LittleWulf | 19.08.2012 20:12 | Hier schonmal die OTL Looks.
Malware scan läuft grad noch
OTL:OTL Logfile: Code:
OTL logfile created on: 19.08.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\nichtadmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free
7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
Computer Name: ____ | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\LittleWulf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\Sandboxie\32\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE473
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t5601l52o
IE - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 18:39:44 | 000,000,000 | ---D | M]
[2012.03.04 17:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012.03.18 22:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions
[2012.03.05 18:38:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\uiywrttb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.07 18:16:25 | 000,002,102 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uiywrttb.default\searchplugins\wot-safe-search.xml
[2012.06.21 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.18 22:48:01 | 000,521,086 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.03.05 18:38:48 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIYWRTTB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.07.28 20:18:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3758058623-1903977830-3846845706-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB71CAE6-168F-4520-8193-B8B6A2F15561}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.19 19:56:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.08.19 19:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.19 19:56:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.19 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.18 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2012.08.15 17:44:35 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 17:43:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 17:43:26 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 17:43:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 17:43:09 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 17:43:08 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 17:43:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 17:42:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 17:42:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 17:42:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 17:42:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.07.31 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.07.31 18:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.07.28 20:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.28 20:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
========== Files - Modified Within 30 Days ==========
[2012.08.19 19:56:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.19 19:35:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.19 19:06:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.19 19:06:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.19 17:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 15:57:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 15:49:14 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.18 14:29:39 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.16 17:34:16 | 000,367,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 20:35:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 20:35:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.31 16:23:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.31 16:23:11 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.31 16:23:11 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.31 16:23:11 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.31 16:23:11 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2012.08.19 19:56:29 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.18 14:29:39 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.07.12 16:31:00 | 000,000,804 | ---- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\L\00000004.@
[2012.07.03 11:19:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.03 11:19:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.03 11:19:16 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012.07.03 11:19:16 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012.07.03 11:19:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.06.26 20:08:54 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.06.26 20:08:53 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.06.26 20:08:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.05.10 10:04:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.10 10:04:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.10 22:15:43 | 000,000,694 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.07 19:10:15 | 000,000,826 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.05 21:28:47 | 000,003,272 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.04 19:48:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.04 17:49:54 | 000,002,048 | -HS- | C] () -- C:\Users\LittleWulf\AppData\Local\{a2190229-dcef-1df1-22ae-1341c826792b}\@
[2012.03.03 01:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.03 01:51:37 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.04.19 12:36:21 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2012.03.18 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\3Dconnexion
[2012.08.18 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Anytow
[2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Awdoba
[2012.07.13 04:55:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\DAEMON Tools Lite
[2012.08.15 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\EoN
[2012.08.19 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\ICQ
[2012.03.20 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\OpenOffice.org
[2012.08.09 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Origin
[2012.06.28 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TeamViewer
[2012.08.14 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\TS3Client
[2012.07.31 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\XnView
[2012.08.18 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\LittleWulf\AppData\Roaming\Yxdy
[2012.07.13 03:59:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2012.03.07 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ICQ
[2012.03.07 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2012.03.07 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2012.08.12 17:56:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2012.08.19 15:49:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 19.08.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\nichtadmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,15% Memory free
7,48 Gb Paging File | 5,32 Gb Available in Paging File | 71,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,38 Gb Total Space | 24,79 Gb Free Space | 41,06% Space Free | Partition Type: NTFS
Drive D: | 224,61 Gb Total Space | 121,49 Gb Free Space | 54,09% Space Free | Partition Type: NTFS
Computer Name: ____ | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3758058623-1903977830-3846845706-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F3A94C-F122-4A5C-8A2A-C1370C23799B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10B4FE8B-CB8E-4F83-940D-4FD10F2746AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{1620874C-FCE1-410E-BA1A-EC9BDA2F58E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{37F98B62-93B4-4064-ADBE-7266DC51612B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42CB7B10-17C2-4696-A1ED-53747B10867B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{43B6C940-7364-447F-AEB8-CAEED7035F11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45BAA1B9-F046-4979-8B6E-E3D35D77E6B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{50A7592B-701A-4B08-9EDD-4B455CA014B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{51105F2E-31E5-4A94-839F-B661EF3DA866}" = rport=137 | protocol=17 | dir=out | app=system |
"{569142D9-B73D-4D4C-B841-A4FDA4F5F1DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E3871A3-73EF-417B-BE7B-E75A8119C7AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{817D57F4-15CB-4D89-9D3E-A1362B18E267}" = lport=139 | protocol=6 | dir=in | app=system |
"{8495791E-7023-462C-9EC6-C72F2BD7D0E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{870AD098-708E-44CA-8892-7F474AABDF3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A24831B-75C6-49B2-B2E5-DEC50D7A49F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C790B8D-681A-43B5-A4DC-7344569FFD8C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A58D7D3D-1AF8-42E5-B5F3-F128405F3281}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B0DD09C9-A0A2-4DB3-A007-B90E4B05A7B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C82DF571-E5FD-4349-A138-68CCFA7E041F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCEA900D-B57F-4492-B127-DB2BF4AA1AA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FECD492A-127A-407C-8306-0749AFE3E362}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C91090-B5C3-45FA-8312-5469E01B18F7}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{02852484-B64D-4621-8358-E7E5CECB7BAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0411381A-4F4B-42B4-A1A1-860127E348B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{098C70DA-0B64-40BF-BF8B-59FBD99AC698}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe |
"{13F334BC-5F0A-4610-895E-80767E2616FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{15F41015-59E6-42BD-A9D3-E3F6BB990B08}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1A938BE2-3789-4E37-AFB1-11CE2FB07F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{1ED15905-417B-4F3D-8870-3C0ECA68BD15}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{1F3A4489-B5F2-4A07-8C98-C1C82D6831D5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{2201A978-DA6C-47C4-B2B7-7DA90C58F589}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{259037B4-6F43-48AB-93D6-5417444FB516}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{2828D8B6-6DA6-4654-9286-264DD369EE4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C911EC9-4A4C-4ED2-AB61-B7AAA20EDD06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33B0966A-E448-45D8-9B56-AEE4058F468C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{347ED66D-A80E-4E9A-A19C-D67D0D26BC04}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3C73AA64-12C2-42AB-A644-085058C6DBBB}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{3E9264CD-4E0B-40D5-8B7A-B6F3248F0666}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{3F32B416-0A7A-4862-B960-624284C7E2CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{489EBA16-AC6F-4153-B329-AB4B5C591C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C1DED3D-A0F0-47AD-8AEC-1638AC32D9C6}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{551484BC-58AD-4932-804F-81C6EE2FD1B9}" = protocol=17 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe |
"{612BDA36-92D9-4989-9D5E-E3B2BBC7AE54}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{6635B104-95FC-4DB2-8542-2BD31C6B4CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{68D42766-138A-4750-9475-1658FD421975}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{695C84EB-1520-4122-B757-26F1B4905C76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6BD9474E-464A-44B3-A355-755CF099532B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F8D4358-7604-4F68-9033-431E900FE3CB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{700E1155-491F-4862-88EF-BC7C6846DCBD}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe |
"{7E6410F1-AAB0-49DF-8390-1D240ECEA70E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic 2013 demo\dotp_d13_demo.exe |
"{7E69A5F5-B9FE-4DDD-9298-D8AC31961C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{86752A78-AC27-4762-8D7C-B7679B3AA37D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8983134A-50A4-4344-A962-AC46258434F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BA4266C-AD9F-4E21-BEEF-6FDDD1F6160B}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{9C12A486-DD52-468D-BDEF-4BB1F897D1A6}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii\diablo iii.exe |
"{9C80345C-F51C-406F-90E1-29C131941631}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9FDFC307-ABF9-4FAB-BE6E-46A7FF5B2300}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{A0E7B4B7-B45D-4E3E-BECA-99B3E7B3EC30}" = protocol=6 | dir=out | app=system |
"{A50C4AAD-42DC-40A4-9109-C6BFF0A49F78}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{A5893FC0-C622-4C0D-A79E-B242758F4505}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AC1DFD39-CFDA-4865-8647-A655AF95CCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AD5D722C-AA73-49E3-A0CD-819BBD9A048E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AFDBAB4F-C31C-49C3-B3D8-4FCEF8FF0D1B}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{B5B0CF4F-F508-4374-8557-49F015C78E35}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BB626015-62E3-4296-A9E6-E40C77BCEB30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{BB94EC53-1079-40B4-99B6-A1426A3FC738}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{C08E02EA-E244-4BF5-8A6E-CF97593387B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C19DB016-A6BA-4BE0-B5F3-6C14255F82EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2211008-E81F-4170-AC80-1E7A6B8E91D2}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{C6C502F1-A4AF-4CC8-B11A-A06F6E667D01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBF98ABB-6492-4C9B-ABF3-3FE27C265A05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD686802-4419-4A44-988A-3CDCC5143F5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CFB9D772-6467-4755-9B08-667E363E5208}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{D7F59B86-27CA-4AD8-9DC3-6A973384D478}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{DA9783CF-CA31-420D-BC62-F8AE41816610}" = protocol=6 | dir=in | app=d:\games\origin games\battlefield 3\bf3.exe |
"{DC181075-0EDD-4DD0-8B89-458FB17E5D34}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{DCF37783-450B-421A-98A8-84B038D81E35}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{DD32FA3D-FC00-4C72-A1D9-74C4C175A76F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DFC4C1F7-839A-434E-A83B-28E514B22BAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFDA098B-5399-4C3A-B68C-65F0F31410EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{E5BFC051-2B97-4D29-A844-C70413594CE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9D98CC3-61B7-4240-A8BF-5C9B1F4FC7BE}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{F346D2CA-CE2C-495D-A09A-B10EF855A3A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F574EBEF-FA6A-4FA3-95DE-D436285794ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F6144F46-9DC7-402C-B06E-026538D65B23}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FCC1C5F2-BC21-49B7-ADCC-A0B888F52584}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0352B962-3556-44F9-84F7-43E3DF707AAC}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{09DC5A19-C761-4F3A-A596-F50FF415001E}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{14DBFBFF-F15B-430C-BCC7-E6B6BBBF004F}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{199C9C86-6796-459D-9B3C-A5C8709069FA}D:\games\left4dead2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\left4dead2\left4dead2.exe |
"TCP Query User{1C10F732-9C5E-440C-992A-2A3CE36E42A4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{2628B882-58AB-4F97-B57C-C11C75C322B4}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{313C4A3A-B6C9-4944-9AF7-2F9A5DEF1EFF}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{3BA22A83-B474-4B8E-A071-D52F24BF5A96}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{4D381FC5-D935-4CC8-A32B-74627EB6FC87}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe |
"TCP Query User{57F52F4C-B2F0-41FD-AB51-0C46559297C0}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe |
"TCP Query User{6502974B-E525-4C9F-AF76-AFEC259741D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{67F2DAAF-4022-47D9-A3AF-B9B69F07EE3D}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe |
"TCP Query User{6AAF3117-2544-4488-AB1E-5D8EE276FE36}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"TCP Query User{833BAF54-6384-41A1-8C0F-AF46168EE1DD}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{8E78B87F-22BA-4195-8AE0-92902F0C4E81}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{981E80CE-FD21-4FB9-946C-82F951FE5C36}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe |
"TCP Query User{9CE04E96-4441-452E-B9A8-A5BDA1E3160D}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=6 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe |
"TCP Query User{9D85F312-FF0F-461C-A514-E424D92D42EA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{9F64804A-1AAF-44AF-9251-2DDFE27A084B}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe |
"TCP Query User{A321B776-4752-4397-BB4C-9C33D99FC93E}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{C1D86821-02D4-4F91-9BFF-F80D9C0F56D9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{D8651308-1AAA-493A-9F90-1CDE946DF9D0}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{D8C704C1-28A4-46BE-B418-9566B4F21F8D}D:\games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer generals\game.dat |
"TCP Query User{DFA4598A-3A22-403E-90F7-83EF4D695335}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{F8BA274A-FB7F-4A18-BD9B-F55CB21DA368}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe |
"TCP Query User{FAD0C791-324E-46F7-8F4E-320AD4DC6108}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe |
"UDP Query User{1169A0AD-D2D8-42C2-B7F6-947B8CD4BD7A}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{22B01130-C29B-4DE9-8D39-3F5F2BB34BA3}C:\users\nichtadmin\downloads\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_dede.exe |
"UDP Query User{25D013BE-A376-418F-98BF-DDB3ED807CF7}D:\games\warcraft iii\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\starcraft ii.exe |
"UDP Query User{471B026B-49D9-4ECA-85C7-872C6D669E74}C:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"UDP Query User{4A05CBF2-242A-4DB4-AC7C-95425D1069CF}D:\games\warcraft iii 2 an midget (midget)\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii 2 an midget (midget)\war3.exe |
"UDP Query User{4BC030E4-C6E3-477A-8791-2864A2342507}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{52A64C03-4A90-464B-A315-B13DDD10213C}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{6349858B-AF48-4C71-8511-B7E0D692590A}C:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\downloader_warcraft3_reign_of_chaos_dede.exe |
"UDP Query User{7B1E4015-747E-411F-94F6-EBCAE89A09F1}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{7B40E25A-98B9-422A-9906-912C1800953D}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{815B3ED7-9FBB-42DD-ADC0-8A15127BE4D5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{83471507-6BEA-422C-A1F9-E659EAFC5C39}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe |
"UDP Query User{84308E42-2A68-4951-8703-349CCF4101EC}D:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{89317902-F5CD-4CF7-8084-65357D3AE517}D:\games\left4dead2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\left4dead2\left4dead2.exe |
"UDP Query User{96FB9091-EB2F-4E36-ADDD-6BB23AE6CAC2}D:\games\age of empires ii the age of kings\empires2.exe" = protocol=17 | dir=in | app=d:\games\age of empires ii the age of kings\empires2.exe |
"UDP Query User{98169B9A-2893-44CA-94BF-CC88DD8E9208}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{9DF63A42-6583-45C8-AF74-92B8A58BC6B9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B13848E0-9958-4270-99DE-1EBA7AB0CF24}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{B6F90F87-04D2-4964-B444-8A495FFE46F6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{C92AA728-5AA0-4419-A13F-09C7CCF742A2}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{D63603AF-5417-4E78-A40F-00103193CFBB}C:\users\admin\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\starcraft_2_eu_de-de.exe |
"UDP Query User{D686D7C7-5B00-4CF7-94CE-83D929902E8F}D:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{E946BFE4-32C0-428F-B787-CE57CA3B5681}C:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{F5B8C1B5-BEC3-400C-B051-068E0AD23773}C:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\nichtadmin\downloads\downloader_diablo2_lord_of_destruction_dede.exe |
"UDP Query User{F832D051-A0BA-4ACA-8A52-7B860B8651B8}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{FC8EAEE6-4A07-4149-A35B-2F4F28A2D29D}D:\games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer generals\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{364DE718-D45E-978A-A316-AB0557649B6F}" = ATI AVIVO64 Codecs
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.64 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57439F3C-1001-5AB2-A0E4-F36D43C84BEB}" = HydraVision
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E0D3B8A3-F268-4C74-AD24-AE489FA80B39}_is1" = Xtreme-G 12.4 Win7-8 32-64bit
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cockatrice" = Cockatrice
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FileHippo.com" = FileHippo.com Update Checker
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"StarCraft II" = StarCraft II
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 97340" = Magic: The Gathering - Duels of the Planeswalkers 2013 Demo
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"XnView_is1" = XnView 1.98.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.07.2012 17:11:39 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Left4dead2.exe, Version: 0.0.0.0,
Zeitstempel: 0x4addfda3 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b2be096 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001a2103 ID des fehlerhaften
Prozesses: 0x11e4 Startzeit der fehlerhaften Anwendung: 0x01cd606aeb31a6d0 Pfad der
fehlerhaften Anwendung: D:\Games\Left4Dead2\Left4dead2.exe Pfad des fehlerhaften
Moduls: D:\Games\Left4Dead2\left4dead2\bin\client.dll Berichtskennung: 2b5fd57a-cc66-11e1-adb5-c80aa995482f
Error - 13.07.2012 00:49:22 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0xcd0 Startzeit der fehlerhaften Anwendung: 0x01cd60b2dd09f213 Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
1ceaa314-cca6-11e1-adb5-c80aa995482f
Error - 13.07.2012 00:50:01 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0x01cd60b2f4bb244d Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
33985f50-cca6-11e1-adb5-c80aa995482f
Error - 13.07.2012 00:51:06 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0xfa0 Startzeit der fehlerhaften Anwendung: 0x01cd60b31bb0cad7 Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
5a717558-cca6-11e1-adb5-c80aa995482f
Error - 13.07.2012 00:53:58 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0xe5c Startzeit der fehlerhaften Anwendung: 0x01cd60b37eea283b Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
c1335da3-cca6-11e1-9035-c80aa995482f
Error - 13.07.2012 00:55:15 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0xea0 Startzeit der fehlerhaften Anwendung: 0x01cd60b3afdc8b82 Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
eec80ec7-cca6-11e1-9035-c80aa995482f
Error - 13.07.2012 07:01:27 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mow_assault_squad.exe, Version: 1.0.0.0,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f50f ID des fehlerhaften
Prozesses: 0x86c Startzeit der fehlerhaften Anwendung: 0x01cd60e6d77323a6 Pfad der
fehlerhaften Anwendung: D:\Games\Men.of.War.Assault.Squad-SKIDROW\Men of War. Assault
Squad\mow_assault_squad.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
1783702d-ccda-11e1-80ac-c80aa995482f
Error - 13.07.2012 17:59:07 | Computer Name = ____ | Source = Application Hang | ID = 1002
Description = Programm Demigod.exe, Version 1.0.0.91 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 688 Startzeit:
01cd61388a9794f2 Endzeit: 324 Anwendungspfad: D:\Games\Demigod-RADIANCE.Upped.By.Creep\radiance-demigod\bin\Demigod.exe
Berichts-ID:
Error - 14.07.2012 18:51:36 | Computer Name = ____ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cockatrice.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ff1d2a7 Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.1.0,
Zeitstempel: 0x4fe7a8a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0063cb64 ID des fehlerhaften
Prozesses: 0x8fc Startzeit der fehlerhaften Anwendung: 0x01cd6204f883b9cb Pfad der
fehlerhaften Anwendung: D:\Games\Cockatrice\cockatrice.exe Pfad des fehlerhaften
Moduls: D:\Games\Cockatrice\QtGui4.dll Berichtskennung: 768d13b8-ce06-11e1-acca-c80aa995482f
Error - 15.07.2012 12:53:04 | Computer Name = ____ | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10bc Startzeit:
01cd62a4ea58069e Endzeit: 63 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
8935f187-ce9d-11e1-ad68-c80aa995482f
[ System Events ]
Error - 15.08.2012 11:26:00 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 16.08.2012 11:24:45 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 16.08.2012 11:34:10 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.08.2012 11:22:01 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.08.2012 17:14:23 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.08.2012 04:11:26 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.08.2012 07:48:08 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.08.2012 09:54:35 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.08.2012 11:55:54 | Computer Name = ____ | Source = DCOM | ID = 10010
Description =
Error - 19.08.2012 09:49:40 | Computer Name = ____ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report > --- --- ---
hhmm nach dem entfernen sagte mir maleware ich muss neustarten um richtig zu entfernen, ich hab erstmal die txt gespeichert und dann neu gestartet, leider ist die txt aber nun aufeinmal weg :(
Aber er hatte 2 sachen gefunden, beide entfernt.
Nu geht taskmanager wieder.
Übrigens, in letzter zeit stürzt mir mein windows explorer direkt nach dem hochfahren einfach ab, kann ich niks machen auser hard kill :( das nervt |