| MelficeOne | 01.07.2012 03:09 |
Ransom Trojan wird nicht durch Malwarebytes gelöscht
Ich bin letztens auf folgendes Problem gestoßen: ich wollte gestern (Freitag) Anime gucken (neueste Folge Fate Zero) und musste feststellen dass der MPC schwarz bleibt. ich kriege Ton zwar rein aber kein Bild.
Dachte mir das der FFD Video Codec spinnt und have daraufhin das CCCP erneut installiert. Keine Hilfe.
Anderer Player: Schwarz mit ton.
Als ich einen Quick Scan mit malwarebytes über das System laufen ließ gab dieser mir einen Fund aus. Zitat:
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr -> No action taken.
| Malwarebytes diesen Registry-wert löschen lassen (Standartoperation) und Rechner wie gefordert neu gestartet.
Direkt nach dem Neustart (noch in der Autostartroutine) ein Video abgespielt und siehe da - Ton und Bild! Doch während der Routine wurde das Bild mit einem mal schwarz. malwarebytes nochmal drüberlaufen lassen und den Selben Fehler gefunden. selbes Vorgehen, diesmal nach Hochfahren geguckt ob es sich über den Administrtor löschen lässt. Admin findet nix.
Also Fehler gegoogelt und zu verschiedensten Ergebnissen gekommen. von Neu Aufsetzen über Zugriffsänderungen zu Logfiles Posten (hier)
Ich stehe derzeit auf dem Schlauch. Da Ransom Trojans offenbar irgendwann den Rechner "hochnehmen" und sperren würde ich dem weitesgehend vorbeugen...
anbei die OTL.txt Code:
OTL logfile created on: 01.07.2012 03:25:00 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free
14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.01 03:20:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.06.04 16:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2011.05.26 00:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.07 13:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011.04.05 19:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010.12.09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010.12.08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.06.19 12:29:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.01 23:29:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.21 18:28:20 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.11.29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.09.29 10:36:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.26 01:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 23:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 11:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.02.08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.24 07:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}
IE:64bit: - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}
IE - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fakku.net/viewforum.php?f=105
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5FA600C7-EA20-4F25-A8D3-C42A8520102A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{4FFF1A03-D54F-4070-B6D9-A1792386A1F8}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{57B705F0-4A7D-4C63-AC4D-F6E48C646FED}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{5FA600C7-EA20-4F25-A8D3-C42A8520102A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.orbitdownloader.com"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Melfice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 18:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 23:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.09.26 18:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Extensions
[2012.07.01 00:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions
[2011.09.28 20:43:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions\ffxtlbr@Facemoods.com
[2011.10.23 09:59:14 | 000,000,679 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\tokyo-toshokan.xml
[2011.10.23 14:31:51 | 000,001,330 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wikipedia-en.xml
[2011.11.05 23:46:47 | 000,001,997 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wolframalpha.xml
[2011.10.09 23:42:09 | 000,002,057 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\youtube-videosuche.xml
[2012.01.08 20:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.31 20:00:00 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MELFICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G039WQU1.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.05.01 23:29:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 19:03:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 19:03:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 19:03:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.28 20:43:26 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.03.19 19:03:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 19:03:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 19:03:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found
F3 - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AFD53F0-5698-4625-9937-FF29252BADB0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44CF995-588F-43B3-BE47-2C119E943906}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.24 10:01:18 | 000,000,027 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2008.06.24 10:01:18 | 000,063,488 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.01 00:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.01 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\GRETECH
[2012.07.01 00:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012.07.01 00:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012.06.30 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FEE76892-DA96-44B9-B0A4-5C0CDEF4B389}
[2012.06.30 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6514B212-6F1D-468E-984A-151981F95925}
[2012.06.30 01:40:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{1B773419-4E56-4B0C-8C57-A708D733E2EE}
[2012.06.30 01:40:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{13868A62-1B13-48B0-957B-69C681809D09}
[2012.06.30 01:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\ManyCam
[2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.06.30 01:26:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\ManyCam
[2012.06.30 01:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.06.30 01:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.06.30 01:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.06.30 01:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.06.29 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\Analogue A Hate Story
[2012.06.29 21:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2012.06.29 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2012.06.29 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0051FE67-E0AB-46FF-BB59-45D112B7295B}
[2012.06.29 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E146B3EA-F0E8-4DB4-8F19-C372CA2B9007}
[2012.06.29 01:37:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8545240C-3F6F-4036-AB25-EF66200BC8EA}
[2012.06.29 01:36:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58ABBF1C-AB02-47C4-B3A8-D68092CFE16B}
[2012.06.28 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B00DF739-BBDB-4D15-A724-F8F43A9A3723}
[2012.06.28 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B147D393-1907-4966-AA52-D24964517A61}
[2012.06.28 01:35:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F9ABD92F-459B-4A6C-B013-9501ECCEA48C}
[2012.06.28 01:35:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EE86CEBD-E193-44EB-8474-DEC8D97CF922}
[2012.06.27 13:34:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FAB88ECC-C41B-4C87-BDB7-CC5835B55483}
[2012.06.27 13:33:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{911E60D8-EFB9-45A7-9F70-7E638143CFE8}
[2012.06.27 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{35E5AD25-1727-4F1E-8017-C1562B01E8EC}
[2012.06.27 01:32:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B7367BBE-E951-4E12-B091-AC2148501AE9}
[2012.06.26 13:32:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A67A434-CC40-4B09-A03D-D40B5E3C8E46}
[2012.06.26 13:31:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A5F31274-A3C3-4050-8D16-F8E49675EFA2}
[2012.06.26 01:31:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{88CE3ACC-A86A-4BB6-BF6F-373DE3FADB94}
[2012.06.26 01:30:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{30645A4D-A81C-47C2-BA1C-CF845E0D7768}
[2012.06.25 13:30:20 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{062E811F-AD77-4AA9-8A9C-4B617A1A5882}
[2012.06.25 13:29:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9C120173-61E5-48AB-B9D9-4D1C97E515AC}
[2012.06.25 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{ED1B8300-91A1-423E-B40E-BB5CD49E8F54}
[2012.06.25 01:28:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{974702BF-A534-4EF6-8DF1-16074AFBC8EA}
[2012.06.24 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{512CC663-6BB6-436E-A3D3-5C339A4ADD7B}
[2012.06.24 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9E2E322A-3CEC-43A5-8582-1540896DAC7A}
[2012.06.24 01:25:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{79523661-97A4-4F88-ABB8-A45F3A72ED0F}
[2012.06.24 01:25:07 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0DC38E9-9B2C-4AB1-A5F3-1094FC2CA94E}
[2012.06.23 14:25:53 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Macromedia
[2012.06.23 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7F5E8616-5F01-48FD-A6A5-D8DA99111896}
[2012.06.23 13:23:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB9A02BD-1D11-4629-9E36-A8B292B62FC0}
[2012.06.22 12:20:48 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{25D7380A-952A-4BBC-B7AC-7EA86DB57EBB}
[2012.06.22 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EEB89AAF-EAA1-408E-9581-A08CC041B6C5}
[2012.06.22 00:19:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8A5F398A-7040-47D5-A85B-E9EC119F38D3}
[2012.06.22 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DE125F2F-5A40-4B1F-9D2C-AC9416D5EEBC}
[2012.06.21 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58D0E221-688B-4116-A287-0EA62F99E151}
[2012.06.21 12:18:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CA345B44-58A7-4D15-8C09-ECADA4FEFA6B}
[2012.06.21 00:17:52 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0B1F1B87-0F04-43D7-833F-C76574BADCB6}
[2012.06.21 00:17:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E6EA62EB-6562-46D6-9F49-F45AF20A4158}
[2012.06.20 14:14:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utawarerumono
[2012.06.20 12:17:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{4854B39A-9788-4D00-AB68-2FDF2BA416FD}
[2012.06.20 12:16:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A87B4A2-EB28-489A-BC10-62C0CE540A10}
[2012.06.20 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E55E4B59-4D60-4190-BA4B-BCC2E1C8F494}
[2012.06.20 00:16:02 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3827E545-A0C2-4950-9EE9-2BD0F23CAE1D}
[2012.06.19 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3F503903-967C-419B-927A-FE5BD371B0F7}
[2012.06.19 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F723E167-DF5B-4F60-AF01-1F3D63CD2E63}
[2012.06.19 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{11067D98-7347-472F-9234-6B4D378898D6}
[2012.06.18 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0289FF9-A365-4B22-B951-357A35B4A801}
[2012.06.18 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{72F1BC5B-4962-4F4F-8E65-FD122880DC55}
[2012.06.17 12:13:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A16F32DD-1F1A-46E4-B5AF-1227F9B574E6}
[2012.06.17 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B37E051B-796E-43D9-A761-3BC65D8EB63E}
[2012.06.16 12:12:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{05BCBCAB-0CE7-40D1-A357-2EE08764E2BB}
[2012.06.16 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7610E6BF-0FC9-49E0-8A81-6DCE7D3734F7}
[2012.06.15 12:11:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{958013EF-9288-45E1-AE82-8A0C3E6D9E95}
[2012.06.15 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0C68E6CC-B8AA-42E3-A4F6-160B09D49B0C}
[2012.06.15 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8D6E6181-7212-42D0-9C9C-C5C71D70DBD7}
[2012.06.14 12:14:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{166A36BF-D053-4653-8D1F-2390CBDAB7D1}
[2012.06.14 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E551CABB-4068-4FF7-A01A-071E2EB7FFD9}
[2012.06.14 00:14:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B5140EDE-58C7-49F8-B9A2-C3522B628E1C}
[2012.06.13 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{C845AADD-2F5C-4C1B-82A6-2327B47045F1}
[2012.06.13 12:13:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6D4143CD-FBF9-40BB-A67E-E129645438D7}
[2012.06.13 00:12:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{133AB30C-21F5-4184-B439-D2EEEEAB62A9}
[2012.06.13 00:12:16 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6E7127A2-7ACB-4463-8CC8-5F16226CD3D8}
[2012.06.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor
[2012.06.12 15:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.12 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Braid
[2012.06.12 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CD8C87AA-F9A5-43CB-8B34-4FEB0967A747}
[2012.06.12 12:11:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{68431AE7-D464-47D3-9A0D-D1D32C98ADA3}
[2012.06.12 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E3863E3F-6A9B-4448-8385-016A4DD43343}
[2012.06.12 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{17638C12-D358-447B-8AB3-B265382F1AEF}
[2012.06.11 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB6083E2-C4BE-42D9-BED0-8DEDB127F13C}
[2012.06.11 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DDF53304-095A-4812-8B53-8CC0BE03124C}
[2012.06.11 00:10:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{34B8DB33-D755-486B-AE7C-C0606B03C559}
[2012.06.10 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.10 23:55:52 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.06.10 23:55:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.06.10 23:55:28 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.06.10 23:55:13 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.06.09 07:37:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E11E790B-FEE6-49CB-BA0F-B4D1D6333B67}
[2012.06.09 07:36:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CF48BCAB-C1E7-4170-9D42-AAF5103BCE8C}
[2012.06.07 00:23:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{91BE13D7-BB26-4387-B682-39E81ADA46A2}
[2012.06.07 00:23:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC665A4C-F21E-4A63-8EBC-E9D92832410E}
[2012.06.05 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\InstallShield Installation Information
[2012.06.05 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9DACE0FC-DC2A-4735-A36B-B0EADCCF9079}
[2012.06.05 03:46:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A1CFC0EA-011D-4C61-8B5E-43285CE19ED7}
[2012.06.04 18:53:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Procaster
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2012.06.04 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3A701C01-6E49-4BCA-9674-13023D68E7B8}
[2012.06.04 00:12:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{06082C70-C4E4-4371-B6D9-EF374CB9EDB0}
[2012.06.03 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC022DF7-119A-4104-B5E3-6D741A2BFDFA}
[2012.06.03 16:16:14 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{D61D8835-4874-4D27-9B4F-B042D6AC117D}
[2012.06.02 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\LoLItemChanger
[2012.06.02 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LolClient2
[2012.06.02 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{52CF7BA2-ED15-40BC-93D8-F168102449F1}
[2012.06.02 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B44E830B-54CB-49D0-BA18-612F0064BB77}
[2012.06.01 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Documents\ProE
[2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe_
[2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.01 03:17:41 | 000,000,168 | ---- | M] () -- C:\Users\Melfice\defogger_reenable
[2012.07.01 03:08:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.01 02:56:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 02:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.01 02:44:30 | 1725,063,167 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.01 00:19:01 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.06.30 17:04:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 17:04:13 | 000,686,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 17:04:13 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 17:04:13 | 000,147,668 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 17:04:13 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 01:27:31 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.24 14:37:19 | 000,000,123 | ---- | M] () -- C:\Users\Melfice\Documents\std.out
[2012.06.23 14:15:59 | 000,000,012 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat
[2012.06.23 13:33:27 | 000,374,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.23 13:31:08 | 000,000,844 | ---- | M] () -- C:\Users\Melfice\Documents\Dokument5.rtf
[2012.06.20 14:14:54 | 000,000,750 | ---- | M] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk
[2012.06.19 15:33:40 | 000,000,061 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello.vbs
[2012.06.17 16:43:15 | 000,000,756 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello2.vbs
[2012.06.15 20:14:59 | 000,012,057 | ---- | M] () -- C:\Users\Melfice\Documents\remys book.odt
[2012.06.15 02:58:01 | 000,005,771 | ---- | M] () -- C:\Users\Melfice\Desktop\for remy.rtf
[2012.06.06 12:43:35 | 000,454,603 | ---- | M] () -- C:\Users\Melfice\Desktop\Scan0001.pdf
[2012.06.05 03:49:28 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.06.04 20:10:49 | 000,000,221 | ---- | M] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url
[2012.06.04 18:53:39 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2012.06.03 23:52:40 | 622,321,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.03 17:56:20 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk
[2012.06.02 16:37:14 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 16:36:36 | 000,001,030 | ---- | M] () -- C:\Users\Melfice\Desktop\Dropbox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.01 03:17:41 | 000,000,168 | ---- | C] () -- C:\Users\Melfice\defogger_reenable
[2012.07.01 00:19:01 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.06.30 01:27:31 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.23 14:15:59 | 000,000,012 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat
[2012.06.23 13:31:07 | 000,000,844 | ---- | C] () -- C:\Users\Melfice\Documents\Dokument5.rtf
[2012.06.20 14:14:54 | 000,000,750 | ---- | C] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk
[2012.06.17 01:22:35 | 000,000,756 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello2.vbs
[2012.06.16 14:32:33 | 000,000,061 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello.vbs
[2012.06.15 20:14:56 | 000,012,057 | ---- | C] () -- C:\Users\Melfice\Documents\remys book.odt
[2012.06.15 01:26:00 | 000,005,771 | ---- | C] () -- C:\Users\Melfice\Desktop\for remy.rtf
[2012.06.06 12:45:38 | 000,454,603 | ---- | C] () -- C:\Users\Melfice\Desktop\Scan0001.pdf
[2012.06.04 20:10:49 | 000,000,221 | ---- | C] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url
[2012.06.03 23:52:40 | 622,321,038 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.03 17:56:20 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk
[2012.06.02 16:37:14 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.10 09:52:53 | 000,050,157 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\SQLite3.dll
[2012.02.02 15:06:23 | 001,579,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 11:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\Horo.ini
[2012.01.11 22:34:15 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\oldharmony.dll
[2011.12.30 22:37:23 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2011.12.28 05:37:59 | 000,067,072 | ---- | C] () -- C:\Users\Melfice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.07 18:17:46 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.12.07 18:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2011.10.30 18:51:33 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.26 19:01:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.07.25 14:41:59 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.07.25 14:19:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.07.25 14:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.25 14:02:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== LOP Check ==========
[2012.02.23 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft
[2011.12.13 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft_xray
[2012.05.30 12:41:33 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Audacity
[2012.02.14 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Babylon
[2012.07.01 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\BitTorrent
[2012.06.12 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Braid
[2011.10.20 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\DAEMON Tools Lite
[2012.07.01 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Dropbox
[2011.11.25 12:28:52 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Gatling Gears
[2011.10.30 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GetRightToGo
[2011.10.09 04:06:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GrabPro
[2012.02.26 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Hothead Games
[2012.02.12 15:20:31 | 000,000,000 | RHSD | M] -- C:\Users\Melfice\AppData\Roaming\install
[2012.04.19 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\KISSsoft AG
[2012.03.23 16:50:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\kock
[2011.09.26 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient
[2012.06.02 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient2
[2012.06.12 19:35:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor
[2012.06.30 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ManyCam
[2012.01.16 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\NationRed
[2011.10.20 10:33:27 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Nitroplus
[2011.12.08 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\OpenOffice.org
[2012.07.01 03:23:55 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Orbit
[2011.10.09 04:06:07 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ProgSense
[2011.10.21 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\PTC
[2012.06.29 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\RenPy
[2011.10.21 08:19:14 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ShanghaiAlice
[2011.09.29 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Toshiba
[2011.09.26 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\TOSHIBA Online Product Information
[2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\UAs
[2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\xmldm
[2012.04.04 12:41:41 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰c?¨?t???“?e?B?A) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰©¨ƒtƒƒ“ƒeƒBƒA
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
< End of report >
Extras.txt Code:
OTL Extras logfile created on: 01.07.2012 03:25:00 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free
14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BD6421-75B7-4459-983C-A47E17169199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0627699A-4245-4FDD-A787-D0ECB4F02680}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D483153-E4D0-4D8F-AC18-6D744F4982E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{0F6516E8-BDED-4A08-A6EB-0744DF0C3094}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{244EC3DF-C507-41B0-BF54-84E6974CE9EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27AC1C97-6260-44F7-9096-7918D82F32A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A288C99-722C-44F7-A6B9-ED47D408E4CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A4CA51D-FF00-4A00-BEDD-7D4D0F67F36B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47A9A33A-8C53-4F9C-9841-AA3059E476EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A33861C-850E-4853-9328-B44C75EF8A7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CE746FD-BD5F-4B5B-9CFC-E6A9A6B197B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50664960-2CAC-42FD-ABC7-1B9BECA4732A}" = rport=138 | protocol=17 | dir=out | app=system |
"{595EA277-4CE2-4E21-B435-69452FB2E163}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F04AD9A-9B7D-46A2-AF17-8BC1D4C88C65}" = lport=138 | protocol=17 | dir=in | app=system |
"{86251A9C-079E-4B74-9DB9-6D4E146E2879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{866AF15B-41F7-4408-8622-5BEE61D3E357}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2DFE449-4B0B-4891-82C3-4BA7BCC92C64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9927BEC-A512-4555-8F00-0E68988A1E9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC2D6D8A-1C38-4A9F-B0FC-D6C653881E57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B00CFD1F-8678-47FC-9B52-85C4F78E95B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1A8D6AE-E878-49C7-B526-F510231F02A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2020B31-9205-412C-8D2B-72E5DE3EA04D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEE2B6A9-17FE-4438-98F5-00480B2953E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00534385-05CE-45A1-800F-F3E5A6864E79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{006FF172-1A7A-4465-9F16-C91BBCF5004A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe |
"{03D8DD7C-29C0-4945-AE01-62C5F368DADC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{064E4C26-FBA3-4CE8-A039-BF23D3C7DB5C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{06A1E8D9-8F95-4602-9199-DEEBA8A84F14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084D29A9-C444-44F0-96ED-DA9EB1069C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{08607C4C-7629-4510-B643-8C3B44BE247C}" = protocol=6 | dir=out | app=system |
"{08FCDCE3-8205-4187-AABE-335D3E540E05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{0C5FB6BB-6D4A-4284-969C-73291E49F9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0E18CF28-E25A-4FE8-B120-BDBE284F8E17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{10BB2CF6-26DC-4EAF-ABDD-83B74D195889}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{115F6DDC-9222-423E-A8DD-E08284C34586}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe |
"{1396CFCD-2654-4DEC-972E-206A54C5F154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{15266A35-9CE1-49A8-8C4D-DE79F5BAFD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe |
"{18D018A2-0119-48E3-A6F4-9965F528AAA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{1CEB6AF0-DBDB-4EDD-A982-37F40F254E49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1D873190-38BD-4817-8360-D3C2748F5337}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{1EF01D4D-99C6-498B-8E60-5AB70D09800F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF5A11D-49BE-4D8A-A42F-7A27B1B5BBC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{238A5521-8CC2-481B-9E98-80193A167BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{238B5B29-CA5C-4FA8-AE07-6BF022D3B20D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{25EB909C-E496-421D-978F-8300DCB813B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{2679FFE0-A175-49B6-BB3C-233CAE8E69F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{2904DF75-F637-49ED-BFB3-97C4DE13D4F9}" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"{2A720F21-0C04-45FD-82EF-B3F6DE44AEC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{2A90C7FA-83D5-413D-9FD6-F6E787BA843A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2BC166CB-ED3D-40A0-A4F4-A2A7AD639049}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{31AF088E-D323-49D7-85AE-6238E730D2E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{3273DBBF-C4AB-4630-9F9C-F2CB1FEDCD56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{32863A36-671A-43A0-9D2A-93BFD1BC9A22}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{32C284C9-ED68-4815-BE8A-C266927E088F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{32F41B10-11B6-4442-9BAC-20F5314A402E}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{338644B3-1DAA-4FCC-9F5C-1066CF56825C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{3904944A-65D1-4B9B-A4C2-9FAC814D3D90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{39643916-86F9-4486-A53B-CF5F1C9A6D44}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39BE4777-AD56-4F49-900B-5EAB38BA3CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{3B78E905-919D-4F13-A67E-B281C7DBD70C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{419DBE59-D692-4036-A029-7769E0AB82B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{41C6B382-9166-424B-8B40-9006F354416B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{41EF00CA-B0E1-40CE-ACFC-E9C65427B902}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{42CF59A9-0493-4953-BE3F-C4EC1BF6FA2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{433CA14E-FEA6-40BE-802F-400B4D4C2643}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{436D593A-2DA5-4328-B63D-184560173F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{47ACF98F-6221-43F5-BCCA-B2D678D7D532}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{4B3E0D54-0F6F-4101-BBA8-F0A1A95AD499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5184550D-0F03-4935-98CC-5671389E79FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B55E8BB-D630-4F7F-9F9C-9069AEDB7DD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C28F615-4AFF-4ED1-8F1E-41D3EA36283B}" = dir=in | app=d:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe |
"{5C3BE4C1-4B1A-4B03-90A6-4D805F68A7AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D802442-B655-4243-BF6C-13B3F62016E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{645F22DB-974E-4C28-961E-4B3604FF0E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{64C5848E-A6E3-4D2B-894B-517C607A43D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{65C0EE70-6496-4EDB-A9AA-74EA833ECC45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{68E0A762-8238-4554-A7E9-703A407DD103}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{68F0DF8B-D80D-459A-BAEF-04D1ED8C572D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{690956A7-1EBA-495D-BF48-A815816409F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{6B79DCFE-5992-468D-A845-47118DDAA03F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{6F49E621-D643-44C4-965B-BC6D6D5A9CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{70C82377-64F2-4635-B1D5-7061BEF14559}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7122B725-87BB-4728-9992-21DB6069A978}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{736B05FC-7E6D-48DF-B008-8A5DA1AB08B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{75D686E5-D685-4F80-BDD2-0308970DB2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{7C225BBF-60D4-4CA6-A1D0-D97EBAA0EFF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
"{7D8160B7-3714-46B0-8491-4C086BF36F6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{82BBC64A-8380-4ACF-A7DF-6F98263FA06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{84F633D8-A6EA-46FC-9A63-E3CBC66CB670}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{86ACB5F7-45B1-4B9E-8845-80509996F4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe |
"{8720065A-C9EA-44C2-8786-7E5EE311B410}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{873D00A9-13FA-417F-A96C-075368C0BD77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{8927DF51-4489-488D-AEF6-6EF1F13CA77E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{89C10380-75AC-4A3C-92C4-013E268A25E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{8E2FE7B3-FF00-4805-8AEE-0781085F9B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8F1383CC-74DA-400A-A62D-9B8395D904BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91100486-8A3B-41EB-8E35-971E60D3CB27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{91A180D3-150D-4863-8B03-F935EF5CEDFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92CAA75B-DC3B-4A05-9356-CC212005599C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{92F91979-2AF3-4A79-94A4-66975DDDD04F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{93BCD280-2568-4251-AA4E-06F384A7B48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{943DE906-C7FA-4379-8E22-25092D7BE992}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{951847AA-39D0-428D-98FF-28E0AB48F63A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{98DB6A0F-0295-4676-B7AD-CC3AE5BC5CAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B061228-F9E0-4878-AD47-D7C2D6EA697F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9B54050D-B857-43A3-9CEF-6FEE1239882A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{9B7BA2BC-E1BB-455C-AF36-B011FBD749E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{9D74CAF2-A44B-4C03-B23A-900606A2B868}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{9E798239-B1E2-46A4-871D-BA5BF47400FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{A05C8C27-CD15-4D6A-B2E5-55DB596A7233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{A07B31B9-A85E-4E5A-A452-E52C508C4E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe |
"{A102737C-8465-4C59-BD78-1F6D97E6B4BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{A32C9534-4624-462A-B40C-DD0C054FDC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{A3CFCBA4-FC14-4B1E-9619-77A126EB0809}" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3F177C7-B29C-43F2-8807-DA3F18EAD06F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A79EB65E-587F-4C34-9F15-B10B83461A6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7F57BC5-3631-4022-AB0D-86D58D8985B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{A8160CBF-CC7D-4E9C-BE5B-8850119DA93B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A980B16A-3D4A-4C1E-AA92-BB0BED3F8157}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA738BE6-31EE-42A1-BA67-A6241179827A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA747ACD-DC41-4BA6-86B2-CA0F75E50C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{ABCEE1E4-1C9B-4159-AD58-C5EFDA08377A}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{AE805AD9-5ACF-4621-8665-A6AE23AD5977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEA79DD0-9AAC-44D3-95F6-DCE06537C32A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{B1918BDA-28F6-4C66-836E-AB5FB4B0EFCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{B24EFE44-D616-4ADA-A886-7FBE7B0365AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{B26225E9-B54B-4253-995E-88FB2B037A9C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B4218CAC-A536-4673-B86A-C75032203344}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{B4B91D68-F832-4D4F-BD75-D44A49B23A95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{B4C311AA-80AF-4BCD-9B47-21476CAD93E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{B63FCA06-72AF-4D54-BB0E-FCE4E1CBCE99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B71A4AD4-D02F-4FE1-B2F7-7F78F1E48011}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{B870A9B3-495A-4BD1-85E1-C26507CC6635}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B9F6BBCB-E97F-44B7-8100-78EAB6958206}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{B9F97355-3907-4778-8850-E52E1EF59C30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{BA5F1898-DD44-44AD-96FA-921D37B8FC4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{C08BB9F6-31A7-4379-B9CC-CBC43D040A20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{C465B31C-8857-4DF6-BBC2-B5C5E9B3E23C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{C583807C-7F0C-456E-8E51-C209F7AB89A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7AB2A96-13BB-4D02-A3A4-FFEB9DC22E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe |
"{CA36BCCF-A4F4-4392-9D6F-8AA2FD7EB443}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{CA660C46-CEDF-4EEF-92D5-4BB8DBDA510D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{CE57C212-EF3F-47BC-9FCF-9939466E1724}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{CEB3E46F-2D7D-4EA4-8357-8BB13E1D47CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{D14A862F-B7CE-48BC-9F18-9E65C043ECD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D2A65512-145C-4C11-9D38-002AB4C04D07}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D30B9CC8-BCFE-4BED-92FB-FD84A5F96203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3243FA0-BB52-4842-8016-BAD9E764C1F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{D61E0E56-223D-4F5B-B9DE-9BC4DF750EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{D95351DC-A9D5-49BA-B00A-5D079364CC43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{D9EC0D27-2D40-434B-ACF8-E2637292D5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe |
"{DA5254A1-C951-4ACA-A6BF-188AE061D759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{DA7E7493-98AF-4043-A50A-01ADD55AD15E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{DD4BB57C-D9DF-46BB-9768-AEB762F604F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDF9EB9F-81BE-4B77-A186-DAA5F9F0C23C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{DEE1BE25-9B8B-4BDB-8D6C-17C44DA58030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{E1366063-BFD3-4BF3-A8EC-BEB0556738BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{E23C524F-4B5C-4ED3-9F20-9B958178DF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E2B7A63C-DA7A-420F-80F5-B5108095E720}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{E5E6CD25-3646-40A1-8589-28AEBF8EAA32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E86A4CD8-F4A9-4841-8F8A-14F895EE45D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{EC2F5460-05AF-4833-848E-57F8D583596B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{EDE88E3B-11FF-469E-8B1D-5F7D5422C3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe |
"{F26FDCB6-64D7-4DC7-B86F-85FFDDFF6A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
"{F3A6CD5D-A59C-481C-A236-302472D841F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3D0C61D-B1C0-4D0D-AA32-621774340484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F488DEB4-A3EC-499C-B6C6-A35E14223A22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{F4CBDE10-A6AA-4FA4-936B-E6D7EB6E18B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"TCP Query User{00174407-5FCA-45D8-A846-A1C6FEFBE2FA}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"TCP Query User{11D9E804-E1F4-41E8-9897-955C5954730C}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"TCP Query User{1AEF323F-BAC8-489F-AC26-ED6FC1B3BE76}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{1B3B8988-0D01-4832-AF55-08177A9168EB}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{20D3AD1F-4BA4-41DB-98D4-97C0100A94CB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{3CBA7197-2C9C-400D-AE8D-9BE718D2995D}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe |
"TCP Query User{5847F59E-63D6-4819-8B4B-5DE3EDE49081}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{5E39EE41-F221-407A-9911-2842640A3340}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{5EAA90B2-9E61-40F3-8DD5-A5E35146A307}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"TCP Query User{60BE1701-40E0-48A6-B9A8-8E594FAA6FB3}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"TCP Query User{68909700-552A-4848-BD49-2837322FB6C4}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{6A72D4ED-500E-4E0B-8771-F069EFBD4F79}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"TCP Query User{7E3EF718-FBA9-47E0-B938-C046A793FBFD}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{81E57A9E-E980-41EA-807A-B2C5A20272C8}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"TCP Query User{8CDD95B8-7E96-4902-8B81-C582B04DFCFB}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"TCP Query User{9A746F4B-4555-4C25-A830-EC9DE4648D96}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"TCP Query User{A54C7E64-F223-4FCD-9629-BFBE769E4B6B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A73D2DF8-EA7F-4C78-8775-19CD846F3B5D}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe |
"TCP Query User{ABBB2091-7BB7-47B2-956E-5AF55939C9F6}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{B048FD5C-B32C-42E2-9766-1462B5D4EA68}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{B4BF3197-C670-4A9E-870F-AADEBB1486DF}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe |
"TCP Query User{B890C5F0-9700-4023-8E7C-39C30B23D276}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{B8D3E778-5142-426E-889E-BE1859CB91AF}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{C4BF8C17-67FD-4574-8FA1-5587A3D439D5}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{C93926EC-E028-4AD7-B3EF-31740583EC5F}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{CEE77FB8-0183-474D-809E-995C13827875}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{CFAA479C-6C69-48E9-A2AE-7A1E7DF6AFE3}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{D64180FF-BDE0-45D3-AEA6-9E60E04B8704}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"TCP Query User{DC147686-F520-4B87-A309-53ABA3107C04}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"TCP Query User{DCB318ED-2A54-4737-96B9-D9A7179E0322}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DD94203B-5C3E-4940-809A-8B24E11C6114}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"TCP Query User{E54E424D-D57E-4359-A703-D8BA0E46F985}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{E5760DB1-0605-4D37-A949-56787190E6F4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E7077C85-9AAB-4DEC-949C-13E149B11E82}E:\jskfcatserver.exe" = protocol=6 | dir=in | app=e:\jskfcatserver.exe |
"UDP Query User{06268F4A-0A52-4BF0-8CC0-2CADC1CA7C7E}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"UDP Query User{1320CDD1-C192-4D29-813D-492A101C7A52}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe |
"UDP Query User{166FDF7D-5138-485D-8A65-C73A2704F0AC}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{25E2BCC0-6BF1-49CB-9B66-E892218634BE}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"UDP Query User{3006C2B3-2AC6-49AA-9005-68B727450D7D}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{35E87FD1-9AEA-44D3-A348-E80E83159D2A}E:\jskfcatserver.exe" = protocol=17 | dir=in | app=e:\jskfcatserver.exe |
"UDP Query User{39491388-02EE-4DC5-8E70-0176EBBF5734}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{3B6863B1-ED9D-45D8-82C4-90A6ED835C71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{421F2EB8-E976-48DD-80CD-0B972D54A5A3}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"UDP Query User{4997E979-0565-4904-AD86-5A7F5C2C238D}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"UDP Query User{57B574A9-1B0A-49AF-97D7-A85866AC37BC}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{6053DE18-66DF-402F-A03A-50861859449C}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{63A9392F-15E9-4BB7-86BC-02DD31075798}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"UDP Query User{6737470F-2CD5-41DC-99F2-5157C22C5A6F}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{6B0B463F-EA65-4C4A-BD5E-7E4BF5300CFE}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{6F5939AD-B89D-4A7B-8DCF-03A8F39AEB80}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{6F9D5BE8-2822-4858-8BD2-CC955C3C10DD}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{7215162F-BEE9-4E0D-A618-871A5250CACE}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"UDP Query User{787E9419-23B8-4821-9317-951298CBE72B}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"UDP Query User{7AF95BCA-3AED-47C6-8816-8AA5718B15DE}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe |
"UDP Query User{89FA4536-259A-46B2-B45A-4656D9743CBA}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"UDP Query User{92D91A86-39B4-461A-8E91-C5C408218AE0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{940012CE-1A38-449F-9E1F-62E6D4FC24A7}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{975FAE45-A115-452B-A13A-7C0548BBCFDF}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{99CEF612-B531-4748-8252-4D79EDC3B372}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"UDP Query User{A022DE94-58EB-4764-A2C6-5344030D03D3}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{AA69AF5D-F8D2-48FE-9DFC-149310CBC299}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{BD149A4C-95E7-4501-A407-A2ABBA22F2BC}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"UDP Query User{D67E4604-1B9C-4F86-8A0A-5FB4662537D3}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{E2497D91-E396-44CB-A38D-94D4B45787BD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E2C0393E-2512-4675-9520-883A9DFB5C8A}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{F4A874B7-BC04-4C64-9185-E1E2BA02EE86}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe |
"UDP Query User{F5E1E014-2323-4337-8B62-915E8962C487}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{FA487F95-CBC5-4B6B-BEC8-96B8CAA2AC88}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{34565B7E-F28D-BEEE-75BB-06E7659FC76F}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{617C7445-9152-3B2D-5618-117323D728E0}" = ccc-utility64
"{645C958A-F505-A126-F618-DDF4F9C3FE43}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0315398D-7266-AB1A-D7DB-03B5ECB4B126}" = CCC Help Portuguese
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E66EC48-9DFD-0A60-A391-3A15D2F26696}" = CCC Help Japanese
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{113DE365-7DB5-6E66-DC10-CF8A3E5BEC74}" = CCC Help Chinese Traditional
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12109DE2-D313-3456-4C6D-2F1283554D28}" = CCC Help Danish
"{140347A0-4A0C-44FC-9CA1-C8A3471899B7}" = SdRt4200
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19540CBA-3D6C-D1BB-F713-FC6B082E4D1F}" = CCC Help Greek
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B3F8894-DC2F-AE2F-548C-BC7786F199FE}" = CCC Help Czech
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FB31D8B-476B-AECB-4831-21D65E28AF7A}" = Catalyst Control Center Graphics Previews Common
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{2580F3D5-CA0A-2D65-EA68-70F433B85146}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{333AE6EB-2EDC-11D7-AAED-001060294115}" = IQ Marathon
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36285812-1E91-CA80-B1E6-E305348621FE}" = CCC Help Dutch
"{36B3F8D7-F1C7-4558-A348-7C8171BB6404}" = ガジェット トライアル
"{37A58B85-C98F-11D5-B694-00E07D72A995}" = RM2K Mp3 Patch v1.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{394A362F-26A0-4F6E-BCFA-4564FB24E0BC}" = Quarry
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{467CDF2F-AB27-4E91-814A-96AA8FBDC61D}_is1" = Zombpocalypse 0.9.2
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C3E47E-C1BB-11D7-9E00-0004769EEFEB}" = Building Panic
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27A271-351E-72DC-BD22-06A46243F2A5}" = CCC Help German
"{4ED9CBC6-14B7-4E2A-BF42-E6DD63E722C9}" = KISSsoft 03-2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5684A50E-D6B1-5593-E292-72EFFF18197F}" = CCC Help Russian
"{5782EF38-8F32-4B9C-9A86-12877A93D8FE}" = Gatling Gears
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C0E6D2-EA46-4765-A943-126EAF3C9D62}_is1" = Metro 2033 by O22y
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7EA2ACE0-9281-137B-D513-8B64A846A401}" = CCC Help Turkish
"{800F3931-0773-4BF2-ACF3-DF0A9CF2528D}" = Koihime_Musou
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8653955E-3E81-DD1E-C159-B9042649EA09}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AD9101-1F8A-1A9C-B54C-49EA654FCD03}" = CCC Help Italian
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FF1D21-3C31-C7DD-5201-7F91805706C2}" = CCC Help French
"{93A6108B-997A-FFE1-E304-31204DAAAA7C}" = CCC Help Korean
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93EC173C-7811-44B6-8760-9515C0893A65}" = Duel 2
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9C5551-2674-19BD-2BCE-24BF05908E03}" = CCC Help English
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4ED0A4C-E9E1-78CF-59D8-C42BBB9ACDC5}" = CCC Help Finnish
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6EDBA96-E5CF-EA2B-BEC1-005592B9358E}" = AMD VISION Engine Control Center
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2B30220-BEA5-4834-BD6C-54779C393814}" = ミクキス
"{D3CD7848-5C54-0C58-CB65-9A9B74AA3C2A}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6DAF6F2-2ABF-83FE-B5C0-7C07711D9AA8}" = CCC Help Polish
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7A7E557-2EB9-4075-9C0C-D889A7690C36}" = KISSsoft 03-2011-DEMO
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DC26D0EF-06F7-9DC8-5E1F-AFEF20F8E7FC}" = CCC Help Spanish
"{DD5EF061-240A-DF5B-1B6A-A7E38733216D}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF10A0FC-1508-EF3B-AF9D-943B7AEDB967}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F73498A2-499B-4423-986E-90F99348609F}" = STEINS;GATE
"{F7506A7D-2FED-07D9-60A6-E0832A42A3DA}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9D85C9A-4E99-8115-41DA-9427FD77AFD5}" = Catalyst Control Center Localization All
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF54932F-5852-49B4-A614-5E2DAFA8505E}" = Virtual Playtable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF85AD26-D09A-11D6-AAED-0004769EEFEB}" = Gonzo Heads
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
"BitTorrent" = BitTorrent
"Blip Blop" = Blip Blop (remove only)
"C64 - Classix GOLD" = C64 - Classix GOLD- Version 1.00
"Catapults" = Catapults
"Cave Story Deluxe" = Cave Story Deluxe
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Omen" = Dark Omen
"Desura" = Desura
"don't take it personally, babe, it just ain't your story" = don't take it personally, babe, it just ain't your story 1.1
"Dr. Harrison 3.2D" = Dr. Harrison 3.2D
"Earth Defense Force Insect Armageddon_is1" = Earth Defense Force Insect Armageddon
"English Patch for Gadget Trial" = Gadget Trial English Localisation
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"facemoods" = Facemoods Toolbar
"Front Mission Evolved_is1" = Front Mission Evolved
"GOM Player" = GOM Player
"hedgewars" = Hedgewars
"Horo_is1" = Horo
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Igneous_is1" = Igneous
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Katawa Shoujo" = Katawa Shoujo
"Magic Table_is1" = Magic Table 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 3.0.79 (remove only)
"McAfee Virtual Technician" = McAfee Virtual Technician
"MinecraftCrack1.0" = MinecraftCrack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Neva" = Neva
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PricePeep" = PricePeep for Internet Explorer
"Rainmeter" = Rainmeter (remove only)
"Retro Classix" = Retro Classix 1.0
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"Sheep" = Sheep
"Shira Oka - Second Chances 1.1.2" = Shira Oka - Second Chances 1.1.2
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 13000" = Ninja Reflex: Steamworks Edition
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18070" = The Baconing
"Steam App 200130" = Puzzler World 2
"Steam App 200910" = Sequence
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 209370" = Analogue: A Hate Story
"Steam App 209830" = Lone Survivor
"Steam App 211740" = Thief 2
"Steam App 22610" = Alien Breed: Impact
"Steam App 2450" = Bloody Good Time
"Steam App 26800" = Braid
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31270" = Puzzle Agent
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 35700" = Trine
"Steam App 3830" = Psychonauts
"Steam App 39800" = Nation Red
"Steam App 40800" = Super Meat Boy
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 61700" = Might and Magic: Clash of Heroes
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 63800" = Delve Deeper
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70420" = Chantelise
"Steam App 7500" = UFO: Afterlight
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 91600" = Sanctum
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99810" = Bulletstorm
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Turok 2" = Turok 2: Seeds of Evil
"Utawarerumono English" = Utawarerumono English v1.1
"webmmf" = WebM Media Foundation Components
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WTA-33136f14-14d5-4ebb-981f-08769c59bc06" = Plants vs. Zombies - Game of the Year
"WTA-374b417a-7ab2-4208-b04b-b02671fdb430" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-41fcabba-9a7c-4d0c-a98f-4329bafed165" = Zuma Deluxe
"WTA-59d9f67f-d8bc-44bd-b780-f38fc7e94292" = Final Drive: Nitro
"WTA-6f151802-11ed-45da-9651-6ab9139150b1" = Penguins!
"WTA-726c3834-2637-4929-a672-e61956d4594e" = Wedding Dash 2 - Rings Around the World
"WTA-9b2342f1-6586-40ff-92da-58d81ac97fed" = Polar Bowler
"WTA-9fb812a3-ceb4-4c33-b4b1-42974266670d" = Bejeweled 3
"WTA-be61410d-7566-49cf-8d8c-69b79428f30b" = Insaniquarium Deluxe
"WTA-cff1b0c3-8ffa-4a6c-8e20-55e049ec7984" = Diner Dash 2 Restaurant Rescue
"WTA-d53a5529-9cbe-4f77-8d3c-6a459faffb68" = Chuzzle Deluxe
"WTA-d5ede00c-bc16-4fe2-a6f0-3fde9f818086" = Bejeweled 2 Deluxe
"WTA-d9642135-b49a-48b4-81ad-b6c7d9307155" = FATE
"WTA-fb3fe861-3c7d-4ab0-8459-27d6fefa707f" = Slingo Deluxe
"X-Force_is1" = X-Force: Fight For Destiny V0.915b03
"Xuse 永遠のアセリア - この大地の果てで -" = Xuse 永遠のアセリア - この大地の果てで - (Remove Only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ダイバージェンス・メーター スクリーンセーバー" = ダイバージェンス・メーター スクリーンセーバー
"ダブルスポイラー_is1" = ダブルスポイラー ver 1.00a
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Castlevania - The Bloodletting V.1.3 BETA" = Castlevania - The Bloodletting V.1.3 BETA
"Dropbox" = Dropbox
"Hornado_is1" = Hornado 2.0
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"UnityWebPlayer" = Unity Web Player
"Wajam" = Wajam
"YSF_WIN" = YsF
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2012 04:09:29 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPhotoGallery.exe, Version: 15.4.3538.513,
Zeitstempel: 0x4dcdb214 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001faa0 ID des fehlerhaften
Prozesses: 0x2b2c Startzeit der fehlerhaften Anwendung: 0x01cd3ca934258eac Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 720e21a5-a89c-11e1-a0b3-e89a8f8efd81
Error - 28.05.2012 14:34:35 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 16:15:33 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpc-hc.exe, Version: 1.5.3.3514,
Zeitstempel: 0x4e3453bc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x1f7c Startzeit der fehlerhaften Anwendung: 0x01cd3d0e30e99edd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: e054b603-a901-11e1-885d-e89a8f8efd81
Error - 29.05.2012 21:32:53 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 11:37:26 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 31.05.2012 10:44:08 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: Flash32_11_2_202_235.ocx,
Version: 11.2.202.235, Zeitstempel: 0x4f9af5a5 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00420569 ID des fehlerhaften Prozesses: 0x1d78 Startzeit der fehlerhaften Anwendung:
0x01cd3f34a1e29fb7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
Berichtskennung:
130b95e4-ab2f-11e1-bc9a-e89a8f8efd81
Error - 31.05.2012 14:44:44 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dungeons of Dredmor.exe, Version:
0.0.0.0, Zeitstempel: 0x4f7bc61d Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002dfe4
ID
des fehlerhaften Prozesses: 0x217c Startzeit der fehlerhaften Anwendung: 0x01cd3f5a9ebc6bf8
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\dungeons
of dredmor\Dungeons of Dredmor.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
b00b7d42-ab50-11e1-bc9a-e89a8f8efd81
Error - 01.06.2012 17:39:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: cd0 Startzeit: 01cd3e7a76f265c1 Endzeit: 83 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 4b4da3a6-ac32-11e1-bc9a-e89a8f8efd81
Error - 01.06.2012 22:28:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2b9c Startzeit: 01cd406763bff551 Endzeit: 35 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 07:19:15 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6020 Startzeit: 01cd406df899ee44 Endzeit: 184 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 10:32:03 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce78e2b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften
Prozesses: 0x5848 Startzeit der fehlerhaften Anwendung: 0x01cd40cc7699be54 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\cmd.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: b7d2c13a-acbf-11e1-bc9a-e89a8f8efd81
Error - 02.06.2012 15:32:58 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3fd0 Startzeit: 01cd4040df8b96a2 Endzeit: 1986 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 16:25:08 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 06:09:22 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pglclock.exe, Version: 0.0.0.0, Zeitstempel:
0x4c745d5f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000533dd ID des fehlerhaften
Prozesses: 0x20f0 Startzeit der fehlerhaften Anwendung: 0x01cd4170f1ea2352 Pfad der
fehlerhaften Anwendung: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\pglclock.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 305ccfe1-ad64-11e1-afde-e89a8f8efd81
Error - 03.06.2012 06:11:38 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm xtop.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgefuhrt
werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1734 Startzeit:
01cd4170db3daaf4 Endzeit: 85 Anwendungspfad: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\xtop.exe
Berichts-ID:
7c0a7a8f-ad64-11e1-afde-e89a8f8efd81
Error - 03.06.2012 10:15:33 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 18:00:29 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 18:05:39 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c20 Startzeit:
01cd41d4be2b025b Endzeit: 34 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 03.06.2012 18:11:45 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 40c Startzeit: 01cd41d4470bacde Endzeit: 44 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 15c98220-adc9-11e1-9231-e89a8f8efd81
[ System Events ]
Error - 30.06.2012 18:29:29 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 30.06.2012 18:59:36 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
Error - 30.06.2012 19:03:11 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 20:47:46 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
< End of report >
und der Full Scan Report von MBAM Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.29.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Melfice :: BRONGAA [administrator]
01.07.2012 00:57:56
mbam-log-2012-07-01 (02-40-56).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 568456
Time elapsed: 1 hour(s), 42 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Die eigentlich geforderten dds.txt und attach.txt konnte ich jedoch nirgendwo finden.
Danke vorab für Hilfe. |
