Hi
vielen Dank schonmal hier die Files
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.27.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
gaara :: GAARA-PC [Administrator]
27.07.2012 17:46:33
mbam-log-2012-07-27 (19-34-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 542795
Laufzeit: 1 Stunde(n), 46 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\keygen.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
D:\Gamez\Angry Birds 2011\Angry.Birds.Rio.v1.1.0.cracked.READ.NFO-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> Keine Aktion durchgeführt.
(Ende)OTL Logfile: Code:
OTL logfile created on: 27.07.2012 19:41:37 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\gaara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,10% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 73,50 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 736,19 Gb Total Space | 337,89 Gb Free Space | 45,90% Space Free | Partition Type: NTFS
Drive E: | 39,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GAARA-PC | User Name: gaara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\gaara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 38 9A 76 0B E1 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.01 23:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:34:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
[2010.09.29 22:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions
[2010.04.01 22:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.27 04:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions
[2012.05.18 02:53:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de
[2012.04.25 15:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.18 01:34:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.15 15:17:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.30 22:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.12 23:50:32 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2011.08.30 22:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.30 22:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.30 22:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.30 22:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.30 22:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D68BFAF8-E139-47F8-8BF5-315901E8E09D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.27 17:50:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\gaara\Desktop\OTL.exe
[2012.07.27 04:19:10 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Malwarebytes
[2012.07.27 04:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.27 04:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.27 04:18:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.27 04:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.27 02:24:06 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\UAs
[2012.07.25 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\14001.004
[2012.07.25 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\xmldm
[2012.07.25 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\kock
[2012.07.18 15:52:21 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.18 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Dropbox
[2012.07.18 01:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.18 01:36:24 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\pdfforge
[2012.07.18 01:36:21 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.07.18 01:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.07.18 01:36:21 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.07.18 01:36:20 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.07.18 01:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.07.18 01:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.07.18 01:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.07.18 01:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.07.11 16:24:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:24:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:24:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:24:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 16:24:02 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[1 C:\Users\gaara\AppData\Roaming\*.tmp files -> C:\Users\gaara\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.27 19:46:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 19:46:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 19:43:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.27 19:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 19:38:46 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 17:50:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\gaara\Desktop\OTL.exe
[2012.07.27 05:44:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 05:44:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.27 04:18:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.27 03:00:16 | 000,000,034 | ---- | M] () -- C:\Users\gaara\AppData\Roaming\blckdom.res
[2012.07.27 03:00:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 01:44:29 | 000,000,032 | ---- | M] () -- C:\Users\gaara\AppData\Roaming\urhtps.dat
[2012.07.18 15:55:30 | 000,001,001 | ---- | M] () -- C:\Users\gaara\Desktop\Dropbox.lnk
[2012.07.12 15:04:03 | 003,021,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.05 13:02:30 | 000,095,744 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\gaara\AppData\Roaming\*.tmp files -> C:\Users\gaara\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.27 04:18:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.27 02:24:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 01:44:29 | 000,000,032 | ---- | C] () -- C:\Users\gaara\AppData\Roaming\urhtps.dat
[2012.07.25 21:15:13 | 000,000,034 | ---- | C] () -- C:\Users\gaara\AppData\Roaming\blckdom.res
[2012.07.18 15:55:30 | 000,001,001 | ---- | C] () -- C:\Users\gaara\Desktop\Dropbox.lnk
[2011.09.09 17:05:03 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.15 15:55:19 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.12 19:57:42 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.12 19:57:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7320.DAT
[2010.10.19 21:44:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.04.10 00:45:55 | 000,005,632 | ---- | C] () -- C:\Users\gaara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012.07.27 05:05:02 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\14001.004
[2011.06.26 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.27 04:14:04 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Dropbox
[2010.10.03 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\GetRightToGo
[2011.09.13 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ICQ
[2012.07.25 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\kock
[2012.02.01 06:31:08 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\LolClient
[2012.06.02 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\LolClient2
[2010.04.10 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ManyCam
[2010.10.21 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ML
[2010.04.16 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\NetMedia Providers
[2012.07.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\pdfforge
[2010.04.16 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Publish Providers
[2011.07.24 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Rovio
[2010.05.03 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Samsung
[2010.04.01 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Thunderbird
[2012.06.22 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\TS3Client
[2012.07.27 02:24:21 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\UAs
[2012.07.27 02:24:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\xmldm
[2012.04.13 15:45:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 27.07.2012 19:41:37 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\gaara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,10% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 73,50 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 736,19 Gb Total Space | 337,89 Gb Free Space | 45,90% Space Free | Partition Type: NTFS
Drive E: | 39,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GAARA-PC | User Name: gaara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B98D6B1-92C0-45AF-A8A2-1591EB26F25E}" = lport=445 | protocol=6 | dir=in | app=system |
"{0DDFD24A-4D1B-4831-AA79-2A48552B50FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E71373A-603E-431C-A220-9D6F0801C0CF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1EEC101E-AD8D-4CCC-8220-E73C39CA21BA}" = lport=56154 | protocol=6 | dir=in | name=pando media booster |
"{24015529-A7A4-4D14-8C8B-8F30B8768CAE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{324F76F9-9A13-4F32-AADC-78F1248AA020}" = lport=56154 | protocol=6 | dir=in | name=pando media booster |
"{40E6BC4F-ED0A-48F6-A78F-340605100434}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41E2EEFA-395F-4014-B5BB-7CDBB16C221B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47CB3CE4-64D4-4736-ADC1-9F12A66D9575}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51F3FEE8-0012-4A1E-985E-221A6B70F552}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D0A0E1A-D76A-4505-869D-101FCE689E3C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6956FD51-7357-4F14-8C1F-CE8EAAFD1190}" = rport=139 | protocol=6 | dir=out | app=system |
"{7FA10868-17E9-4420-BA75-29591B641D56}" = lport=56154 | protocol=17 | dir=in | name=pando media booster |
"{80FB93A5-C8FE-4A06-A3DA-9322D6947EDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8245A969-B26E-4D93-8E1D-1352E71C9BDF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{88122C81-D6CC-4751-A113-A0FEF84C689D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{90CB0975-617D-4AAA-9F13-7B67119A17A8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A030B164-334A-42AB-B8A3-B5FAA5A2DDA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2EEF38F-3696-44A9-9A56-43B3EA963313}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6BFDED0-EC3A-4DA6-BF0D-5B64E64856F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0533703-9654-45F6-8C9B-1F95779A4B80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C0687F05-E617-48CF-BA7B-2CF9A62454D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{C10FFAB3-64C6-4DA0-B622-4F9BDA5FDC22}" = lport=56154 | protocol=17 | dir=in | name=pando media booster |
"{C450CF0B-886C-4CD6-9148-5E62E260E64E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CF87B54A-7361-43D4-B080-F8CBADC22A54}" = rport=445 | protocol=6 | dir=out | app=system |
"{E180D8D4-370E-45BC-BA2C-F022FAE49466}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2AD6324-0B3D-4554-8006-3951EC1F4599}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFAA976C-6DFA-40E8-9670-0DBAB65C4F18}" = lport=139 | protocol=6 | dir=in | app=system |
"{FAB6A9DA-3D7A-47FE-ABED-67F6372B5970}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036B59FC-94D5-4CB8-80A2-0EE4870139CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{038C06A6-0F1F-4DC9-B8B5-4617E63F29E5}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\blizzard downloader.exe |
"{0811EE4A-048D-480E-9278-5E2D6AE31508}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{112116F8-A6E0-43AD-A8EC-FEEB7A111007}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12DF2325-E0C2-46F2-82B2-A6D10B9C928A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1300E672-0AAB-4578-9C44-99390CC6688B}" = protocol=6 | dir=in | app=c:\users\gaara\downloads\sweetimsetup.exe |
"{149C2262-8A5A-4F9B-9ABD-653C9C67BE84}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{1750C3F6-FBD1-4DFF-9BE2-19AD476755F6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{1E3C1EE5-F212-4687-8C3E-747B32283467}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EAEFB7D-3312-4CE1-9EFD-227E7E7A883B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{20B65EDF-921C-4192-A583-DEA235996E51}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{232DE3F4-3AFC-4A6A-88F3-2640D07A204F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{255E6FF0-8573-4321-B781-5ECA2F29AEAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{260ED9BF-76D9-4A10-B328-9F410BD60428}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\backgrounddownloader.exe |
"{2724FE83-E8F9-49EC-8E30-F1EED8530BC8}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\counter-strike source\hl2.exe |
"{2743639C-E26C-4A37-9F92-C1AFF3279725}" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\starcraft ii.exe |
"{28AFB27D-C654-4517-AEBE-FE3805C7BDB7}" = protocol=6 | dir=in | app=d:\gamez\diablo iii\diablo iii.exe |
"{2CBA5243-7221-4689-9812-93D256811772}" = protocol=17 | dir=in | app=d:\gamez\steam\steam.exe |
"{2D3F2924-872B-4F3D-B638-DBC56D8BE771}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{2E71006C-035B-48E7-A779-BC28101DB401}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe |
"{3217DCFF-F5F2-4173-AFA9-6FF2804DA387}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3228779B-08C7-4E44-8D12-1015AFF411AE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{3F0FF602-E6AB-4689-82E6-35572A98BFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3FD212C1-CE0B-4BFE-B9FB-20586F943FB3}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe |
"{416DDB3F-9730-47E9-92CB-774667A9BF35}" = protocol=17 | dir=in | app=d:\gamez\diablo iii\diablo iii.exe |
"{41B1F56A-4662-41BB-88CE-C92C4A56C39E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{44A92220-392E-4F01-A041-39A5372E87DB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{47D5AFDE-E150-4EC7-B459-863D149DE771}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{4D25FDD2-B574-4A22-AC67-E1580FD24710}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{50B3FA52-0F5A-4518-AEC0-0FB3A80A0622}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52464F20-0F2B-47F3-B5AD-94FD0CC93503}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{565CB3E1-7FAB-47D9-9203-D19F49823076}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5ED852BF-4DE3-4E3C-898C-7326A734F1B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F3A0DEB-A94A-4E99-BADF-989529E54B39}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{60AF21AC-E8FD-4416-AFB8-65FFB028B155}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{61BB3A46-AEBD-4270-9479-09E869AF6175}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6622E94B-FC90-42C5-BC99-13E5387F683B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7149AF9D-D99B-4D9E-A1EE-0FAD3C7546D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72F9C77F-76B6-4A6F-A367-2AB42A0B639C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{779A397D-03F4-4924-AB3A-26739560B390}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{7A395842-2A92-4686-8893-AAFB9A157F35}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.exe |
"{7BED9BF1-0F63-4B0F-8580-6FBF5A105B88}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.exe |
"{7F13CD05-222A-464B-85E5-842C198FB4F5}" = protocol=17 | dir=in | app=c:\users\gaara\downloads\sweetimsetup.exe |
"{86ED21DE-DBAF-475D-B34F-145217524919}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8C28A458-3EEF-427C-BD03-6EABFCE46FE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F6E9B1D-C8CE-4A08-9F0D-04EE2C45AE3F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{966AC5FF-1A5B-4B91-88BC-5B4F4416B528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9714721C-1D34-420D-86F7-FEF3B75FC443}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{980616C5-1D3F-46B3-A1A9-DA150500A613}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A24C21C0-2004-4753-AC8D-A480B5651925}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A66CA18A-ACF1-4252-B52D-C6F68C38AAEF}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe |
"{A83012D9-82F4-4C19-BD2F-E5E0D90D6D56}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AE436CA4-5872-4E43-9D87-11B852A710B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{B0E015AD-2D89-4C14-B992-90865D6E0376}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B58D2CDD-08D7-4496-B9DE-6B815B84F6ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B70C0FB5-87EE-4109-9A18-41AC6897EE9F}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\blizzard downloader.exe |
"{B9142BC7-FD23-4E90-99F5-25DE596D9121}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB2D7244-A5E0-484F-9C1A-64A3867853B3}" = protocol=58 | dir=in | app=system |
"{BE0BF572-8E1C-4D6D-926C-B4AA7751A0F8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{BF15BF27-32E6-49BC-8754-042504E74B46}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\backgrounddownloader.exe |
"{C0456B40-1E19-40DA-959B-085D1243781F}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C3B44788-6AB5-44CD-B8E9-8FC05E06A33B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C771AECF-F0DA-4A25-AB3B-0A79D683444B}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D25514DF-6AFD-4275-B148-0854064C239F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D2C55336-9A15-4714-B7A2-630943F94B57}" = protocol=6 | dir=out | app=system |
"{D7D16F38-8827-484A-B031-49FEF731674A}" = protocol=6 | dir=in | app=d:\gamez\steam\steam.exe |
"{DA4ACE6F-E683-494A-B02D-AF8DE4BA7B17}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{DA9268B2-85AB-4D35-91E1-1AD879C59AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{DCCE4B9D-5A4A-4772-8B53-628D134000D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEC0484B-95B6-43F3-87C6-A1E184D68FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3D0A83B-F857-4AD0-8712-ECF20A724ECB}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe |
"{EF2CB629-AF90-4B46-8F70-5DC6B00C200F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5AEB186-7997-497E-871A-FB9E6FEEEC7A}" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\starcraft ii.exe |
"{F68B4082-6382-4CFC-ABB2-DFC03A3593B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F85CB2B6-8DC9-4C97-B27B-A6B63E8D43AD}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\counter-strike source\hl2.exe |
"{F881A574-143B-4D98-8EBB-31D083F98844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F997A989-A673-410C-BBA3-A8BAF0545BCB}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FC748E8B-4B9C-4541-8581-A0B3F69FB284}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0-dede-downloader.exe |
"TCP Query User{067B97D0-55C3-4E30-9904-E96A3BB72DC2}D:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{17528FC9-C096-4D42-84DC-0508A4A53417}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{1FE9B9F7-A77B-4371-B3C4-92525EA5B7FE}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{26FD3425-F879-4A59-B30E-E0A9E80736A3}D:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe |
"TCP Query User{28427B08-0F81-45B8-8627-9F2961F94376}D:\gamez\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{2880A4CE-A9DB-44B7-B366-881ED4C2F107}D:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{28B853F0-DD13-4138-BD4C-397D02D13FA3}C:\windows.old\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\windows.old\program files (x86)\icq7.1\icq.exe |
"TCP Query User{3757EEC4-9C39-482D-9926-7EBBD7D98FB8}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{39EF07B9-3D37-4AB7-9704-87FBB251F4FF}D:\gamez\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{4DA3C29C-B2AD-4D75-9C40-830732FA63BB}D:\gamez\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{64AB9ADD-2256-46F4-8127-A8E7C65D4FAA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{6CE0AAB7-26AA-4EB0-BBB2-C76B989DDE14}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{8B4B1D87-13B5-4269-992C-4F986317DF84}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{955CFBAB-A2F9-4203-B19B-BD16D937F8C5}C:\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"TCP Query User{9926960C-C7CE-4047-B316-D1E98D6176F5}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{9A465467-9081-4266-BE00-CC856D233E43}D:\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\empire earth\empire earth.exe |
"TCP Query User{9D6B7A11-2769-4580-8103-A857AE7575B8}D:\gamez\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{A118B6DD-4227-4258-8DB3-6501F9E5F6A3}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"TCP Query User{A628985A-059D-4A22-8F5C-681D67407694}D:\gamez\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\gamez\empire earth\empire earth.exe |
"TCP Query User{A918DDC5-AEF6-4645-8D27-59DD8EE6934B}D:\gamez\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\repair.exe |
"TCP Query User{B306477A-9982-42DE-85DC-AA989A1724DB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B976F965-15E2-4B8C-85B1-89DCD1284B0E}D:\gamez\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.exe |
"TCP Query User{BE776BFC-FEA9-42DB-8B32-4595D8887886}C:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{CA4B3AC3-96E2-43E3-8C94-653A31087E71}D:\gamez\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{CC915A5C-A014-4D1D-BF80-948A7FFB1547}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{D39B6EDF-2775-4159-8062-840F45935D0D}D:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{E3B547AE-ED11-40A4-9814-C29AF2AD43A8}D:\gamez\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{E72D0BD0-DC5F-42B5-9101-6F50ADCAC98E}D:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{EBE138D6-1B1A-4F2F-B01F-C0099410D46B}D:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F29C93EA-D46D-4B82-B17C-E7E47B9C0B60}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{F42A02B4-ADCD-4A96-BC32-346EC7CEB7CC}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{17FE872C-F21D-466B-9D37-FACCE9FBA139}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{1E60516E-3030-42E2-A597-62DBA09D3801}D:\gamez\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\gamez\empire earth\empire earth.exe |
"UDP Query User{23AA56C0-96A6-406B-A5BB-6D4E72DB6A72}D:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe |
"UDP Query User{30E07E22-EB23-4565-8BBA-ADBA5B39D45F}D:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{33711C4A-EB2A-4164-A0DE-D0DE62CA91A7}D:\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\empire earth\empire earth.exe |
"UDP Query User{4FEF1241-FA6D-4DA2-9A85-92FC23CEB220}D:\gamez\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{50C4DC8D-DA23-4329-AF0B-A17B5ABF4991}D:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{520BE9EC-BE77-489E-AE29-3B18D4658099}C:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{54E4F9D5-C5F9-43FC-A197-3D299825A7F4}D:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{679B01D3-C6CD-401B-828C-A531C3050BB8}C:\windows.old\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\windows.old\program files (x86)\icq7.1\icq.exe |
"UDP Query User{7A50119B-357C-42C4-84D2-F4668F6A202D}D:\gamez\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.exe |
"UDP Query User{7B4B490F-A735-46F5-89EF-224F37133335}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{877F4F8A-E565-47A8-8853-42B91DCC81FB}D:\gamez\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{8CF173C3-A87C-4F1F-BD28-4FCFA9C55887}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"UDP Query User{96FCB0D4-7D1A-480E-88D7-A743155D2213}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{970E40C0-6324-4457-AD39-78C39BFF9A3B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{99F64058-0161-4F0F-9F76-8F51102BD619}D:\gamez\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{B18F9D2F-608E-48D3-8272-C28C6A55B59E}D:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{B8757E2F-FAE8-46C6-8287-41C4620407EF}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{B9331185-8DEA-4E25-9FF4-0A0AF1639669}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{D2FDAB4B-452A-4A15-9A2A-DB7988352F94}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{D3B361E6-1D89-4080-880C-2997253C975F}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{D61DB558-E5CC-4173-AFFB-197148696863}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{D6CEBCE1-AED0-447F-81C9-DAE9DB561C46}D:\gamez\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{D8D22975-BFAC-4F40-9046-B55590D77C03}D:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{DC9B5AFD-6EFA-47BB-B121-176D436D8FAD}D:\gamez\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{DDDC1AD3-D500-4442-9882-B7642C7B76A9}D:\gamez\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{E65D2D05-4D00-4E6B-B8CA-AF44B56E91C1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{ECF82641-DB41-43E7-AAFD-1998C8443B5D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F5F921CA-D2B7-4B1F-9D10-7F0E83B2225A}C:\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"UDP Query User{F9AF6CF0-64AB-4443-925C-4D5CB89C3DEA}D:\gamez\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\repair.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AACDE433-670D-429B-B90B-A177AFAFD610}" = Sonic Foundry Vegas 4.0
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{e917348c-d989-4a03-a91b-31b7bf288067}" = Nero 9 Lite
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVI Splitter_is1" = AVI Splitter
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bridge Building Game" = Bridge Building Game
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 440" = Team Fortress 2
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2012 10:52:34 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.01.2012 12:03:28 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.01.2012 12:11:08 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 29.01.2012 21:49:16 | Computer Name = gaara-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ee862ad Ausnahmecode: 0xc0000005 Fehleroffset: 0x67b8f119
ID
des fehlerhaften Prozesses: 0x11f8 Startzeit der fehlerhaften Anwendung: 0x01ccdeeb0c069ab0
Pfad
der fehlerhaften Anwendung: d:\gamez\steam\steamapps\ganjabaumann\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
9da18240-4ae4-11e1-8f57-001e8c68e2b6
Error - 30.01.2012 12:45:08 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.01.2012 10:54:46 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.01.2012 22:05:25 | Computer Name = gaara-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ee862ad Ausnahmecode: 0xc0000005 Fehleroffset: 0x6ef1f119
ID
des fehlerhaften Prozesses: 0xe24 Startzeit der fehlerhaften Anwendung: 0x01cce07e0446e570
Pfad
der fehlerhaften Anwendung: d:\gamez\steam\steamapps\ganjabaumann\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
340c9090-4c79-11e1-b0fa-001e8c68e2b6
Error - 01.02.2012 11:28:33 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.02.2012 14:08:28 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.02.2012 12:36:40 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 27.07.2012 13:38:55 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::processResponse File: .\IP\DNSRequest.cpp Line:
529 Invoked Function: CUDPDNS::Parse Return Code: -29687802 (0xFE3B0006) Description:
IPPACKET_ERROR_INSUFFICIENT_BUFFER
Error - 27.07.2012 13:38:55 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
1069 Invoked Function: CDNSRequest::processResponse Return Code: -29687802 (0xFE3B0006)
Description:
IPPACKET_ERROR_INSUFFICIENT_BUFFER Failed to resolve 50.62.197.193.in-addr.arpa
via DNS server 192.168.2.1
Error - 27.07.2012 13:39:44 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.07.2012 13:39:59 | Computer Name = gaara-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 27.07.2012 13:40:01 | Computer Name = gaara-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
[ System Events ]
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.07.2012 22:07:51 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
Error - 27.07.2012 08:36:20 | Computer Name = gaara-PC | Source = bowser | ID = 8003
Description =
< End of report >
--- --- --- |
