| Amsterdamer | 17.07.2012 16:07 |
C:\Windows\KMService.exe (RiskWare.Tool.CK) Infizierte Datei!
Hallo,
habe mein Computer wohl irgendwie verseucht. Anbei der MBam Log, OTL und Extras.txt
Würde mich sehr, sehr über eure Hilfe freuen :) Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.17.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [Administrator]
17.07.2012 16:33:30
mbam-log-2012-07-17 (16-42-38).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232201
Laufzeit: 8 Minute(n), 49 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2072 -> Keine Aktion durchgeführt.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-1880967086-2791244390-2684843721-1000\$RCGFQ76\metin2client.bin (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Keine Aktion durchgeführt.
(Ende)
Code:
OTL logfile created on: 17.07.2012 16:43:55 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\David\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 69,03% Memory free
7,73 Gb Paging File | 6,21 Gb Available in Paging File | 80,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 62,66 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.17 16:37:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.03.26 17:57:16 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011.11.07 23:08:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.01 23:49:41 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011.11.01 23:49:41 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2011.11.01 18:42:43 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.24 03:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008.08.29 09:56:22 | 001,427,456 | ---- | M] (T-Mobile) -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.12.18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2002.04.12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001.12.13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2012.06.17 14:03:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.17 14:02:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.06.09 12:24:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.06.09 12:21:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.06.09 12:20:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.06.09 12:20:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.06.09 12:20:22 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.06.09 12:20:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011.11.02 02:47:40 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.11.01 18:42:43 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.08.29 10:05:44 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\optimizer.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.01.22 03:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.13 03:03:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 00:19:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.07 23:08:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.01 23:49:41 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.09.09 17:16:32 | 005,735,424 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.18 14:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.13 02:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.12.18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2002.04.12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.08.08 20:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.07 18:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.07.07 12:50:14 | 000,070,224 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kx1usb.sys -- (kx1usb_svc)
DRV:64bit: - [2011.07.07 12:50:12 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kx1avs.sys -- (kx1avs)
DRV:64bit: - [2011.04.11 14:30:36 | 000,097,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djusb.sys -- (a4djusb_svc)
DRV:64bit: - [2011.04.11 14:30:35 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djavs.sys -- (a4djavs)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.05.25 16:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.25 16:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.05.25 16:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.25 16:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 11:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 11:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 11:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.03.01 09:20:56 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.22 03:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 02:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.05 02:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.16 13:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.10.08 14:01:59 | 000,044,624 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djavs_x64.sys -- (a4djavs_x64)
DRV:64bit: - [2009.10.08 14:01:56 | 000,300,112 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djusb_x64.sys -- (a4djusb_x64)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.13 02:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.04.10 00:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\tcpipBM.sys -- (tcpipBM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361111f635l0434z145t5512j49o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361111f635l0434z145t5512j49o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361111f635l0434z145t5512j49o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361111f635l0434z145t5512j49o
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361111f635l0434z145t5512j49o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE456
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "65.55.73.222 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012.03.26 17:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.17 16:28:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.13 03:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.09 22:34:16 | 000,000,204 | ---- | M] ()
[2011.11.01 18:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions
[2012.07.15 12:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\5kzp9mmj.default\extensions
[2012.07.15 12:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\5kzp9mmj.default\extensions\staged
[2012.06.17 12:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.24 22:00:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.13 03:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.02.20 21:18:04 | 000,023,087 | R--- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KZP9MMJ.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI
[2012.03.26 17:58:14 | 000,026,136 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KZP9MMJ.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
[2012.07.15 12:36:44 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KZP9MMJ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.07.12 21:14:54 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KZP9MMJ.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2012.03.25 21:09:49 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KZP9MMJ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.07.13 03:03:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 14:22:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 14:22:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 14:22:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 14:22:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 14:22:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 14:22:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.05.17 16:12:28 | 000,005,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 41 more lines...
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AFCC4E-6474-4320-9B17-CB56B686B3AB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A38C8503-069D-4519-A410-C55F29095CFB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D419F6AC-BD4D-4DF4-B1D0-185A91B5614F}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d8c9490-3de4-11e1-b7ae-705ab6e28c64}\Shell - "" = AutoRun
O33 - MountPoints2\{0d8c9490-3de4-11e1-b7ae-705ab6e28c64}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2e591842-b393-11e1-8fc0-705ab6e28c64}\Shell - "" = AutoRun
O33 - MountPoints2\{2e591842-b393-11e1-8fc0-705ab6e28c64}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{55f809f1-cff7-11e1-a6cd-705ab6e28c64}\Shell - "" = AutoRun
O33 - MountPoints2\{55f809f1-cff7-11e1-a6cd-705ab6e28c64}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{ef82914c-67da-11e1-972e-705ab6e28c64}\Shell - "" = AutoRun
O33 - MountPoints2\{ef82914c-67da-11e1-972e-705ab6e28c64}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.17 16:23:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2012.07.17 16:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 16:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 16:23:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 16:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 12:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\web'n'walk Manager
[2012.07.17 12:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Mobile
[2012.07.16 05:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.07.16 05:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.07.15 04:48:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012.07.13 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\David\Downloadsluckyman
[2012.07.13 01:35:09 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Metin2
[2012.07.13 01:31:58 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Ohne Worte
[2012.07.06 19:13:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.06 16:21:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012.07.06 16:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2012.07.03 16:49:51 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mainstream_vol1_data
[2012.07.03 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\butt
[2012.07.03 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\butt
[2012.07.03 14:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\butt
[2012.06.29 17:51:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ts3overlay
[2012.06.29 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\TS3Client
[2012.06.29 17:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.06.29 17:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.06.26 01:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
[2012.06.26 01:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metin2
[2012.06.23 17:00:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Macromedia
[2012.06.22 02:05:45 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\playlists
[2012.06.21 15:08:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
[2012.06.20 14:26:49 | 000,000,000 | R--D | C] -- C:\Users\David\Documents\Scanned Documents
[2012.06.20 14:26:48 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Fax
[2010.03.02 12:47:50 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\David\Documents\*.tmp files -> C:\Users\David\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.17 16:36:43 | 000,000,000 | ---- | M] () -- C:\Users\David\defogger_reenable
[2012.07.17 16:33:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 16:30:10 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1880967086-2791244390-2684843721-1000UA.job
[2012.07.17 16:23:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.17 16:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 16:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 14:49:05 | 000,010,253 | ---- | M] () -- C:\Users\David\Desktop\onnneeasaaf.xspf
[2012.07.17 14:46:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 14:46:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 14:38:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 14:38:30 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 12:49:39 | 000,001,228 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
[2012.07.17 12:49:39 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.07.17 12:13:10 | 001,628,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 12:13:10 | 000,702,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 12:13:10 | 000,657,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 12:13:10 | 000,150,400 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 12:13:10 | 000,123,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 05:23:21 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.07.16 05:22:34 | 001,651,008 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.15 18:02:41 | 000,007,606 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2012.07.15 13:30:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1880967086-2791244390-2684843721-1000Core.job
[2012.07.15 04:01:31 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012.07.12 22:34:38 | 000,000,206 | ---- | M] () -- C:\Users\David\Desktop\hwmonitorw.ini
[2012.07.12 21:13:54 | 000,170,039 | ---- | M] () -- C:\Windows\SysWow64\drivers\str.sys
[2012.07.12 21:11:05 | 005,226,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 21:38:50 | 000,001,456 | ---- | M] () -- C:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.07.06 17:48:14 | 000,034,816 | ---- | M] () -- C:\Users\David\Documents\deep house musik.msam
[2012.07.06 17:04:47 | 000,228,224 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.03 16:49:54 | 000,136,733 | ---- | M] () -- C:\Users\David\Documents\mainstream_vol1.aup
[2012.07.03 14:46:12 | 000,000,465 | ---- | M] () -- C:\Users\David\AppData\Roaming\buttrc
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.21 15:08:35 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\MusicBee.lnk
[2012.06.21 02:23:24 | 006,886,200 | ---- | M] () -- C:\Users\David\Desktop\19 I Love London.mp3
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\David\Documents\*.tmp files -> C:\Users\David\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.17 16:36:43 | 000,000,000 | ---- | C] () -- C:\Users\David\defogger_reenable
[2012.07.17 16:23:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.17 14:49:05 | 000,010,253 | ---- | C] () -- C:\Users\David\Desktop\onnneeasaaf.xspf
[2012.07.17 12:49:39 | 000,001,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
[2012.07.17 12:49:39 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.07.16 05:23:21 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.07.16 05:22:39 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.07.15 18:02:41 | 000,007,606 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2012.07.12 21:12:45 | 000,022,016 | ---- | C] () -- C:\Users\David\AppData\Local\{a71e384e-c536-8709-5d49-09cbf686a19b}\U\800000cb.@
[2012.07.12 21:12:41 | 000,001,696 | ---- | C] () -- C:\Users\David\AppData\Local\{a71e384e-c536-8709-5d49-09cbf686a19b}\U\00000001.@
[2012.07.06 19:10:19 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{a71e384e-c536-8709-5d49-09cbf686a19b}\U\00000001.@
[2012.07.06 19:10:01 | 000,170,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\str.sys
[2012.07.06 17:04:47 | 000,228,224 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.06 17:04:35 | 000,034,816 | ---- | C] () -- C:\Users\David\Documents\deep house musik.msam
[2012.07.06 16:21:18 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012.07.03 16:49:54 | 000,136,733 | ---- | C] () -- C:\Users\David\Documents\mainstream_vol1.aup
[2012.07.03 14:34:46 | 000,000,465 | ---- | C] () -- C:\Users\David\AppData\Roaming\buttrc
[2012.06.21 15:08:35 | 000,001,017 | ---- | C] () -- C:\Users\David\Desktop\MusicBee.lnk
[2012.06.21 02:23:20 | 006,886,200 | ---- | C] () -- C:\Users\David\Desktop\19 I Love London.mp3
[2012.06.09 01:12:32 | 000,003,963 | ---- | C] () -- C:\Users\David\wp-config.php
[2012.06.06 15:59:54 | 001,651,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.24 18:09:53 | 000,001,456 | ---- | C] () -- C:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.04.06 13:57:17 | 000,000,366 | ---- | C] () -- C:\Users\David\config.inc.php
[2012.03.27 23:34:01 | 000,001,798 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.17 14:14:04 | 000,000,000 | ---- | C] () -- C:\Users\David\.y3
[2012.02.21 03:07:33 | 000,001,592 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.01.11 11:37:16 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a71e384e-c536-8709-5d49-09cbf686a19b}\@
[2012.01.11 11:37:16 | 000,002,048 | -HS- | C] () -- C:\Users\David\AppData\Local\{a71e384e-c536-8709-5d49-09cbf686a19b}\@
[2011.11.07 23:09:05 | 000,233,920 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.07 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.06 17:24:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011.11.06 17:24:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.11.06 17:16:10 | 000,000,060 | R--- | C] () -- C:\Program Files (x86)\BRINST.INI
[2011.11.01 23:50:15 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2011.11.01 23:50:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.11.01 18:43:08 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.11.01 18:43:08 | 000,000,302 | ---- | C] () -- C:\Windows\PidList.ini
[2011.11.01 18:43:07 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.11.01 18:20:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.11 18:45:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
========== LOP Check ==========
[2011.11.07 23:37:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.minecraft
[2012.06.26 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.purple
[2012.01.20 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ableton
[2012.01.28 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Amazon
[2012.07.04 00:18:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
[2011.11.18 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canneverbe Limited
[2011.11.02 11:44:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\EFSoftware
[2012.03.21 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient
[2012.02.22 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MAGIX
[2012.07.06 16:21:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011.11.01 14:38:35 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.11.01 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.07.15 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mp3tag
[2012.05.02 00:59:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PreSonus
[2012.05.23 01:07:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Resolume
[2012.05.23 01:07:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Resolume Arena 4
[2012.05.17 16:59:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.16 06:08:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TeraCopy
[2012.06.29 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TS3Client
[2012.06.29 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ts3overlay
[2011.11.04 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WindSolutions
[2012.07.15 13:30:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880967086-2791244390-2684843721-1000Core.job
[2012.07.17 16:30:10 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880967086-2791244390-2684843721-1000UA.job
[2012.07.15 04:01:31 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009.07.14 07:08:49 | 000,028,834 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012.01.29 20:05:59 | 000,001,176 | ---- | M] ()(C:\Windows\SysNative\???????????????????????????????????????????????????????????????L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?LRL?L?K?K?K?K?K?K?K?K?K?K?????????????????+?????????????????????????-?????????????????3Houseshapes Mi.mp3.lnk) -- C:\Windows\SysNative\㩇䵜摥慩桴步䱜摡湥浜獵歩瑜捥湨屯〳尰潤敮䵜⁹楄楧慴湅浥⁹慃汲䠠湡条慨敦瑡匠整楶敂正ⴠ䘠污楬杮䘠牯夠畯⠠潖慣楍⥸洮㍰퀀L쿀L컰L츠L쵐L첀L쮰L쥀L쫠L쨐LظL܈LըLҘL˸LψLȨLŘLˆLᄌKﻨK︘K﵈KﱸKﮨK齃K行K露KK胷╰耀㈥䐰杩瑩污㈥䔰敮祭㈥䌰牡╬〲慈慮桧湡㈥昰慥╴〲瑓癥敩㈥䈰捥獫㈥┰〲┭〲慆汬湩╧〲潆╲〲潙╵〲㈥嘸捯污㈥䴰硩㈥⸹灭3Houseshapes Mi.mp3.lnk
[2012.01.29 20:05:59 | 000,001,176 | ---- | C] ()(C:\Windows\SysNative\???????????????????????????????????????????????????????????????L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?LRL?L?K?K?K?K?K?K?K?K?K?K?????????????????+?????????????????????????-?????????????????3Houseshapes Mi.mp3.lnk) -- C:\Windows\SysNative\㩇䵜摥慩桴步䱜摡湥浜獵歩瑜捥湨屯〳尰潤敮䵜⁹楄楧慴湅浥⁹慃汲䠠湡条慨敦瑡匠整楶敂正ⴠ䘠污楬杮䘠牯夠畯⠠潖慣楍⥸洮㍰퀀L쿀L컰L츠L쵐L첀L쮰L쥀L쫠L쨐LظL܈LըLҘL˸LψLȨLŘLˆLᄌKﻨK︘K﵈KﱸKﮨK齃K行K露KK胷╰耀㈥䐰杩瑩污㈥䔰敮祭㈥䌰牡╬〲慈慮桧湡㈥昰慥╴〲瑓癥敩㈥䈰捥獫㈥┰〲┭〲慆汬湩╧〲潆╲〲潙╵〲㈥嘸捯污㈥䴰硩㈥⸹灭3Houseshapes Mi.mp3.lnk
[2012.01.29 19:43:11 | 000,001,922 | ---- | M] ()(C:\Windows\SysNative\?????????????????????????????????4?????????????????????????3?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?LRL?L?K?K?K?K?K?K?K?K?K?K??3?D?-??????????-??????????????????????????????????????????3ank - Whatcha S.mp3.lnk) -- C:\Windows\SysNative\㩇䵜摥慩桴步䱜摡湥浜獵歩瑜捥湨屯㔲尶慊業楆桳牥☠䰠歵潐灭祥映慥⁴楎潣敬䨠湥楫獮湯ⴠ䐠湡楣杮⠠牏杩湩污嘠捯污䴠硩⸩灭3텠L킐L쿀L컰L츠L쵐L첀L쮰L쥀L쫠L쨐LظL܈LըLҘL˸LψLȨLŘLˆLᄌKﻨK︘K﵈KﱸKﮨK齃K行K露KKᘈ⃢3耀D業╥〲楆桳牥㈥┰㘲㈥䰰歵╥〲潐灭祥㈥昰慥╴〲楎潣敬㈥䨰湥楫獮湯㈥ⴰ㈥䐰湡楣杮㈥┰㠲牏杩湩污㈥嘰捯污㈥䴰硩㈥⸹灭3ank - Whatcha S.mp3.lnk
[2012.01.29 19:43:11 | 000,001,922 | ---- | C] ()(C:\Windows\SysNative\?????????????????????????????????4?????????????????????????3?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?L?LRL?L?K?K?K?K?K?K?K?K?K?K??3?D?-??????????-??????????????????????????????????????????3ank - Whatcha S.mp3.lnk) -- C:\Windows\SysNative\㩇䵜摥慩桴步䱜摡湥浜獵歩瑜捥湨屯㔲尶慊業楆桳牥☠䰠歵潐灭祥映慥⁴楎潣敬䨠湥楫獮湯ⴠ䐠湡楣杮⠠牏杩湩污嘠捯污䴠硩⸩灭3텠L킐L쿀L컰L츠L쵐L첀L쮰L쥀L쫠L쨐LظL܈LըLҘL˸LψLȨLŘLˆLᄌKﻨK︘K﵈KﱸKﮨK齃K行K露KKᘈ⃢3耀D業╥〲楆桳牥㈥┰㘲㈥䰰歵╥〲潐灭祥㈥昰慥╴〲楎潣敬㈥䨰湥楫獮湯㈥ⴰ㈥䐰湡楣杮㈥┰㠲牏杩湩污㈥嘰捯污㈥䴰硩㈥⸹灭3ank - Whatcha S.mp3.lnk
< End of report >
Code:
OTL Extras logfile created on: 17.07.2012 16:43:55 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\David\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 69,03% Memory free
7,73 Gb Paging File | 6,21 Gb Available in Paging File | 80,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 62,66 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{612601db-4776-4127-bab5-d84b8644e530}" = Native Instruments Traktor Kontrol X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"Sandboxie" = Sandboxie 3.66 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.22
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{457BF93C-4D97-4C7B-9072-30B971F9A589}" = web'n'walk Manager
"{457BF93C-4D97-4C7B-9072-30B971F9A589}_x" = web'n'walk Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-295CN
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95B8C1B9-FAB2-4F2B-976A-D0CE7290B5A1}" = MusicBee
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X Lite - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B3A9F2C2-380D-92AD-1548-5C0038CB5FE1}" = Market Samurai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.149.115
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-4 (All Users)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"beaTunes3" = beaTunes 3.0.12
"butt" = butt
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"FormatFactory" = FormatFactory 2.90
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GPL Ghostscript 9.04" = GPL Ghostscript
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.2.7" = Live 8.2.7
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Metin2_is1" = Metin2
"Mixed In Key" = Mixed In Key 2.5
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Native Instruments Audio 4 DJ" = Native Instruments Audio 4 DJ
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Kontrol X1" = Native Instruments Traktor Kontrol X1
"Orcs Must Die!_is1" = Orcs Must Die!
"Pidgin" = Pidgin
"PS3 Media Server" = PS3 Media Server
"Resolume Arena 4.0.0_is1" = Resolume Arena 4.0.0
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"VLC media player" = VLC media player 1.1.11
"VLC Setup Helper_is1" = VLC Setup Helper
"WinCDEmu" = WinCDEmu
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"????????????" = ????????????
"bb91a114638258b8" = Google Contact Sync
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 08:44:00 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FormatFactory.exe, Version: 2.90.0.0,
Zeitstempel: 0x4f1a5056 Name des fehlerhaften Moduls: FFMpeg.dll, Version: 0.0.0.0,
Zeitstempel: 0x4f197388 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001780 ID des fehlerhaften
Prozesses: 0xf94 Startzeit der fehlerhaften Anwendung: 0x01cd59e269926dd9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\FFMpeg.dll
Berichtskennung:
eceb22cc-c5d5-11e1-8f0c-705ab6e28c64
Error - 04.07.2012 09:58:06 | Computer Name = David-PC | Source = Google Update | ID = 20
Description =
Error - 04.07.2012 12:58:06 | Computer Name = David-PC | Source = Google Update | ID = 20
Description =
Error - 04.07.2012 15:18:35 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0,
Zeitstempel: 0x4f61c045 Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9262,
Zeitstempel: 0x4b59af70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000081333c
ID
des fehlerhaften Prozesses: 0x165c Startzeit der fehlerhaften Anwendung: 0x01cd5a1631c09f6b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll Berichtskennung: 0cabd58e-c60d-11e1-8f0c-705ab6e28c64
Error - 05.07.2012 16:58:30 | Computer Name = David-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 06.07.2012 12:14:06 | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.0.4562 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1690 Startzeit:
01cd5b06135802c0 Endzeit: 3008 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
950e68e2-c785-11e1-8f0c-705ab6e28c64
Error - 06.07.2012 12:26:55 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0,
Zeitstempel: 0x4f61c045 Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9262,
Zeitstempel: 0x4b59af70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000081333c
ID
des fehlerhaften Prozesses: 0x16b4 Startzeit der fehlerhaften Anwendung: 0x01cd5b8c0ea61dd9
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll Berichtskennung: 6632407f-c787-11e1-8f0c-705ab6e28c64
Error - 06.07.2012 13:19:35 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0,
Zeitstempel: 0x4f61c045 Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9262,
Zeitstempel: 0x4b59af70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000081333c
ID
des fehlerhaften Prozesses: 0x1a88 Startzeit der fehlerhaften Anwendung: 0x01cd5b9b66052dad
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll Berichtskennung: c17d7a06-c78e-11e1-8f0c-705ab6e28c64
Error - 08.07.2012 00:45:27 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0,
Zeitstempel: 0x4f61c045 Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9262,
Zeitstempel: 0x4b59af70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000081333c
ID
des fehlerhaften Prozesses: 0x848 Startzeit der fehlerhaften Anwendung: 0x01cd5c77a1bbaa95
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll Berichtskennung: bc8ca58c-c8b7-11e1-8f0c-705ab6e28c64
Error - 08.07.2012 09:58:05 | Computer Name = David-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 17.07.2012 06:53:11 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
Error - 17.07.2012 07:02:00 | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.129.1728.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp:
%%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion:
1.1.8502.0 Fehlercode: 0x80070424 Fehlerbeschreibung: Der angegebene Dienst ist kein
installierter Dienst.
Error - 17.07.2012 08:38:29 | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\tcpipBM.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 17.07.2012 08:38:52 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 17.07.2012 08:38:55 | Computer Name = David-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 17.07.2012 08:38:58 | Computer Name = David-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 17.07.2012 08:39:24 | Computer Name = David-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
Error - 17.07.2012 08:40:02 | Computer Name = David-PC | Source = DCOM | ID = 10016
Description =
Error - 17.07.2012 08:48:48 | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.129.1728.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp:
%%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion:
1.1.8502.0 Fehlercode: 0x80070424 Fehlerbeschreibung: Der angegebene Dienst ist kein
installierter Dienst.
Error - 17.07.2012 10:23:15 | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.129.1728.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp:
%%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion:
1.1.8502.0 Fehlercode: 0x80070424 Fehlerbeschreibung: Der angegebene Dienst ist kein
installierter Dienst.
< End of report >
|
