Bundespolizei Virius
Hallo
so ich hab auch das problem mit " Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert " virus hab mich schon mal was umgeschaut und die OTL Logfiles erstellt und ein qickscan mit malwarebytes hoffe das war richtig ;)
OTL
OTL Logfile: Code:
OTL logfile created on: 25.08.2012 12:06:20 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\SchoreKing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,80% Memory free
6,00 Gb Paging File | 5,43 Gb Available in Paging File | 90,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,45 Gb Total Space | 35,98 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive D: | 290,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Computer Name: JACKLINE | User Name: SchoreKing | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\SchoreKing\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EagleX64) -- C:\Windows\SysNative\drivers\EagleX64.sys (AhnLab, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (npkcrypt) -- C:\Program Files (x86)\Lineage II\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3720&r=173612099606p03g5v115y48810451
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd_ut
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE359DE362
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-9588033570232632:rhmyra-cwbb&q={searchTerms}
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{A34045D1-713C-42D6-D900-14720FBD9817}: "URL" = hxxp://torrentreactor.wyzostart.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-156-0-Nzp
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "InnoGames Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "InnoGames Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {ff88a983-649d-4207-9336-9b999280b436}:3.6.0.10
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\SchoreKing\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\SchoreKing\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SchoreKing\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\SchoreKing\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 02:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.09 15:33:23 | 000,000,000 | ---D | M]
[2009.12.27 14:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SchoreKing\AppData\Roaming\mozilla\Extensions
[2012.08.25 11:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SchoreKing\AppData\Roaming\mozilla\Firefox\Profiles\lnx07s6b.default\extensions
[2012.08.25 11:47:16 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\SchoreKing\AppData\Roaming\mozilla\Firefox\Profiles\lnx07s6b.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2011.10.09 15:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SchoreKing\AppData\Roaming\mozilla\Firefox\Profiles\lnx07s6b.default\extensions\nostmp
[2010.05.04 08:12:13 | 000,001,765 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\ask.uk.xml
[2009.12.03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\BearShareWebSearch.xml
[2012.01.08 17:40:42 | 000,000,921 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\conduit.xml
[2011.02.16 15:12:58 | 000,002,059 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\daemon-search.xml
[2012.08.22 19:14:55 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-1.xml
[2011.05.08 11:57:29 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-10.xml
[2011.08.20 12:25:25 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-11.xml
[2011.08.31 12:57:07 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-12.xml
[2011.09.07 19:22:03 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-13.xml
[2011.09.28 19:22:05 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-14.xml
[2011.10.09 15:36:10 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-15.xml
[2010.09.17 21:43:00 | 000,000,961 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-2.xml
[2010.10.09 15:45:41 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-3.xml
[2010.10.23 13:56:52 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-4.xml
[2010.10.31 15:20:00 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-5.xml
[2010.12.11 19:01:43 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-6.xml
[2011.03.06 15:40:46 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-7.xml
[2011.03.08 16:37:57 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-8.xml
[2011.03.27 11:42:14 | 000,000,950 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin-9.xml
[2011.05.03 20:38:02 | 000,001,038 | ---- | M] () -- C:\Users\SchoreKing\AppData\Roaming\Mozilla\Firefox\Profiles\lnx07s6b.default\searchplugins\icqplugin.xml
[2011.12.03 18:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.23 13:51:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.29 14:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SCHOREKING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LNX07S6B.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.07.19 02:06:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.25 13:50:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.04 19:30:19 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2009.12.03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012.06.25 13:50:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 13:50:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 13:50:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 13:50:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 13:50:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.05.12 23:40:16 | 000,000,957 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 184.168.103.181 L2authd.Lineage2.com
O1 - Hosts: 127.0.0.1 l2testauthd.lineage2.com
O1 - Hosts: 127.0.0.1 l2authd.lineage2.com
O1 - Hosts: 127.0.0.1 nprotect.lineage2.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [dsrvcs] rundll32.exe "C:\Users\SchoreKing\AppData\Roaming\dsrvcs.dll",ADoTest File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [xmlfilter] C:\Users\SchoreKing\AppData\Local\Microsoft\Windows\2303\xmlfilter.exe ()
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [Akamai NetSession Interface] C:\Users\SchoreKing\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [Facebook Update] C:\Users\SchoreKing\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [oleGLSvcs] rundll32.exe File not found
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SchoreKing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SchoreKing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3001030980-1187624694-4205380261-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8E4A5FF-7DB5-41EB-ABD0-F6EA26ED0052}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5202c88e-893c-11e0-b45e-002511aea5ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5202c88e-893c-11e0-b45e-002511aea5ff}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{b4fdc48d-bec8-11de-81f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4fdc48d-bec8-11de-81f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.11 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\SchoreKing\Desktop\Neuer Ordner (13)
[2012.08.07 17:57:01 | 000,000,000 | ---D | C] -- C:\3140f230ba4288015e4e
[2012.08.03 18:58:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.27 19:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.27 19:03:48 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\SchoreKing\Desktop\OTL.exe
[2009.08.15 02:25:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
========== Files - Modified Within 30 Days ==========
[2012.08.25 11:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.25 11:45:59 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.25 11:44:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.19 12:09:23 | 001,661,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.19 12:09:23 | 000,711,934 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.19 12:09:23 | 000,672,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.19 12:09:23 | 000,152,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.19 12:09:23 | 000,128,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.08 12:24:55 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 11:28:25 | 000,134,176 | ---- | M] () -- C:\Users\SchoreKing\Desktop\68705-1000.jpg
[2012.08.03 18:59:54 | 000,006,448 | ---- | M] () -- C:\bootsqm.dat
[2012.07.27 19:03:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\SchoreKing\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2012.08.05 11:28:23 | 000,134,176 | ---- | C] () -- C:\Users\SchoreKing\Desktop\68705-1000.jpg
[2012.08.03 18:59:54 | 000,006,448 | ---- | C] () -- C:\bootsqm.dat
[2012.03.25 16:06:43 | 000,000,704 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\6eee9022\U\000000cb.@
[2012.03.25 14:07:34 | 000,022,016 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\6eee9022\U\800000cb.@
[2012.02.13 00:27:07 | 000,037,376 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\6eee9022\U\80000000.@
[2012.01.06 01:04:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.01.05 18:24:21 | 000,030,720 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\6eee9022\U\800000cf.@
[2011.12.28 13:07:21 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.12.25 20:36:59 | 000,002,048 | -HS- | C] () -- C:\Users\SchoreKing\AppData\Local\6eee9022\@
[2011.11.27 17:47:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.11.15 16:38:53 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.18 12:26:36 | 000,132,096 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.dll
[2011.09.18 12:26:36 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011.08.27 11:41:50 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010.10.05 11:45:26 | 000,000,098 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\fusioncache.dat
[2010.09.23 17:40:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.09.15 15:57:54 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.09.12 11:17:30 | 000,007,643 | ---- | C] () -- C:\Users\SchoreKing\AppData\Local\Resmon.ResmonCfg
[2010.03.26 15:55:50 | 000,000,680 | RHS- | C] () -- C:\Users\SchoreKing\ntuser.pol
[2010.03.07 10:31:08 | 000,026,853 | ---- | C] () -- C:\Users\SchoreKing\AppData\Roaming\UserTile.png
[2010.01.17 13:01:50 | 000,000,288 | ---- | C] () -- C:\Users\SchoreKing\AppData\Roaming\wklnhst.dat
========== LOP Check ==========
[2010.05.24 10:43:33 | 000,000,000 | -HSD | M] -- C:\Users\SchoreKing\AppData\Roaming\.#
[2011.10.09 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\8938358
[2011.05.03 16:56:25 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Azureus
[2011.09.04 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Babylon
[2012.01.29 15:23:57 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\BigHugeEngine
[2011.03.08 14:29:18 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\BlackBean
[2011.03.08 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Capcom
[2011.11.12 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\DAEMON Tools Lite
[2011.02.15 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\DAEMON Tools Pro
[2011.10.28 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\DVDVideoSoft
[2011.05.04 07:49:20 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.25 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Engelmann Media
[2011.09.28 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Eqra
[2009.12.27 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\FOG Downloader
[2010.05.24 10:38:43 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\GameConsole
[2011.04.27 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\GameRanger
[2010.10.11 12:54:14 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\GetRightToGo
[2012.07.24 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\hellomoto
[2012.04.05 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\IGG
[2011.09.08 18:39:10 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012.01.01 21:33:13 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Mumble
[2012.06.26 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Need for Speed World
[2011.09.18 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Ogisd
[2010.02.28 17:07:17 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\PlayFirst
[2011.02.06 21:47:00 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\ProtectDisc
[2010.01.10 11:43:25 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Serif
[2011.08.31 18:37:51 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\stuntrally
[2010.09.13 09:38:19 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Template
[2011.12.27 20:11:56 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\The Creative Assembly
[2012.07.20 01:49:12 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\TS3Client
[2011.07.16 14:04:21 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\ts3overlay
[2012.01.07 22:50:31 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Tunngle
[2010.10.05 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Turbine
[2011.07.14 09:29:32 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\Unity
[2010.08.16 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\SchoreKing\AppData\Roaming\uTorrent
[2012.07.23 18:43:04 | 000,001,136 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3001030980-1187624694-4205380261-1000Core.job
[2012.07.24 21:43:01 | 000,001,158 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3001030980-1187624694-4205380261-1000UA.job
[2010.01.12 19:06:13 | 000,000,546 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2012.05.18 10:42:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FD0C620E
< End of report >
--- --- ---
Extras
OTL Logfile: Code:
OTL Extras logfile created on: 25.08.2012 12:06:20 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\SchoreKing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,80% Memory free
6,00 Gb Paging File | 5,43 Gb Available in Paging File | 90,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,45 Gb Total Space | 35,98 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive D: | 290,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Computer Name: JACKLINE | User Name: SchoreKing | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13699CA8-7FE5-4398-BE68-309A1FBCDE2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20F7B82B-1E76-423E-88CC-8773B84AD178}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{23815A9B-D6D4-4F61-9E4F-9BA1F95D2BCD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{25C2442B-2F04-483F-9FE4-AFF874204A97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FB7456A-7400-4FA8-9CE8-E60552219805}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{341C599D-60D6-4609-87FD-AC819EFB04DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D950539-D119-4D38-BAEF-7091BE64F2B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{58D5A493-429A-4DB5-B78D-DF41724223FA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{73E2813A-A66E-4BC6-AB06-B80E3BD7C14E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D939B82-335E-43BE-B109-7429FBEB23C1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9183651E-FEC5-4122-9329-E89FFFC8B5C6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9184454C-F597-48FE-B727-A3287FFE0DC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9D26F023-2F22-4C97-8EA2-5AF114ABA6C2}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface |
"{A501E407-00CA-4542-BD86-D886C4F09193}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB089CA-06F6-44D2-8B01-4C96A8FF82EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1E9A6E2-7FC6-49B4-8025-63865202ECE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC0CA246-24DD-48DB-B775-A69D43EF6D64}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009AA880-8421-431C-A0C3-FA7192D1C316}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{02531DDC-DAA9-42B6-AE55-7900EAD57803}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{062274C5-7C9D-49F6-820A-24127DC30937}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{077A7F7D-E9BB-4AE1-BFA7-2BD7DD76F8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{07A45275-EC24-4798-A033-970DF39C64C8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{13D7521D-AACD-47DE-9BF1-DBE3324ACEC3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{17762063-F521-419C-96DB-1513876F708E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1DF7C215-244E-4660-930D-3C38C800F5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{20365686-0628-4025-83D0-1D4072C77556}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{21F5F0A4-F6DB-49C0-9A1A-36B3F308F076}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{2416B721-7CBC-4287-A67F-C619651261EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{4113AAA9-9A4F-4EEE-8E95-598B7BACD4C9}" = protocol=6 | dir=in | app=c:\users\schoreking\appdata\local\akamai\netsession_win.exe |
"{5186C8D5-1BE9-4AEB-ABCF-A60516281217}" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"{5C73BE3D-505D-427E-8F58-CCBF352C4F98}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{61422B97-F479-44D8-9AB8-E6551344021A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{62BD1818-2810-4874-8B7F-ABA01DDC46C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{65F58AB0-E5F2-4942-B95C-7327ED0D822B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{68890F15-BF15-4D30-B21E-6F9A904B74B0}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{6931A8EB-F164-41EB-8A8F-BA25640A8094}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6ABE29CF-DA91-4FA5-B357-4B58F232BA49}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{6B761B9C-93B6-4608-B732-1F35B3AD7D80}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6B7683CF-731C-4A47-83B0-3177780E1396}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{7043391C-6B68-4E5E-AB43-13B523DF4CD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74BD77F1-7E53-4E23-8584-CABC09C3461C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{772C5B08-3DF8-414F-AE8F-63A56EAED9CA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{78514553-6D26-4540-98B2-E587187973C5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7BAECB5E-76E5-45E0-B0D6-28F84A6757F9}" = protocol=17 | dir=in | app=c:\users\schoreking\appdata\local\akamai\netsession_win.exe |
"{7CBD5F47-CA0B-492F-B0D1-4FB695946945}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{89F03A47-B507-49EE-BB4F-AAD076336493}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{95303FF4-A101-4808-BC28-2AFCBDEE11FD}" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"{9727F9BA-49FA-4115-9AB6-A3604677B5C1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{9D2DA1D6-B2A4-4D30-A66C-5D75A386EC17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{9ED35866-D421-4AA3-9C21-041B487400B7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B19F6E19-A4EB-426F-8FAA-566B20764AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{BA517545-8CB2-4D94-B2E5-50CEC9024E1C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BA6241A9-93A9-4B9F-A905-58AD03870DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{CF42E5C7-D2BD-4E56-A3D3-4B82293FE7E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D5D69BBF-8250-4F01-BE69-C32AF5E85E52}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E15695F8-0F58-46C3-88E1-6ADB8D9454F9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EAF26DC6-5863-4D1E-BF53-89F1B1FA2054}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F409ABA0-31BF-4659-97B3-5782F1007797}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{0F911353-46D0-41C0-A868-3387EA0D9970}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"TCP Query User{150C0ACA-98E3-4040-AD36-A7523CDD3048}C:\users\schoreking\appdata\roaming\eqra\edbyh.exe" = protocol=6 | dir=in | app=c:\users\schoreking\appdata\roaming\eqra\edbyh.exe |
"TCP Query User{185541F4-5422-4B73-BB2F-A4E155AE5EFA}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{2668C7C4-A126-46C3-9725-9773C39E6C19}C:\program files (x86)\spellforce\spellforce 2 gold\spellforce2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spellforce\spellforce 2 gold\spellforce2.exe |
"TCP Query User{355A2C38-E12E-43D7-BFC7-E7FC24354F65}C:\program files (x86)\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{6975AC52-F91A-4591-9AA0-A967ECE63417}C:\program files (x86)\counter-strike source lan\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source lan\hl2.exe |
"TCP Query User{70C75D1A-79A0-463F-8AD7-4CE284F3E4D4}C:\arquivos de programas\l2phx 3.1.8\l2phx.exe" = protocol=6 | dir=in | app=c:\arquivos de programas\l2phx 3.1.8\l2phx.exe |
"TCP Query User{9982F96D-7974-476D-BEFA-B3AB31442A75}C:\users\schoreking\desktop\racer\racer.exe" = protocol=6 | dir=in | app=c:\users\schoreking\desktop\racer\racer.exe |
"TCP Query User{9F0D4AC8-FF8D-4AF5-B999-9E6EB9AA69C3}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9FDF128D-2283-4D2C-A702-D5607E35A1EC}C:\program files (x86)\drivingspeed2\drivingspeed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drivingspeed2\drivingspeed.exe |
"TCP Query User{D10ABF90-0D3E-41DC-B857-C5C2D8A2334A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{DD1382F3-3082-47A8-A476-932BB963525E}C:\windows\syswow64\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"TCP Query User{E7679067-AD8E-4B09-A04F-B55C11599AF3}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F2104729-A00F-43D7-B82B-3A5169981744}C:\dataflor\dataplants2011\sys\asa800\dbeng9.exe" = protocol=6 | dir=in | app=c:\dataflor\dataplants2011\sys\asa800\dbeng9.exe |
"TCP Query User{F8764CFA-AB7C-48C3-AAF0-12349C251B3A}C:\program files (x86)\lineage ii kingofworld\l2phx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lineage ii kingofworld\l2phx.exe |
"TCP Query User{FBE735C1-E78D-4213-AB28-0B4817B06FFB}C:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{0491F179-D2B6-42F9-93F0-449E296B361F}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"UDP Query User{08ADAB86-5386-46AB-965B-441F80180F6E}C:\arquivos de programas\l2phx 3.1.8\l2phx.exe" = protocol=17 | dir=in | app=c:\arquivos de programas\l2phx 3.1.8\l2phx.exe |
"UDP Query User{10060D11-8635-4BCB-A731-36A14439EEC8}C:\program files (x86)\lineage ii kingofworld\l2phx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lineage ii kingofworld\l2phx.exe |
"UDP Query User{230294AA-BB45-47F0-AADB-8C414C561A15}C:\program files (x86)\spellforce\spellforce 2 gold\spellforce2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spellforce\spellforce 2 gold\spellforce2.exe |
"UDP Query User{358A4B76-9DD0-4B80-A672-CAED5091ACC5}C:\windows\syswow64\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"UDP Query User{4CE5D6B6-F844-4F5E-B1EB-FA8D13FCCFA9}C:\users\schoreking\desktop\racer\racer.exe" = protocol=17 | dir=in | app=c:\users\schoreking\desktop\racer\racer.exe |
"UDP Query User{5946D8C5-6ECF-4CC9-8FDC-A4C8101F1D9C}C:\dataflor\dataplants2011\sys\asa800\dbeng9.exe" = protocol=17 | dir=in | app=c:\dataflor\dataplants2011\sys\asa800\dbeng9.exe |
"UDP Query User{82596CE3-E949-491F-9574-BB698C1D33B7}C:\program files (x86)\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{8AFF3540-8542-4373-A450-AFF515094DA3}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{8C321DE7-5DA6-498C-9810-5733A0B0E5A4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{91AE0A22-DF50-4C30-B110-4D2C8704F1BD}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{93E181EB-5308-48C9-BC77-306F9D95CCFC}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E1A034F2-8133-45BC-B86D-AA385BE34259}C:\users\schoreking\appdata\roaming\eqra\edbyh.exe" = protocol=17 | dir=in | app=c:\users\schoreking\appdata\roaming\eqra\edbyh.exe |
"UDP Query User{E89F5F5A-E750-4FAF-A3E7-76C6BF4EB727}C:\program files (x86)\counter-strike source lan\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source lan\hl2.exe |
"UDP Query User{EDD65F58-C339-4324-B319-73186B6BD6E2}C:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{FD7DE088-4204-4727-925A-4F8AF497592A}C:\program files (x86)\drivingspeed2\drivingspeed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drivingspeed2\drivingspeed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBAE9144-AF3E-4AF5-B45F-64896D651E27}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Space Dust 3D_is1" = Animated Wallpaper - Space Dust 3D
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-c1330992-4ede-4a66-b4fe-79367453d29b" = PARANORMAL - BETA 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21C205CD-3770-9454-ECC1-88BB0E2AD807}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Sitecom Europe BV Wireless LAN
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41ACCBEB-F6BD-B9DF-8CCE-32A70F14432B}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D0AEAD8-07FA-4C4D-9347-E7FBC5534B73}" = Sacred 2 - Fallen Angel
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EAADDC-0C0E-426D-A972-1059A6B0E18E}" = SBK®X Superbike World Championship Demo
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB9BA8A-E711-40E6-BBF0-77ED60A2940F}" = Facebook Messenger 2.1.4587.0
"{A018A4CE-0D6F-BEB5-EDC2-D9386B2BF1B3}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CABAL Online_is1" = CABAL Online
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KnightShift" = KnightShift
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 202480" = Creation Kit
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 36630" = Rusty Hearts
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3001030980-1187624694-4205380261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.38
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.07.2012 13:10:24 | Computer Name = Jackline | Source = MsiInstaller | ID = 11719
Description =
Error - 04.08.2012 07:50:11 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x004923d1 ID des fehlerhaften Prozesses: 0x770 Startzeit der fehlerhaften Anwendung:
0x01cd7220b5e67e10 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
8b8845b0-de2a-11e1-805b-8a51cfe9a5ea
Error - 04.08.2012 12:35:16 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x002118b6 ID des fehlerhaften Prozesses: 0x4b4 Startzeit der fehlerhaften Anwendung:
0x01cd725e9b6c9234 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5eeb98f4-de52-11e1-bc55-d226a3ce69e6
Error - 05.08.2012 10:41:13 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x002118b9 ID des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung:
0x01cd7315828afa50 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
9a2c5b10-df0b-11e1-8f5f-d9671830edef
Error - 05.08.2012 10:46:35 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x002118b9 ID des fehlerhaften Prozesses: 0x3a4 Startzeit der fehlerhaften Anwendung:
0x01cd731861237f10 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5a09a280-df0c-11e1-8f5f-d9671830edef
Error - 05.08.2012 10:46:54 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x002118b9 ID des fehlerhaften Prozesses: 0x75c Startzeit der fehlerhaften Anwendung:
0x01cd73191f8cc420 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
65827e70-df0c-11e1-8f5f-d9671830edef
Error - 09.08.2012 09:25:57 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x502230fd Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x502230fd Ausnahmecode: 0x40000015 Fehleroffset: 0x005f6260 ID des fehlerhaften Prozesses:
0x1aa8 Startzeit der fehlerhaften Anwendung: 0x01cd763276934fd4 Pfad der fehlerhaften
Anwendung: C:\Users\SCHORE~1\AppData\Local\Temp\DSOClient\app.n3app Pfad des fehlerhaften
Moduls: C:\Users\SCHORE~1\AppData\Local\Temp\DSOClient\app.n3app Berichtskennung:
c00a2a34-e225-11e1-8e7a-e3ee72ada9bf
Error - 09.08.2012 09:26:43 | Computer Name = Jackline | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x502230fd Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x502230fd Ausnahmecode: 0x40000015 Fehleroffset: 0x005f6260 ID des fehlerhaften Prozesses:
0x1dfc Startzeit der fehlerhaften Anwendung: 0x01cd76329349e5d4 Pfad der fehlerhaften
Anwendung: C:\Users\SCHORE~1\AppData\Local\Temp\DSOClient\app.n3app Pfad des fehlerhaften
Moduls: C:\Users\SCHORE~1\AppData\Local\Temp\DSOClient\app.n3app Berichtskennung:
dbc46e74-e225-11e1-8e7a-e3ee72ada9bf
Error - 13.08.2012 11:24:36 | Computer Name = Jackline | Source = Google Update | ID = 20
Description =
Error - 17.08.2012 12:30:09 | Computer Name = Jackline | Source = GregHSRW.exe | ID = 0
Description =
[ System Events ]
Error - 25.08.2012 05:46:15 | Computer Name = Jackline | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.08.2012 05:46:16 | Computer Name = Jackline | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 25.08.2012 05:46:16 | Computer Name = Jackline | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 25.08.2012 05:46:17 | Computer Name = Jackline | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb discache spldr Wanarpv6
Error - 25.08.2012 05:46:27 | Computer Name = Jackline | Source = DCOM | ID = 10005
Description =
Error - 25.08.2012 05:46:34 | Computer Name = Jackline | Source = DCOM | ID = 10005
Description =
Error - 25.08.2012 05:46:35 | Computer Name = Jackline | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\RAIHV.dll Fehlercode: 21
Error - 25.08.2012 05:46:36 | Computer Name = Jackline | Source = DCOM | ID = 10005
Description =
Error - 25.08.2012 05:46:36 | Computer Name = Jackline | Source = DCOM | ID = 10005
Description =
Error - 25.08.2012 06:12:10 | Computer Name = Jackline | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- ---
Malwarebytes Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.25.01
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
SchoreKing :: JACKLINE [Administrator]
25.08.2012 12:15:34
mbam-log-2012-08-25 (12-15-34).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198965
Laufzeit: 2 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Users\SchoreKing\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 2
C:\Users\SchoreKing\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\SchoreKing\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| |
