| ichhaueuch | 04.10.2010 19:46 |
Also mit alle Programme schliessen habe ich verstanden "Anwendungen" unter Task-Manager und alles was ich auf habe wie Ordner ...
Schritt 2 :
OTL.Txt :
(Name raus geschnitten) Code:
OTL logfile created on: 04.10.2010 19:49:43 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 395,77 Gb Free Space | 68,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Name-PC
Current User Name: Name
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
PRC - [2010.10.02 18:51:54 | 002,937,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2009.10.07 19:08:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Name\Program Files\DNA\btdna.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
========== Modules (SafeList) ==========
MOD - [2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.09.23 16:44:56 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.10.07 15:49:34 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.07.10 03:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 22:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010.09.28 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101004.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.09.28 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101004.003\NAVENG.SYS -- (NAVENG)
DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100915.004\IDSvix86.sys -- (IDSvix86)
DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.04.28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010.03.14 21:49:49 | 000,068,680 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva337.sys -- (XDva337)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.16 18:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.10.29 18:33:45 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009.02.19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 18:46:08 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.06.09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.03.12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.06.24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch TC Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trojaner-board.de/91425-t...tfernbar.html"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.03 19:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.03 19:21:05 | 000,000,000 | ---D | M]
[2008.11.08 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions
[2010.10.04 19:49:12 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions
[2010.05.09 16:42:09 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2010.09.17 18:45:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.07.23 12:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.10 15:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.22 21:05:14 | 000,000,000 | ---D | M] (Softonic Deutsch TC Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\nasanightlaunch@example.com
[2008.11.08 13:05:51 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\toolbar_extras@de.yahoo.com
[2010.04.21 12:45:26 | 000,000,941 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\conduit.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-1.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-2.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-3.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-4.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-5.xml
[2010.03.19 17:08:25 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-6.xml
[2010.05.08 14:56:31 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-7.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin.xml
[2010.05.08 14:55:39 | 000,001,759 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\live-search.xml
[2009.09.02 15:26:26 | 000,002,137 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\MyStart Search.xml
[2010.05.08 14:55:39 | 000,003,970 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\sweetim.xml
[2010.10.03 19:21:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.15 11:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 17:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.03 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.02 18:51:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.05.09 16:27:58 | 000,001,095 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 bin-layer.de
O1 - Hosts: 127.0.0.1 layer-ads.de
O1 - Hosts: 127.0.0.1 imgserv.sponsorads.de
O1 - Hosts: 127.0.0.1 hxxp://www.qzmeds.com/index2.html?c=79&kw=germ
O1 - Hosts: 127.0.0.1 hxxp://www.travian.de/?ad=10235_2222201222&ce_cid=000xQF75l5I11IvkOa2zmFNTOm000000
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch TC Toolbar) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch TC Toolbar) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch TC Toolbar) - {F1AE9383-9442-4E9C-AB8C-D441FD0021CF} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Name\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk = C:\Programme\MultiRes\MultiRes.exe (EnTech Taiwan)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Name\Desktop\Sonstiges\Yod'm 3D\desktopwallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Users\Name\Desktop\Sonstiges\Yod'm 3D\desktopwallpaper0.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.20 17:30:38 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 90 Days ==========
[2010.10.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2010.10.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.10.04 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Sachen-Mitnehmen
[2010.10.04 17:12:10 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Backups
[2010.10.04 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (8)
[2010.10.04 15:43:03 | 000,000,000 | ---D | C] -- C:\xampp
[2010.10.04 15:37:46 | 053,670,736 | ---- | C] (Apache Friends) -- C:\Users\Name\Desktop\xampp-win32-1.7.3.exe
[2010.10.04 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (7)
[2010.10.04 13:46:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.03 19:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.03 19:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.10.03 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (6)
[2010.10.03 12:57:30 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (5)
[2010.10.02 23:11:05 | 000,000,000 | ---D | C] -- C:\Programme\MultiRes
[2010.10.02 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Warrock Mod
[2010.10.02 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Softonic_Deutsch_TC
[2010.10.02 21:27:09 | 000,000,000 | ---D | C] -- C:\War Rock
[2010.10.02 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokemon
[2010.10.02 17:06:24 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokemon Platin Save Editor
[2010.10.01 19:19:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.01 19:17:56 | 000,000,000 | ---D | C] -- C:\Programme\XnView
[2010.09.29 01:28:25 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Wbb2.1
[2010.09.27 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Warrock Hack
[2010.09.25 15:07:51 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (4)
[2010.09.23 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokereich.tk
[2010.09.23 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (3)
[2010.09.22 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Wbblite
[2010.09.21 17:55:54 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (2)
[2010.09.11 22:51:50 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\NFS Carbon
[2010.09.11 22:17:18 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner
[2010.09.11 22:07:50 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.09.11 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Datel
[2010.09.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground Demo
[2010.09.06 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\PackageAware
[2010.08.22 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IrfanView
[2010.08.22 17:14:56 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.08.19 23:53:35 | 000,000,000 | ---D | C] -- C:\Pokewitch
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Sony
[2010.08.04 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\Navicat
[2010.08.04 19:51:08 | 000,000,000 | ---D | C] -- C:\Programme\Metin2_Germany2
[2010.08.02 19:31:47 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Videos & Musik von Youtube Converter
[2010.08.02 00:16:02 | 000,000,000 | ---D | C] -- C:\GMouse20
[2010.07.26 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010.07.24 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 11:57:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.07.11 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\GTA San Andreas User Files
[2010.07.10 15:40:42 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.07.07 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\TeamSpeak 3 Client
========== Files - Modified Within 90 Days ==========
[2010.10.04 19:49:07 | 003,932,160 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT
[2010.10.04 18:47:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 18:47:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 18:42:34 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Systemprüfung ausführen - Name.job
[2010.10.04 18:42:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.04 18:42:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.04 18:41:55 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 18:00:01 | 000,065,536 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.04 18:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.10.04 17:59:46 | 001,871,188 | -H-- | M] () -- C:\Users\Name\AppData\Local\IconCache.db
[2010.10.04 17:46:42 | 008,345,892 | ---- | M] () -- C:\Users\Name\Desktop\Pokereich.tk.rar
[2010.10.04 15:46:17 | 000,922,649 | ---- | M] () -- C:\Users\Name\Desktop\7z465.rar
[2010.10.04 15:46:09 | 000,939,956 | ---- | M] () -- C:\Users\Name\Desktop\7z465.exe
[2010.10.04 15:40:25 | 053,670,736 | ---- | M] (Apache Friends) -- C:\Users\Name\Desktop\xampp-win32-1.7.3.exe
[2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.03 19:36:07 | 000,000,808 | ---- | M] () -- C:\Users\Name\Desktop\CCleaner.lnk
[2010.10.03 19:21:06 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.03 19:10:38 | 000,000,892 | ---- | M] () -- C:\Users\Name\Desktop\TaskMan - Verknüpfung.lnk
[2010.10.03 12:54:54 | 000,000,862 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.02 21:33:14 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.10.02 21:15:31 | 684,385,904 | ---- | M] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.02 17:16:02 | 001,741,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.02 17:16:02 | 000,737,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 17:16:02 | 000,697,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 17:16:02 | 000,168,994 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 17:16:02 | 000,143,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.01 22:14:14 | 000,001,536 | ---- | M] () -- C:\Users\Name\Desktop\NO$GBA.INP
[2010.09.28 15:55:20 | 000,000,937 | ---- | M] () -- C:\Users\Name\Desktop\HackSearcher Version 3.0 - Verknüpfung.lnk
[2010.09.27 16:43:23 | 000,541,948 | ---- | M] () -- C:\Users\Name\Desktop\sasasd.png
[2010.09.27 16:37:03 | 000,000,915 | ---- | M] () -- C:\Users\Name\Desktop\FileZilla.lnk
[2010.09.27 16:20:18 | 000,013,037 | ---- | M] () -- C:\Users\Name\Desktop\vorschau.png
[2010.09.26 19:49:39 | 000,000,562 | ---- | M] () -- C:\Users\Name\Desktop\xampp-control - Verknüpfung.lnk
[2010.09.25 17:25:23 | 000,000,680 | ---- | M] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2010.09.23 17:14:57 | 000,001,868 | ---- | M] () -- C:\Users\Name\Desktop\Paint.NET.lnk
[2010.09.22 17:21:33 | 000,070,144 | ---- | M] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.18 00:07:19 | 000,006,983 | ---- | M] () -- C:\Users\Name\Desktop\NO$GBA.CHT
[2010.09.14 13:16:14 | 000,000,680 | RHS- | M] () -- C:\Users\Name\ntuser.pol
[2010.09.12 15:52:58 | 000,326,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.12 02:09:26 | 000,524,288 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 22:45:48 | 000,000,058 | ---- | M] () -- C:\Windows\nfsc_patch.ini
[2010.09.11 22:43:49 | 000,001,975 | ---- | M] () -- C:\Users\Name\Desktop\Need for Speed™ Carbon.lnk
[2010.08.21 19:25:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.18 23:15:40 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini
[2010.08.08 12:44:06 | 000,000,832 | ---- | M] () -- C:\Users\Name\Desktop\RocketDock.lnk
[2010.08.05 13:12:55 | 000,000,600 | ---- | M] () -- C:\Users\Name\AppData\Local\PUTTY.RND
[2010.07.28 18:41:07 | 000,084,856 | ---- | M] () -- C:\Users\Name\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.14 18:07:41 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 19:05:23 | 000,006,034 | -HS- | M] () -- C:\Users\Name\Desktop\Folder.jpg
[2010.07.12 19:05:23 | 000,006,034 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Large.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArtSmall.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Small.jpg
========== Files Created - No Company Name ==========
[2010.10.04 17:46:38 | 008,345,892 | ---- | C] () -- C:\Users\Name\Desktop\Pokereich.tk.rar
[2010.10.04 15:46:17 | 000,922,649 | ---- | C] () -- C:\Users\Name\Desktop\7z465.rar
[2010.10.04 15:46:05 | 000,939,956 | ---- | C] () -- C:\Users\Name\Desktop\7z465.exe
[2010.10.03 19:36:07 | 000,000,808 | ---- | C] () -- C:\Users\Name\Desktop\CCleaner.lnk
[2010.10.03 19:21:06 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.03 19:10:38 | 000,000,892 | ---- | C] () -- C:\Users\Name\Desktop\TaskMan - Verknüpfung.lnk
[2010.10.02 23:12:54 | 000,000,862 | ---- | C] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.02 21:33:14 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.10.02 20:41:57 | 684,385,904 | ---- | C] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.02 18:41:47 | 000,006,983 | ---- | C] () -- C:\Users\Name\Desktop\NO$GBA.CHT
[2010.10.02 18:41:27 | 000,001,536 | ---- | C] () -- C:\Users\Name\Desktop\NO$GBA.INP
[2010.10.01 15:43:27 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.28 15:55:20 | 000,000,937 | ---- | C] () -- C:\Users\Name\Desktop\HackSearcher Version 3.0 - Verknüpfung.lnk
[2010.09.27 16:43:21 | 000,541,948 | ---- | C] () -- C:\Users\Name\Desktop\sasasd.png
[2010.09.27 16:37:03 | 000,000,915 | ---- | C] () -- C:\Users\Name\Desktop\FileZilla.lnk
[2010.09.27 16:20:17 | 000,013,037 | ---- | C] () -- C:\Users\Name\Desktop\vorschau.png
[2010.09.26 19:49:39 | 000,000,562 | ---- | C] () -- C:\Users\Name\Desktop\xampp-control - Verknüpfung.lnk
[2010.09.23 17:13:34 | 000,001,868 | ---- | C] () -- C:\Users\Name\Desktop\Paint.NET.lnk
[2010.09.14 13:09:11 | 000,000,680 | RHS- | C] () -- C:\Users\Name\ntuser.pol
[2010.09.11 22:43:49 | 000,001,975 | ---- | C] () -- C:\Users\Name\Desktop\Need for Speed™ Carbon.lnk
[2010.09.11 22:27:20 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.08.08 12:44:06 | 000,000,832 | ---- | C] () -- C:\Users\Name\Desktop\RocketDock.lnk
[2010.08.04 20:21:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.08.02 00:19:38 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.07.14 18:07:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 19:05:23 | 000,006,034 | -HS- | C] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Large.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | C] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Small.jpg
[2010.05.22 20:54:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.12 22:36:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.12 22:22:30 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.02.12 22:22:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.11.22 01:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Name\AppData\Local\PUTTY.RND
[2009.11.20 15:25:57 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.08.01 19:56:29 | 000,000,552 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d8caps.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.01.01 19:54:11 | 000,000,680 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2008.10.31 15:02:29 | 000,070,144 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.09 19:36:23 | 000,159,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.16 02:14:50 | 000,000,963 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010.02.12 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\AnvSoft
[2008.10.09 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Buhl Data Service GmbH
[2010.02.14 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\CrystalButton
[2009.12.08 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DMCache
[2010.10.04 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DNA
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.03 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FileZilla
[2010.10.04 16:56:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Free Download Manager
[2010.05.08 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\GlarySoft
[2010.09.16 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ICQ
[2010.08.22 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IrfanView
[2008.12.18 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\McLoad
[2010.03.19 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\OCS
[2010.03.19 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Opera
[2010.08.06 22:22:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.08 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2010.05.02 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TS3Client
[2010.05.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TuneUp Software
[2008.11.08 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Ulead Systems
[2010.10.01 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.04 17:59:55 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.08.04 11:38:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.04 18:41:55 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.22 17:42:02 | 739,748,241 | ---- | M] (Igor Pavlov) -- C:\InstantServer_Uploaded_by_Raven[www.metin2u.tk].exe
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.04 18:41:53 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.04.03 14:34:16 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2009.04.20 17:30:35 | 000,001,658 | -H-- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 12:46:22
========== Files - Unicode (All) ==========
[2010.07.07 17:25:11 | 000,000,000 | ---D | M](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
[2010.07.07 17:25:11 | 000,000,000 | ---D | C](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0059.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0054.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0053.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0047.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0031.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0002.avi:TOC.WMV
< End of report >
Extras.Txt : Code:
OTL Extras logfile created on: 04.10.2010 19:49:43 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 395,77 Gb Free Space | 68,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Name-PC
Current User Name: Name
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1257661164-1137624066-1645535895-1001]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117D5882-2BE2-46EA-81F9-3A6A83148310}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19F9EC2C-1410-401D-AFAD-CE854E0E989B}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{1BE3D8DE-B279-469D-B02A-EFC602052786}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{AC25BDB5-3206-43C4-A4F9-1EB90997E92D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E9603A03-DA38-4820-8349-9526FB9E936E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EE7F4357-08CF-4E5F-B29E-BC0ED717E312}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD6362-2791-4F81-8DF1-6CEC8C35B343}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1BA5EC7B-4E6D-4514-BB0A-3474B6C77D89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1DC1F069-95A3-472C-96C3-F36B50E85811}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{255F0879-68E2-4D6F-A800-AAA1F084469C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{258DA858-D0BA-4287-AFCE-DE68E8068828}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{26CCA863-4016-4700-9C4B-AB77EB788576}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{299DAE5B-BD5C-464D-933F-9A1109E06A5E}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{371D9033-D17C-4F8C-B0AE-AE95A720D024}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3883A522-A662-42BA-A4A0-FCF8ACEBD480}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{442B90A3-358D-4442-8C56-540705095AD1}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{45AB1897-5EFF-47FB-AF45-5B45C1AD16E4}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{46C78A5C-7ACC-481B-B471-5912358FE1CD}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"{4A682C5B-255A-4F90-99CE-140070EE0850}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{50F415F5-52F8-444E-882E-9672AB3B3E3A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5270CA1A-B1D0-4C14-91DB-10805CF3214C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{52A00A05-F2A2-47A9-9EC6-8BD160115EEC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5625156C-2546-4C12-877F-BF342DEF9F38}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5AC59CBB-F2C5-49EB-8DFB-AC53DAE962B7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{62421C5C-8824-41C2-A84E-231A2391082D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{653D3D8F-980B-4752-9C6F-091063C05021}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{66675EA0-E6C0-4514-8F0B-ABBAAE4F16D2}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{74BD58D8-DF17-4F8A-B1DD-C90621CC67EA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{75084A91-08D1-413D-92D6-16B7E4D4E43E}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{75A252BD-A244-493B-8C15-A48545214925}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{82BCA3AC-2D19-4577-B9C6-648F20D2AD51}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{83598253-E930-465B-8E09-7596ECDA466D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8505CE8C-9FB9-4CB4-816E-D0EE3F40DE2F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{86F2FFE1-C09D-4F96-AAD5-BFFE96F872F8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8A2C929B-FC6D-4F2B-87BB-904F08A97AB1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8D2EA81F-5892-433E-B713-1610A6F4FBED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{90C7113E-2646-4D32-847C-D278FFFF66D7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{95B569AF-B910-4CAC-AF83-F4A0B7590BE9}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{9B8CC944-131C-4A69-AA11-ACEC70A76D7D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A157F7D1-F6DE-4241-8CCD-2F9DB64D293F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AC6CBBE4-2671-4AF2-AAEC-D23F53F9E068}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{AF342B1D-B1A8-484D-B4F0-FED86575A741}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{B88D4394-74E0-41AD-9B01-F180CDF54B0E}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"{BAEE822B-4692-4E30-BF98-E44F21D64009}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BD070A6A-0C31-4063-A97F-48880C7CCD8C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C5B6B294-BA5D-45A1-80A8-9636AAE28B36}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C5DC6E69-FF7F-4C01-A872-3BB56D6AD0A3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{CCDAD491-683A-4B4E-B9E3-F0426429BF43}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D089AF72-4201-4380-9F3A-95121BD2621F}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{D39951C0-74E3-40CD-B63C-2BEB2A225D39}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DD88D1C2-8B6B-4B5B-9868-6DA535BDB85D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E269A40F-514A-49F5-9956-A78C66EED504}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"{E32D55B1-CD9E-45D8-AE28-B13FF4E6401E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EC5F39AC-0B86-4C12-B673-E52A30CF2D0B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F66DDEBA-F40E-416B-AACB-73D09F9E2836}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{F8580DAA-0F09-4612-9BC4-F1064D183760}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{F906666B-6C4E-4D81-88DB-E1DB66D690F3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{FEB688CC-9C18-4BB9-9F20-AEAC9A8461BF}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{FFFC08BF-EDC9-4E32-92AD-36B42A5F90C3}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"TCP Query User{0A26E5AA-E161-40D2-81A8-C3B46CF6195F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{17C938EE-9549-44FE-B0DD-A54D0E14E01C}C:\users\name\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\name\program files\dna\btdna.exe |
"TCP Query User{1D069E31-D03D-4ED6-9160-257B55161747}C:\users\name\desktop\china client\china client\mc.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\china client\china client\mc.exe |
"TCP Query User{2B5F1504-C904-459B-8BAE-3EF345A76551}D:\program files\metin2_germany\tunamt2_de_s2.exe" = protocol=6 | dir=in | app=d:\program files\metin2_germany\tunamt2_de_s2.exe |
"TCP Query User{2EF868D9-071E-4FD0-8BE3-D5B51999392B}C:\program files\edgmt2\edgmt2.dll" = protocol=6 | dir=in | app=c:\program files\edgmt2\edgmt2.dll |
"TCP Query User{2F64E11F-D24E-4923-B40D-1A39CEA897DE}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin |
"TCP Query User{2F81409D-A868-467A-83C5-06C7362219BF}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{30156BAD-5293-4F9D-9566-AFA7D1E214FC}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{359289FA-4DB8-4E13-9662-FC257BA1B2AB}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin |
"TCP Query User{397E0C3A-10F4-42FB-A3A8-6DF0FBB22B05}C:\users\name\desktop\xtrememt2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\xtrememt2\metin2client.bin |
"TCP Query User{3CCF6697-A76B-44F6-B4F4-7CE4BE17DA60}C:\users\name\desktop\sogmt2 verändert\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2 verändert\sogmt2.exe |
"TCP Query User{44905C6A-DAB3-4BF1-A494-1DD7244351E8}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe |
"TCP Query User{4776C577-5445-49C4-AF42-C29AD44B018C}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{5C51DAC8-A81F-4726-BB2C-161BD77F4DF6}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin |
"TCP Query User{5F1B748E-E314-4FE2-9154-FCFD37FFACB9}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{5F693B75-71A3-4601-BD66-DB9973EE091E}C:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe |
"TCP Query User{65F0F5AE-29AF-4D6B-A1FA-BBADB2616069}C:\program files\edgmt2\mc.exe" = protocol=6 | dir=in | app=c:\program files\edgmt2\mc.exe |
"TCP Query User{71A58A13-3140-436B-A6A8-F40C6A3BCA8A}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin |
"TCP Query User{7974C369-DEB3-48AB-879E-8F195B242BEE}C:\users\name\desktop\xtrememt2\xtrememt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\xtrememt2\xtrememt2.exe |
"TCP Query User{7D55F631-F50D-4261-826B-F144CAA5731F}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe |
"TCP Query User{865E2ECA-71D6-48AB-ADDE-6F495EBBFDA9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{8C61FB44-5AC7-47EC-AA31-2E162808B180}C:\program files\metin2_germany2\mc.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany2\mc.exe |
"TCP Query User{91E15453-5560-49AD-9B2B-DA8E3DB86DD1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{938B6926-C2E7-49E0-8AFB-E63095B06641}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"TCP Query User{96F25078-06C5-4BB8-8305-B5D4C48FB835}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin |
"TCP Query User{98180747-83FC-4605-A326-D8A3A936CD2F}D:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=d:\program files\metin2_germany\metin2.bin |
"TCP Query User{99245EEC-FE8D-45DB-BF83-370C555AC2FC}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{9DACF877-25C9-417F-B4BD-2BF4AE87C785}C:\program files\american conquest\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\american conquest\dmcr.exe |
"TCP Query User{9E005E01-72A5-4A51-8A2B-3D4D3705BA25}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{9E152C0B-02DE-4D54-B876-2043531C74D6}C:\users\name\desktop\portmap.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\portmap.exe |
"TCP Query User{9E930373-9426-4221-9850-E03D43FA55D7}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{A5F718E4-81CB-409B-84BE-ED1ECB8760E1}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin |
"TCP Query User{AF178E75-E060-469D-B852-D33536E208F5}C:\program files\metin2_germany\mc.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\mc.exe |
"TCP Query User{AF385ABB-E6E8-488A-89A0-39EB24E2CA88}D:\program files\dmcr.exe" = protocol=6 | dir=in | app=d:\program files\dmcr.exe |
"TCP Query User{B9905519-EC19-4E3C-8C0D-AB7E19F886E5}C:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin |
"TCP Query User{C1ED7794-6432-4117-8D94-5B9950BCEE72}C:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe |
"TCP Query User{C7E9E1D6-E5C6-4918-8593-8800D512560D}C:\program files\edgmt2\edgmt2.dll" = protocol=6 | dir=in | app=c:\program files\edgmt2\edgmt2.dll |
"TCP Query User{D0CC26D7-5F96-42D1-A96E-2342B35363D3}C:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe |
"TCP Query User{D1601224-6FCD-4565-9E00-D14A56934A94}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"TCP Query User{DD2368B9-7FDA-4448-8179-5F88E858DD25}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{DFC9A664-4F9B-4857-A882-37F4CEB89DFC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{E810C06D-86BB-45F1-B0F2-516F34353112}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{E99C3D24-8A12-4E70-AE9D-09FF8915FF19}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{EB84C35E-26C7-4245-B56F-94B01F56E455}D:\program files\metin2_germany\mc.exe" = protocol=6 | dir=in | app=d:\program files\metin2_germany\mc.exe |
"TCP Query User{EF2D921D-2312-4042-80F4-1738B5F84D69}C:\users\name\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\name\program files\dna\btdna.exe |
"TCP Query User{F04CF7F7-A9C9-4A0E-8C71-79F43344A95E}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"TCP Query User{F6192D2B-F92E-4800-A7B5-C6B2B2491D9B}C:\program files\metin2_germany\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\sogmt2_patcher\metin2client.bin |
"TCP Query User{F87950C1-E7DA-4ACA-BE9E-E55095E93D7C}C:\users\name\desktop\metin2_germany\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2_germany\sogmt2.exe |
"TCP Query User{FDBEE828-8668-4543-8536-9829E16B7231}D:\nexonplug\nmservice.exe" = protocol=6 | dir=in | app=d:\nexonplug\nmservice.exe |
"TCP Query User{FE5E9699-5340-4889-B241-44D14BD13DB9}C:\users\name\desktop\sonstiges\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\metin2.bin |
"UDP Query User{05FABF07-6CF5-4613-85F7-B4D94011E49E}D:\program files\metin2_germany\tunamt2_de_s2.exe" = protocol=17 | dir=in | app=d:\program files\metin2_germany\tunamt2_de_s2.exe |
"UDP Query User{0A80FE4C-5829-40E7-95DB-52A473FA64B7}C:\users\name\desktop\sonstiges\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\metin2.bin |
"UDP Query User{0D408063-F688-4740-9391-6BF75772AB08}C:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe |
"UDP Query User{17921988-2508-4090-A606-AEFBBAA7453E}C:\program files\metin2_germany\mc.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\mc.exe |
"UDP Query User{1BF9211A-1768-4EE3-89E7-F639B894350D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{22DBC134-4761-4DDB-A603-35548AA1BA44}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{26E902E5-D641-4E6D-BCED-B45910AFAA45}C:\users\name\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\name\program files\dna\btdna.exe |
"UDP Query User{2845ED9E-F0CA-421E-B44E-00DE2957A30D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2D95FF2B-4419-4647-8F1C-E346E6EFF2C6}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{2F28B590-FEEB-4A33-8186-9FC5A1E8AF74}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{2FE07098-191E-4F3C-8B5E-9831EBCE38AD}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"UDP Query User{33F4365A-517F-4632-9C08-F434CCD9F7BD}C:\program files\edgmt2\edgmt2.dll" = protocol=17 | dir=in | app=c:\program files\edgmt2\edgmt2.dll |
"UDP Query User{3E95C83E-E06D-4F7D-85EA-94AB2BA46CAF}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4989DEDD-FD9B-43DB-86D0-D3638D04DDB8}C:\users\name\desktop\xtrememt2\xtrememt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\xtrememt2\xtrememt2.exe |
"UDP Query User{52D25E5B-C406-4561-A905-DB7C3A35DCDE}D:\program files\metin2_germany\mc.exe" = protocol=17 | dir=in | app=d:\program files\metin2_germany\mc.exe |
"UDP Query User{544C93C7-F82A-4F7F-AE66-FD5BE05E3C24}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{56B127E4-380B-42C4-BD4D-4DD818BEE6E6}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe |
"UDP Query User{576B6B09-EC54-42FF-882C-A23E4763CD3E}C:\users\name\desktop\xtrememt2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\xtrememt2\metin2client.bin |
"UDP Query User{580D1D87-1C42-42CA-9B7C-785F996241C5}C:\users\name\desktop\portmap.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\portmap.exe |
"UDP Query User{58C818FA-B0C4-4DB4-8D23-8C360EB5D7EE}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{593152F8-6E8D-489A-8400-82A0A7BDEA69}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe |
"UDP Query User{5F6792D5-BDC8-41DC-8DDF-BFCF5C41BC0C}C:\users\name\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\name\program files\dna\btdna.exe |
"UDP Query User{658166AB-0951-49D0-B34A-2212380DCB55}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{668BC7F8-1DBE-465E-89E6-E039D11C282C}D:\program files\dmcr.exe" = protocol=17 | dir=in | app=d:\program files\dmcr.exe |
"UDP Query User{6BB7E432-FCD7-4C4A-93EC-230251ED3733}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin |
"UDP Query User{75545B9A-56AE-4DF8-B2AD-C80BD45E28FC}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"UDP Query User{7ADF1994-1E39-45E9-B661-F00F66AD49AE}D:\nexonplug\nmservice.exe" = protocol=17 | dir=in | app=d:\nexonplug\nmservice.exe |
"UDP Query User{8D80E1D8-1A2F-4EC1-9617-FC2ED25A1092}C:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin |
"UDP Query User{8EA9EC15-32A0-44AA-9B56-67D2E643C8D4}C:\program files\metin2_germany\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\sogmt2_patcher\metin2client.bin |
"UDP Query User{91766AF9-8F90-491F-AEC5-72844DAF4768}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin |
"UDP Query User{94318F12-8060-45EE-B16C-78A86E92A45B}D:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=d:\program files\metin2_germany\metin2.bin |
"UDP Query User{9FF00482-EB5A-4877-A8AC-3813C9007841}C:\program files\edgmt2\edgmt2.dll" = protocol=17 | dir=in | app=c:\program files\edgmt2\edgmt2.dll |
"UDP Query User{A7FA938A-E9A3-47BB-A804-EA890B460674}C:\users\name\desktop\sogmt2 verändert\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2 verändert\sogmt2.exe |
"UDP Query User{AD221391-8093-4274-921E-99D16E509A24}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin |
"UDP Query User{AF642F9C-2131-4D10-A0E1-3435AA3B718E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B1F9B9DF-A453-472E-B101-82104AAFEFC6}C:\program files\edgmt2\mc.exe" = protocol=17 | dir=in | app=c:\program files\edgmt2\mc.exe |
"UDP Query User{B29BDE1A-8724-410B-AB8C-8F79417E0AE9}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{B34EFC39-0454-423E-BA68-45E3D3BBA095}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin |
"UDP Query User{B8BC4743-2239-42C4-8A76-877DB5FB6903}C:\program files\american conquest\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\american conquest\dmcr.exe |
"UDP Query User{B96B41E8-5E58-4698-8EFE-62982557E5AF}C:\users\name\desktop\metin2_germany\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2_germany\sogmt2.exe |
"UDP Query User{BC12407F-C6C5-4CA4-B7B8-B0A4A8B38802}C:\users\name\desktop\china client\china client\mc.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\china client\china client\mc.exe |
"UDP Query User{CF6853D0-4140-4F43-9757-693BA4B6636C}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{D47B3434-1C5F-43F9-A334-12836A9323E5}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{E21C85FA-9351-426D-9ADC-94655FCACCD7}C:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe |
"UDP Query User{ED8BBCA6-642D-4165-9A59-BF9A5A189AB6}C:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe |
"UDP Query User{F3E2FB1F-7498-4674-A6DF-96FC731DCE2A}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin |
"UDP Query User{F45155C5-44F9-43E4-A78C-2C72F10342CB}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{F6E928A6-8262-4ECC-B524-C9C1949BC896}C:\program files\metin2_germany2\mc.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany2\mc.exe |
"UDP Query User{FAD61E1D-F910-4685-B6DD-C1540BD5E825}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin |
"UDP Query User{FEEA4E7A-2664-4654-9C78-EA7D53DA09F9}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45BA6F47-ED29-4ACB-8F40-BBAD4D644EE5}" = AviDecode
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4C90CF1B-2D08-430A-826C-F783D9A14A2A}" = Symantec Real Time Storage Protection Component
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DC7B4AA-FA73-4417-B4D6-B960E965190D}" = SymNet
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3A3126-D6B4-4FCE-8FD6-E33C49B4282D}" = DV Camcorder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.16 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"aTube Catcher" = aTube Catcher
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.3.4.1
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GamersFirst War Rock" = War Rock
"GhostMouse 2.0" = GhostMouse 2.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MultiRes (remove only)" = MultiRes (remove only)
"Nintendo DS - GBA Max Drive_is1" = Nintendo DS - GBA Max Drive
"NVIDIA Drivers" = NVIDIA Drivers
"Poket Script" = Poket Script 1.2
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Recuva" = Recuva
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.7i
"Softonic_Deutsch_TC Toolbar" = Softonic_Deutsch_TC Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.8
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = VSS | ID = 39
Description =
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description =
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description =
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = VSS | ID = 39
Description =
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description =
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description =
Error - 04.10.2010 13:46:41 | Computer Name = Name-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = VSS | ID = 39
Description =
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description =
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 02.10.2010 10:19:12 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 03.10.2010 06:52:31 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 03.10.2010 09:55:57 | Computer Name = Name-PC | Source = DCOM | ID = 10010
Description =
Error - 03.10.2010 11:41:50 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 03.10.2010 16:05:06 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 04.10.2010 07:42:45 | Computer Name = Name-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.10.2010 um 22:05:05 unerwartet heruntergefahren.
Error - 04.10.2010 07:42:46 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 04.10.2010 09:03:51 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
Error - 04.10.2010 09:03:58 | Computer Name = Name-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 04.10.2010 12:42:04 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Hoffe das das schonmal weiterhilft und ich bedanke mich für
die bemühungen mir zu helfen |
