E4205BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{2883C7DF-B342-4A1B-AFEA-671974DEFD9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F104665-2E4B-4086-895A-511F4CC8CEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{31D1E290-4EB2-4EE0-927A-2725222861C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33DF270C-7BF5-416D-9154-41AD6B553538}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{346FFD43-91CB-4357-90E7-88F13501101E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{34D8977A-3728-4930-B913-FE426B986875}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"{376B44FB-8CF1-4A61-9E6A-3DB9AD1ED828}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3C09434A-D2AB-429C-866C-0F8BC147774B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{3EDE8534-B31F-4E62-8339-E59A03207AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{3F39ED13-9251-48A9-A221-2782C8E48ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4667A036-245E-42E1-B18A-0E5198DC9C58}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{495896D0-B71A-4CEF-A361-F30403402F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4AE889AD-3FED-4771-940D-9A2E1AA8C21A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{4C727BEC-42BA-497C-9280-0B06D6F5DDC1}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{502C1DE8-4716-4F49-8D72-DD668180FD09}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{53A99386-FE2C-4BA9-9BD8-4D59486A46F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{56D761D6-9D77-430C-A94D-9F03FB63EC18}" = protocol=6 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"{591D31F6-280A-4E83-8D66-9F51029B3693}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{594F6714-BEB7-4C4A-A7BA-2DCDF01A6672}" = protocol=17 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"{5BE35FE3-9D3D-4954-822D-12E45D1981A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{5C23F47C-0AE6-4046-8282-7C188568A126}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{5D431BC4-F252-43AC-AEFB-0BB96AED02EC}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"{5DBE2321-40E7-4525-9EA0-A0D16B298BEE}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"{61679743-203D-44A5-83DB-5858484F34B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{6196174B-523B-4117-AEF3-D47BDF4341A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62474D13-E09C-453E-9F70-AEF8ED53EA9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{6BC9D432-87C7-4C0E-95AA-05D49DCCF119}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{6C0A4FA3-37D4-4416-9E14-29A01D93B14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74BE9CC4-9B59-4184-A6FC-0CA576C739AD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7531484B-D116-40C2-B656-E283983E4438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{84A9BDC5-C4E8-41B7-A305-7B9F5EFEF409}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{8574BA6B-FB5C-497A-A7F1-F22C7F204417}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{874C16C3-4D28-4186-A91A-E012832EAC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8C63E70A-7CE0-4638-AD88-6FAB48E15F32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{8EDC0D92-9EEC-41FC-8EFC-4634B62D4FF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9819A37A-42EB-49F1-ACA9-16066EC35FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9867861D-61B0-45FA-A6B0-6ED729EAEE87}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{99E9A571-CF7F-4335-B69B-3EB1843434EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{9B521F36-B04D-4718-A349-0C874C852139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B9A1E5A-3422-4E22-BC2E-BD09A43829E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9DB1370D-939D-4DA8-955D-1C96B25D81E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{9F5F22BB-7A16-472F-B96D-A1EE9CFE6EA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A10AA53B-0A50-4D57-995F-E6E63907EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{A2F4EAEB-9B4F-4CC9-9B46-8287F31947D8}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"{A7C99E25-2C90-4D35-B342-F5ECFAB62EF1}" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"{A8CEF28E-E982-47DD-BBE0-52030E1CB16C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AAB099D4-72A6-4EF2-BA98-9BA1D67B90F3}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{B19DE333-CD49-4985-BBD7-DA129C27DB59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{B5B41F9B-59BA-47D7-960E-2BFD97E726CB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{BC0B6B78-E913-4DA0-BBD6-B1E0E1804E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE2BB99B-4940-43E5-8F32-948F13E3469F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{C7EE13D4-BF09-4060-9DED-CFA7D538ACA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D735B421-1A04-462B-9157-54E42B507C22}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{DAD3B541-3844-4115-AA59-23ABA3BC22C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DC1E0A32-527E-4CE1-8168-1DD82D12935A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{E029CFC1-8687-4A84-85DB-069E08D1C2E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{E11A6793-9D6E-4629-8F3D-FDBDEF01C167}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E524C95F-A50B-4E2D-AAA3-CE76F2A2EC9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E89130D6-99E3-4D78-9D64-0DC2F161C624}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EAB52413-1F4C-40BB-8EED-A72C971ADA3F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{EB49F344-7F3E-4E11-AD12-844160C23BBA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F58EF2C4-0915-4987-8FCC-72D333A7CC08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{F85A7F83-A8E5-49AC-907C-7F2A31523F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{F9DD2B10-0B2A-4F9C-B119-6F72A0391678}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{F9F75914-CEE9-4021-8297-3D09C9A74BE6}" = protocol=17 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"TCP Query User{01BAD8FF-70CD-4075-8D34-3B33D70FE4B7}C:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"TCP Query User{0300A993-FB27-4656-9683-5A42BD7CE5CF}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"TCP Query User{0AD30EB8-3D1F-41F3-A462-3400580561EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{14A179D3-2255-40B4-A3BC-5B0C4B17E583}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"TCP Query User{16A052A4-78CD-4F86-8BA3-592D101F9AC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{45DD3CF1-EBAE-46DE-A307-B89F15AFD996}F:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe" = protocol=6 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"TCP Query User{4856034E-5293-4A2C-859E-9A05ECFAF688}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"TCP Query User{61D09912-6118-438A-9EA8-B73027A297BF}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{7C8D8BD1-300C-43C2-8FE9-71481A91F347}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"TCP Query User{A324C4B7-503D-46F6-B7A8-9306729C2571}C:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"TCP Query User{B97E66D0-836F-410B-A324-7502A88AD500}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{BB233369-31D0-44EA-9C02-2261E201FF3B}C:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"TCP Query User{BFF0AEDB-00DA-424F-95DF-353A95FD5127}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{C435D892-27E9-49CE-ADE1-63FE45C7E02D}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"TCP Query User{C62408C4-B732-42B0-A051-A7F5139AD9CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E285A76F-6465-42DD-92A6-E9D3791823D6}C:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe" = protocol=6 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"UDP Query User{0CA28F9C-7953-4B48-B338-9A09EE1C26B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{0D7BE103-49EC-48D2-9226-8B58F37C7639}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"UDP Query User{11CBF97D-C502-424D-A0A7-C848B74C1C14}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"UDP Query User{2B11E244-77F0-4BE5-871F-9643351F43D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{42A71C00-08FE-43CA-89F1-199B1A504DA4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4B523CCD-F2EA-4246-8011-ACB130CE7CFD}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{62A2D94D-6E4B-4B18-B754-774D07E5F094}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
"UDP Query User{86D0EF58-F211-4CA7-9C6E-452F7EEA069F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8B6D7B20-44A1-4A97-B34D-ADAD878ACB74}F:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe" = protocol=17 | dir=in | app=f:\programs\av_voice_changer_software_diamond_7_0_51_www.expresshare.com\hfs279.exe |
"UDP Query User{8E949DBC-20B4-446B-93B4-11A0063D6E5F}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"UDP Query User{9042E328-37F4-46A5-BD4F-34173A076BA5}C:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\cybergate_v2.3.0_public\cybergate_v2.3.0_public.exe |
"UDP Query User{B4CA0FAA-268A-4422-B6C3-259B852865D0}C:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\darkcometrat531\darkcometrat531\darkcomet.exe |
"UDP Query User{C1C42195-3BCF-4E52-874F-1606715C82B3}C:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\cybergate v1.07.5\cybergate v1.07.5.exe |
"UDP Query User{E60037CD-38E7-4AB2-B5E7-986F6E45301E}C:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe" = protocol=17 | dir=in | app=c:\users\matthias\desktop\rat\darkcometrat531\darkcomet.exe |
"UDP Query User{F9EC08AD-291B-4997-B828-F7EF27BBC0E0}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"UDP Query User{FC11DDB3-6E44-4A1D-8A78-FE14308628B6}C:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sb-i_vuze_hack_win64_4.5.0.2\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9641237-252F-467E-88FB-5CAB9E42583E}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BB5A44CB-3045-43E2-BEB0-B64E477D4633}" = EZXFunkmasters
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}" = EZXJazz
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0630-0716-3135-7887" = JDownloader 2
"3DMIDI" = Creative 3DMIDI Player
"Addictive Drums" = Addictive Drums
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntiLogger" = AntiLogger
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IL Download Manager" = IL Download Manager
"Image Line ToxicIII v1.41 VSTi" = Image Line ToxicIII v1.41 VSTi
"Image-Line PoiZone v2.1" = Image-Line PoiZone v2.1
"InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.5
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Morphine" = Morphine
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Native Instruments Vokator" = Native Instruments Vokator
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pianoteq23" = Pianoteq v2.3.0
"PunkBusterSvc" = PunkBuster Services
"Rammfire" = Rammfire
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"ReFX PlastiCZ VSTi v1.02" = ReFX PlastiCZ VSTi v1.02
"reFX quadraSID 1.6.0_is1" = reFX quadraSID 1.6.0
"reFX Vanguard 1.7.2_is1" = reFX Vanguard 1.7.2
"Sawer" = Sawer
"Steam App 203850" = Microsoft Flight
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 218230" = PlanetSide 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Toxic Biohazard" = Toxic Biohazard
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.1.2
"Waves Mercury Bundle" = Waves Mercury Bundle
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/23/2013 9:28:58 AM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 1:56:32 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 1:56:44 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 2:02:34 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/23/2013 3:12:53 PM | Computer Name = Matthias-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2/24/2013 2:27:03 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/24/2013 2:51:28 PM | Computer Name = Matthias-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2/25/2013 12:55:55 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/25/2013 12:56:36 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/25/2013 3:15:24 PM | Computer Name = Matthias-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Ashampoo\Ashampoo
Burning Studio 9\burningstudio9.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 2/16/2013 12:44:54 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Base Filtering Engine service,
but this action failed with the following error: %%1056
Error - 2/16/2013 3:32:48 PM | Computer Name = Matthias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:30:49 on ?16.?02.?2013 was unexpected.
Error - 2/16/2013 3:32:50 PM | Computer Name = Matthias-PC | Source = BugCheck | ID = 1001
Description =
Error - 2/16/2013 3:34:01 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Message
Queuing service to connect.
Error - 2/16/2013 3:34:01 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = The Message Queuing service failed to start due to the following error:
%%1053
Error - 2/16/2013 8:52:32 PM | Computer Name = Matthias-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 2/16/2013 10:55:45 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115
Error - 2/20/2013 1:28:38 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Message
Queuing service to connect.
Error - 2/20/2013 1:28:38 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = The Message Queuing service failed to start due to the following error:
%%1053
Error - 2/22/2013 12:16:22 PM | Computer Name = Matthias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:12:14 on ?22.?02.?2013 was unexpected.
< End of report >
|
|
25.02.2013, 21:17
| #20 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? bitte noch Frage beantworten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 22:20
| #21 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? den hab ich nicht mehr installiert |
|
25.02.2013, 22:43
| #22 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? der ie ist immer instaliert. aber mach mal ein Upgrade auf version 9 Internet Explorer*9 herunterladen - Microsoft Windows
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2013, 21:31
| #23 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? ok, mach ich. ich meinte damit dass ich ihn unter den installierten programmen deaktiviert hatte. |
|
28.02.2013, 18:19
| #24 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? hi ok instalieren und dann mal, wie gesagt testen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.03.2013, 20:10
| #25 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Also, Internet Explorer 9 ist jetz drauf und ich hab jetz nochmal OTL drüberlaufen lassen. OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/29/2013 7:34:09 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.16% Memory free 8.00 Gb Paging File | 6.57 Gb Available in Paging File | 82.12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.08 Gb Total Space | 57.58 Gb Free Space | 19.32% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 32.45 Gb Free Space | 3.48% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 26.49 Gb Free Space | 11.37% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 84.74 Gb Free Space | 36.39% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/13 12:20:49 | 016,023,976 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe PRC - [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/23 21:49:57 | 003,491,264 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/11/20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe PRC - [2008/05/05 08:53:00 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7311\Monitor.exe PRC - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SecurWall\SWService.exe ========== Modules (No Company Name) ========== MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe MOD - [2007/09/13 17:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL MOD - [2005/10/24 16:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2011/04/07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2013/03/09 15:08:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/08/18 00:00:56 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/08/17 16:25:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service) SRV - [2010/08/17 16:25:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/19 16:52:44 | 000,166,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2008/03/19 16:52:38 | 000,051,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SecurWall\SWService.exe -- (SWService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter) DRV:64bit: - [2013/03/16 20:14:09 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/10/03 17:28:52 | 000,030,720 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prot6flt.sys -- (Prot6Flt) DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/03/14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/17 00:07:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011/02/17 00:07:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/04/27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/04/27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/04/27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV:64bit: - [2006/11/08 08:59:36 | 000,602,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PA707UCM.SYS -- (PAC7311) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/10 16:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mitglied lobi-n-ger.bei-uns.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 48 82 1B 59 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.team-andro.com/" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/09 15:08:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] [2013/02/20 23:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions [2013/02/25 00:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions [2013/02/25 00:41:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/02/22 19:14:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\6s565hdq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/09 15:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/03/09 15:08:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/02/16 01:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/16 01:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Wajam (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Adblock Plus = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: DoNotTrackMe = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\ CHR - Extension: AdBlock = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Social Fixer for Facebook = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\ CHR - Extension: Forecastfox = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\ CHR - Extension: Hover Zoom = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.14_0\ O1 HOSTS File: ([2013/02/16 19:08:30 | 000,444,966 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 ???,????,????cr67com,????,??????,?????112scg,tt???8bc8,????? O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15308 more lines... O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CED122-BDD9-49F5-A14F-68721DB39CBF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE472497-C90C-4D55-B013-530656FD91CC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\AutorunsDisabled - No CLSID value found O18:64bit: - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/17 23:20:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/17 12:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013/03/17 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\PDF Architect [2013/03/16 20:14:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962} [2013/03/16 20:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger [2013/03/09 15:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/29 19:36:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/29 19:36:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/29 19:35:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001UA.job [2013/03/29 19:32:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/29 19:31:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/29 19:31:26 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2013/03/29 01:17:52 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/03/29 01:17:52 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/03/29 01:17:52 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/03/29 00:24:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/28 01:35:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001Core.job [2013/03/27 18:48:52 | 000,000,499 | ---- | M] () -- C:\Users\Matthias\Desktop\yes.xspf [2013/03/20 22:49:44 | 000,128,519 | ---- | M] () -- C:\Users\Matthias\Desktop\20.03.png [2013/03/16 20:14:09 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/03/16 20:14:03 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk [2013/03/10 20:49:15 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/10 20:49:15 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/10 20:49:15 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/10 11:46:41 | 000,001,437 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/03/10 01:18:29 | 000,229,149 | ---- | M] () -- C:\Users\Matthias\Desktop\Mama.jpg [2013/03/10 00:02:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/03/10 00:02:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/03/04 20:15:12 | 000,630,784 | ---- | M] () -- C:\Users\Matthias\Desktop\euro_braun_lobinger.mdb [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/20 22:48:38 | 000,128,519 | ---- | C] () -- C:\Users\Matthias\Desktop\20.03.png [2013/03/10 01:17:28 | 000,229,149 | ---- | C] () -- C:\Users\Matthias\Desktop\Mama.jpg [2013/03/10 00:02:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/03/10 00:02:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/03/07 21:42:44 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk [2013/03/04 20:14:58 | 000,630,784 | ---- | C] () -- C:\Users\Matthias\Desktop\euro_braun_lobinger.mdb [2013/02/28 13:47:18 | 000,001,409 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/02/28 13:47:15 | 000,001,443 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/02/28 13:47:15 | 000,001,437 | ---- | C] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/02/21 21:36:04 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013/02/21 21:36:03 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013/02/21 21:36:03 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013/02/21 21:36:00 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/02/21 21:35:54 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013/02/12 03:14:32 | 000,000,017 | ---- | C] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/05/09 20:34:54 | 000,000,218 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel [2011/04/13 20:26:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011/02/17 01:34:29 | 000,011,125 | ---- | C] () -- C:\Users\Matthias\gsview64.ini [2011/02/17 01:26:46 | 000,001,515 | ---- | C] () -- C:\Users\Matthias\gsview32.ini [2010/11/12 00:32:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/08/18 18:43:04 | 000,085,504 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/22 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\.visualvm [2010/08/20 23:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ableton [2012/12/28 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon [2011/10/04 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft [2010/08/20 21:22:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo [2013/01/09 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avnex [2010/09/11 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bump Technologies, Inc [2010/10/14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Deckadance [2013/03/29 19:46:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DMCache [2010/10/14 19:23:06 | 000,000,000 | -H-D | M] -- C:\Users\Matthias\AppData\Roaming\FDBTemp [2010/08/17 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FlashFXP [2011/10/02 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FreeFLVConverter [2013/02/14 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2013/03/29 19:46:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IDM [2012/12/26 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\iPumper [2010/09/28 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010/10/18 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Morphine [2013/03/17 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PDF Architect [2010/10/14 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Propellerhead Software [2011/01/04 23:35:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\RouterControl [2013/02/16 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Safer Networking [2012/12/28 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung [2010/11/12 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrojanHunter [2012/10/02 22:44:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay [2013/01/06 00:06:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay_hook_win64 [2010/10/14 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Waves Audio ========== Purity Check ========== < End of report > Geändert von dr_ckshacker (29.03.2013 um 20:17 Uhr) |
|
| Themen zu fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? |
| autoruns, autostart, avast, combofix, dateien, eset, eset nod32, folge, gmer, hijack, log, logfiles, malwarebytes, neustart, nod32, ntdll.dll, problem, programm, prozess, rechner, remote, remote access, scan, server.exe, svchost.exe, treiber, trojaner, trojaner svchost.exe ntdll.dll rat malware |
Linear-Darstellung
