EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner?
Hallo liebe Forenmitglieder,
bei einem Systemcheck auf meinem PC (Windows 7 Home Premium, 64 bit) wurde folgende Malware gefunden: EXP/CVE-2012-1723.A.1
Da ich mich mit Malware nicht besonders gut auskenne, wollte ich nicht auf eigene Faust anfangen, jene zu entfernen. Ich habe über Google nur gefunden, dass er scheinbar einer dieser Erpresser-Trojaner ist, ich habe die Datei in Quarantäne verschoben, die Internet- und Netzwerkverbindungen gekappt und mittels eines USB-Sticks die Programme OTL, Defogger und gmer auf den Rechner geschoben. Nachdem ich die Programme die Logs erstellen ließ, habe ich den PC heruntergefahren, was in einem Bluescreen resultierte: "driver power state failure". Weitere Probleme traten nicht auf, hier sind die Logs:
OTL: Code:
OTL logfile created on: 15.01.2013 19:07:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,27% Memory free
15,94 Gb Paging File | 14,32 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 43,12 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 183,93 Gb Free Space | 47,07% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 390,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.15 18:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012.12.24 22:58:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 09:20:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.28 18:41:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.28 18:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.08 21:59:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.24 22:58:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.20 15:07:04 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.28 18:41:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.28 18:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.28 18:41:11 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.06.28 18:41:11 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 A9 13 DA 64 EF CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Admin\AppData\Local\Roblox\Versions\version-322083e762564446\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.03.31 17:16:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
[2012.03.31 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.01.06 20:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions
[2012.07.29 10:56:52 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.29 11:01:08 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\battlefieldplay4free@ea.com
[2012.10.10 14:59:32 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\ich@maltegoetz.de
[2012.10.10 14:59:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.06.28 19:19:47 | 000,001,831 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\leo-deu-eng.xml
[2012.06.28 22:37:09 | 000,001,328 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\wikipedia-de.xml
[2012.03.31 17:48:47 | 000,002,057 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\youtube-video-search.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Admin\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll
CHR - Extension: Battlefield Play4Free = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EADM] D:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F945E3-19F4-49CB-A8FC-CE51DBBF2357}: DhcpNameServer = 192.168.1.1 78.42.43.62 82.212.62.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.01 12:15:56 | 000,206,657 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2012.05.14 14:03:14 | 000,000,106 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.15 19:04:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.01.12 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2013.01.11 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.11 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.11 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.11 16:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013.01.06 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Play withSIX
[2013.01.06 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Play withSIX
[2013.01.06 20:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013.01.06 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2013.01.06 13:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.06 00:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.01.06 00:06:28 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.01.05 23:22:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Winterberg-Modifkation_fü
[2013.01.01 05:11:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PAYDAY
[2013.01.01 05:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.12.24 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 3
[2012.12.24 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ESN
[2012.12.24 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.12.24 20:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.12.24 20:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.12.24 20:06:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.12.24 18:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.12.24 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Origin
[2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.12.22 13:41:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Minecraft alt
[2012.12.20 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GTA Vice City User Files
========== Files - Modified Within 30 Days ==========
[2013.01.15 19:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.01.15 19:05:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.15 19:05:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.15 19:05:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.15 19:05:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.15 19:05:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.15 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.15 18:55:06 | 000,365,568 | ---- | M] () -- C:\Users\Admin\Desktop\gmer-2.0.18444.exe
[2013.01.15 18:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.01.15 18:46:46 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.01.15 18:33:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000UA.job
[2013.01.15 18:10:00 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 18:10:00 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 18:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 18:02:39 | 2123,087,871 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 17:49:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.12 17:49:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.12 17:17:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.12 10:33:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000Core.job
[2013.01.11 21:11:44 | 000,002,322 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2013.01.10 18:20:33 | 000,293,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.06 20:28:25 | 000,000,160 | ---- | M] () -- C:\Users\Admin\.screenleap
[2013.01.06 15:41:58 | 000,020,232 | ---- | M] () -- C:\Users\Admin\Desktop\Bericht.odt
[2013.01.06 00:06:29 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012.12.31 15:48:18 | 000,000,221 | ---- | M] () -- C:\Users\Admin\Desktop\PAYDAY The Heist.url
[2012.12.24 22:58:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.24 20:06:24 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.24 18:03:25 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.23 17:19:08 | 000,000,221 | ---- | M] () -- C:\Users\Admin\Desktop\Plain Sight.url
[2012.12.16 20:49:25 | 000,017,114 | ---- | M] () -- C:\Users\Admin\Desktop\Deutschklausur.odt
========== Files Created - No Company Name ==========
[2013.01.15 19:06:03 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.01.15 19:04:53 | 000,365,568 | ---- | C] () -- C:\Users\Admin\Desktop\gmer-2.0.18444.exe
[2013.01.15 19:04:53 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.01.06 20:27:16 | 000,000,160 | ---- | C] () -- C:\Users\Admin\.screenleap
[2013.01.06 15:09:02 | 000,020,232 | ---- | C] () -- C:\Users\Admin\Desktop\Bericht.odt
[2013.01.06 00:06:29 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012.12.31 15:48:18 | 000,000,221 | ---- | C] () -- C:\Users\Admin\Desktop\PAYDAY The Heist.url
[2012.12.24 20:06:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.24 18:03:25 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.23 17:19:08 | 000,000,221 | ---- | C] () -- C:\Users\Admin\Desktop\Plain Sight.url
[2012.12.16 20:25:36 | 000,017,114 | ---- | C] () -- C:\Users\Admin\Desktop\Deutschklausur.odt
[2012.07.02 19:38:35 | 000,000,720 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2012.05.23 02:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.05.23 02:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.31 17:56:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.03.31 17:56:43 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.31 17:56:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.25 17:00:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.21 16:27:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012.08.28 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AtomZombieData
[2012.11.07 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2012.07.02 19:11:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\inkscape
[2012.08.28 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012.06.28 22:38:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012.12.24 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2013.01.06 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Play withSIX
[2012.07.09 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDISC
[2012.08.11 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-updater
[2012.07.14 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-zsync
[2012.12.24 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
========== Purity Check ==========
< End of report >
Extras: Code:
OTL Extras logfile created on: 15.01.2013 19:07:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,27% Memory free
15,94 Gb Paging File | 14,32 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 43,12 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 183,93 Gb Free Space | 47,07% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 390,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036E5976-0D06-4F83-99DD-041A2542935F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"{03954961-DF35-4BA1-A9DD-90635FF5133E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{03B78E4E-CB63-45AB-9D83-166A48CC39FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{03EA8B6B-3E91-4365-89EB-0B28EDC21D41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{08F0A1A4-E001-4DDF-A068-9FB5161309F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{09E2DD4B-0E84-4B7A-A794-3C4574526DC4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{0C30AB8B-BEA7-414F-B04B-17524C301907}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{0E6625B5-5EAC-41F8-8363-863F31EB1FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{17FDD93C-53B4-4B2F-A947-60AE9656F2FB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{1C71DE9C-E7D3-4F67-95A2-9DAD3B1CF0A7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{1FB89147-649A-4571-88D1-BFE386D7DADE}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2049719A-E78C-4F49-B448-6A7AF3FBC2A4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{28A438CA-0179-4ABD-B131-8C08050080CE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{2AE18E02-600C-4FF0-A3C1-07237F8DE313}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2D50CEF0-DA11-4908-BBFB-F20DF89F9CAD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{2E0C7070-8E11-4968-BCFB-77AAF253E03D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{2EF4A96C-78C2-4CCF-BDC4-44D7A947F19D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{2FEA2FBB-5888-4036-800E-A33A08C2ABF4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{317C3A83-E1EC-405E-AE1F-7B5D949FE16D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{3184F63B-760A-4171-B806-EF6FC0575011}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{3278BEA6-206A-4BDC-92C8-411476FA1BB8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{327CAC3E-359A-470E-9E41-2124DABC19BB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{32983C75-7711-4028-82B1-3C05F181EA2A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{3391DAC1-ED67-4EAD-8033-B5A944C5FFA2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{386F44B8-02FB-4DDD-BBB1-D928B87E5925}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{3A275874-BEA5-4324-9A90-EE3E286CA04D}" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"{3AC3CF36-6104-4951-9998-BADCC4AD196D}" = protocol=17 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4x.exe |
"{3B6DEBA5-B29E-4F3C-9EBC-DF60092E8ABC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3C8784A8-D224-4ED2-BFB3-B9F35EF01E8F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{41D62E14-225E-4459-A103-1CA0C1F1FF0B}" = protocol=17 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4xdedicatedserver.exe |
"{430B7CD8-CD59-4205-8021-6F1BC65D5F33}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{43694A96-094A-4A13-85C4-528FB5A8981A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4A2B48B4-488D-401E-A6A5-63545056AC93}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{4AA568A1-F75F-42FA-BBF8-6C4DF96AA9E0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{4EB93C6A-B0B7-45EE-B8B7-75955E0CD351}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{4FF7F31C-EA1F-43C5-AA9E-37BFE3DDA076}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{565C21E3-A594-4206-99E5-14324D340F06}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{58280DF5-EBE4-40E3-BFEF-BE2C3281030F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{584A0425-0E61-4165-9B4D-2705A544E218}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{5868387B-9E92-4715-88A6-58210041ACD0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{5B045D1C-DC7C-4D7F-9622-EB17825B0FBD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5CA2866C-BCAA-4864-9AC4-406BF1719D3D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{5D828C8A-254B-4FB7-B24B-777AE2AEA405}" = protocol=6 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4x.exe |
"{5EBFD658-FEA3-4EA6-A0A7-64F991BF0B1D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{674BEFF0-C3D3-414B-B540-2A39016E2A06}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{67ED90DA-3C72-4A87-A3A2-6A86A7D38429}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{68742715-748D-427F-B67D-7887C2B07B5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A4CE491-6F5E-4055-AD50-74037994DAD1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{6F534628-3C5F-45F2-A76B-CF75FDB38CF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6FE4E432-3C16-4417-AE5E-044670E212FF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{72B5D642-3E6E-43BD-B2E1-F61AF370DA3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{75AB548E-FF9C-4762-8CF4-571FF225654B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{75F203F1-3E13-4995-B71E-EC2854C10F03}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{771F8239-86E7-4D6B-AFA7-D703FEF42A41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7D49F6EF-3359-40A7-BCC0-F070B60BCE06}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7E299B23-BB9E-4246-ACDF-5B7FCCB59565}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{80CCDF78-48C5-4F8B-90E4-6366EB151FAB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{8616A204-EF8E-4E7B-B85A-8529010BE41F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{899FD8DA-98AF-4A67-BDBE-472F7F55DCF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8D96CBE4-3F3F-443F-9266-85ED6A97C085}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8E26CA30-8359-4C69-9322-1906D4E48B2B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{8FBFC210-FD8B-40EF-BBA5-21C16B965A29}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{934FD9F4-B30D-4F2B-9C08-B9EA91E95CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{9BDE7A6E-59A4-4230-A097-85A072B5E09B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"{A1297CDB-AF95-4748-A121-27372C64BB30}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{A1D95AF5-C85F-40E3-8DA5-B705DDB1DBDB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A7128FF0-B485-4A78-94D9-13567B39F4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{AB399E88-A65C-45B6-A66A-CD0EC651F05F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{ACE3E4FB-3B1E-4252-B7BE-01F27D4D3854}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{AD10FF4E-3234-4DFA-A6DE-0A2DB912A234}" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"{AECB42B2-3EFE-4525-A595-67F9762BE8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B01285E6-0FBE-43BB-BB74-B1A8D8B371C8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{B396DBFB-FA75-4C98-8986-DFED83DD860F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{B4FFD473-367C-40BB-8614-1DA302974389}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{B8F72E07-9525-4F84-ADF8-0885E393A71D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{BA072B0D-A912-415E-8791-1919925575B7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{BB39E014-E3E2-4651-B986-49F1451C36E8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{BECB8539-0D8E-4A7B-87EA-78C2840F3908}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{C137F054-F436-4489-BC02-54BD6AA09C04}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{C24ED0D4-9DCB-4D75-A197-C441A934B8BE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{C4379D3E-9E2B-4F34-B565-1E9659B58BF1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{C4F67A68-97D5-4796-BD28-02BF71DE88D5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{C519F277-3CCE-44CD-B965-6E7A9D8FC719}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{CFC2A674-E94E-4D5A-B460-7EE5DF02A360}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{D517BBC9-FB72-4D50-B7BB-4BCB5E6DBA28}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{D538F7F8-C73A-4E6E-9FDF-9EDD5F4AAB4B}" = protocol=6 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4xdedicatedserver.exe |
"{D6C3018B-4735-47EA-A30B-D033A4E1BE75}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{D7F4D7D6-AD59-47C3-922F-449056D5487A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{DABD3DC6-5346-437D-B0C7-4CAD7FF3C90C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{DB01FC58-90FD-4376-90EF-A60F4E80E11A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{DD559530-B802-4A99-801D-939766B470E9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{DEC42522-925E-46E4-963A-6E3B51468C5F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{E0141E4F-7F1C-4D45-B8F4-EE0E5F431467}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E0EF1956-7700-4D99-8948-A56811B1227A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E18BA7A7-EB8B-401D-9666-2A900806E297}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E8E364AB-F2D6-4D58-900F-7F4517021BE3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EB643FBC-EE85-4A34-9FF7-CA8E6763D00E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{EC5B95E1-E5FA-4F56-9121-395D748C03FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EC5DCF24-FC12-49C3-A66E-051AAE7FF761}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{ECF84137-F614-4475-882F-D9B54FD06DD5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{F05F43C7-D347-4350-87F8-6F54C16A1051}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F767DAE4-86AF-4F3C-9809-B2C5F361665A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F89AA1E0-66F7-4A77-8AF7-0371D1B1B1B4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FBF95B20-1F58-4707-8ABC-F68F9E19A9C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FCBE53A6-7906-4154-9A74-B891F2B427B3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FDBD8FCA-87E1-4743-A155-0C43092D2706}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{0E1341AD-267F-4775-8DDC-04DA546DAA10}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{2B0E768B-BE77-41F7-8133-C7A2018DA708}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"TCP Query User{300DA2C0-0D5C-436B-B37A-62F775E77A75}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5240432B-363E-4863-8A27-A41B2A8D4F88}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{596E1A7D-B501-4B5E-A9C8-690A8D70664E}D:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"TCP Query User{6634F891-D126-4DD7-8987-75D0D99DF259}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{69836E13-D3AA-4BAB-B6C9-5DAC8D1FAD15}C:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"TCP Query User{6C4C89AF-DF28-4F36-AEE5-E95F97FCA628}D:\program files (x86)\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"TCP Query User{6DB6C661-2DD4-4047-8E52-19FFFFD3FF06}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{7F1FA901-8498-4D17-978A-9C4EDFB10A8B}D:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe |
"TCP Query User{85892C3E-EE30-4E82-8133-BFFF46289C31}C:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{A846F643-67AB-442E-99CF-5AFB93496F5E}C:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"TCP Query User{ABE0CE8D-6784-4766-90F5-E2ADEB4AA64F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{B6B69668-39C2-4264-9B78-A244D62F1B9E}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{C3A42AA3-4E14-41D5-A01D-AD5385B31BA2}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{CE34F549-4599-403F-BCB2-E2AA93E27E50}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{F23690C1-B670-4360-BE8D-0FA7164C42A9}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{FDA019B9-892C-4C57-B387-C27B73F170BA}D:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"TCP Query User{FECA6782-02D2-40A1-B377-B393D7AF1E83}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{03378881-E6A0-45DA-844A-ED1DBC12EFE2}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"UDP Query User{1CFC6B7B-2532-4203-8407-D6D19BE01D39}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{2E34E60C-07EC-40C2-BDA3-0EBD4EE2DACF}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{2F232050-D2C4-4B5E-A98D-58EF88E41ECB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{50B55F73-BB7B-44D1-856D-9858A2AD5A69}C:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"UDP Query User{5B3FEA33-7AE0-4A3B-8FDD-BBE47001520F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6635198D-666C-4F21-9DB0-8A03C0709AF8}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{6B3E5545-5F42-45F6-864B-E4011D41ACDB}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{86921D82-4486-4805-B6A1-E0B615DCF56F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{99BACF8D-B476-44D5-9434-BE7983845C02}D:\program files (x86)\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"UDP Query User{A0E7DB5D-D69D-43A0-84BB-6289DE69A0EC}C:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{A41C3317-4B44-431E-BFCB-AD05F60C1BE4}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{BBD9C7C1-27B5-4A52-8A9C-CF54D2579106}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{BC8E27FB-8CF8-4870-AE92-97F2A127E914}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C0C49CD1-7FFE-4AAC-BE46-C14B2F0DF573}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{C7CEDC4B-CFC2-4958-8A4B-6A5C73349A73}D:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"UDP Query User{C8ADB4FB-B346-4F6F-9172-D76FECB75800}C:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"UDP Query User{CCC24AC9-59F4-494F-A3A7-241140D2FBEA}D:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe |
"UDP Query User{F776755B-3DF5-4F6D-BEC2-338F8522822E}D:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D726D186-0BA7-8BC4-6273-A9AED17C7B8A}" = Application Profiles
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC529949-EECA-2BF6-02AC-8041AD76B4B5}" = Application Profiles
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Emergency 2012" = Emergency 2012 Deluxe
"ERSBerlin2BetaGER_is1" = ERS Berlin 2 Beta
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"Inkscape" = Inkscape 0.48.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"Notepad++" = Notepad++
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 110800" = L.A. Noire
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12900" = Audiosurf
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 218" = Source SDK Base 2007
"Steam App 218230" = PlanetSide 2
"Steam App 220" = Half-Life 2
"Steam App 22200" = Zeno Clash
"Steam App 22208" = Zeno Clash Models
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31280" = Poker Night at the Inventory
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 41210" = Eufloria
"Steam App 42910" = Magicka
"Steam App 49900" = Plain Sight
"Steam App 50" = Half-Life: Opposing Force
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55230" = Saints Row: The Third
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8980" = Borderlands
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Admin
"Google Chrome" = Google Chrome
"SOE-" = gamelauncher-ps2-live
"SOE-C:/Users/Admin/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2 PSG
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 12:55:35 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: atiumd64.dll, Version: 9.14.10.926,
Zeitstempel: 0x5064fc85 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000019088b
ID
des fehlerhaften Prozesses: 0x9b0 Startzeit der fehlerhaften Anwendung: 0x01cdf01bfb1c9e1f
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\atiumd64.dll Berichtskennung: b75a1f46-5c0f-11e2-9676-8c89a5648fc8
Error - 11.01.2013 15:36:37 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 16:17:29 | Computer Name = Admin-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Grand Theft Auto IV" konnte nicht heruntergefahren
werden.
Error - 12.01.2013 05:17:16 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 10:09:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 10:36:14 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm SaintsRowTheThird.exe, Version 1.0.0.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 134c Startzeit: 01cdf0cfe52fe463 Endzeit: 808 Anwendungspfad:
d:\program files (x86)\steam\steamapps\common\saints row the third\SaintsRowTheThird.exe
Berichts-ID:
Error - 12.01.2013 12:48:41 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x550 Startzeit der fehlerhaften Anwendung: 0x01cdf0e04e55fe59 Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: eac31a67-5cd7-11e2-8640-8c89a5648fc8
Error - 13.01.2013 06:27:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 14:37:20 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 14:38:50 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: atiumd64.dll, Version: 9.14.10.926,
Zeitstempel: 0x5064fc85 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000019088b
ID
des fehlerhaften Prozesses: 0xa44 Startzeit der fehlerhaften Anwendung: 0x01cdf1bccd2cd0eb
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\atiumd64.dll Berichtskennung: 78912d28-5db0-11e2-a922-8c89a5648fc8
Error - 13.01.2013 16:12:25 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm Em4.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1208 Startzeit:
01cdf1c8d663e809 Endzeit: 25 Anwendungspfad: C:\Users\Admin\Desktop\sixteen tons
entertainment\Emergency4\Em4.exe Berichts-ID: 8910263d-5dbd-11e2-a922-8c89a5648fc8
Error - 14.01.2013 12:29:03 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2013 13:04:28 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.11.2012 14:18:53 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?11.?2012 um 19:15:06 unerwartet heruntergefahren.
Error - 25.11.2012 14:56:54 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?11.?2012 um 19:54:46 unerwartet heruntergefahren.
Error - 28.11.2012 15:08:42 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 20:07:42 unerwartet heruntergefahren.
Error - 28.11.2012 15:49:32 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 20:47:36 unerwartet heruntergefahren.
Error - 28.11.2012 15:49:34 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 29.11.2012 12:54:14 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 30.11.2012 08:54:11 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 30.11.2012 08:54:55 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 04.12.2012 14:58:17 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 04.12.2012 14:58:17 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
gmer-Logfile: Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 19:19:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4D 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000731717fa 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073171860 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073171942 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007317194d 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753b1401 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753b1419 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753b1431 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753b144a 2 bytes [3B, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753b14dd 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753b14f5 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753b150d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753b1525 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753b153d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753b1555 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753b156d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753b1585 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753b159d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753b15b5 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753b15cd 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753b16b2 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753b16bd 2 bytes [3B, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1496] 000000001000e2eb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1232] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1100] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1968] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1972] 0000000001892560
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2588] 000000006eb78f84
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2620] 000000006eb7925e
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2660] 000000006eb78bd0
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:2892] 000007fefc182a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3836] 000000006961d068
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3868] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3872] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3876] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3880] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3904] 0000000068122340
Thread C:\Windows\System32\svchost.exe [3708:1548] 000007fef95a9688
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1388] 0000000075790000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536] 0000000075790000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064] 0000000075220000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2232] 000007fef3520000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356] 000007fef3520000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3708] 000007fefd4b0000
---- EOF - GMER 2.0 ----
Ich habe zwar einen anderen Thread zu einem ähnlich-benannten Virus gefunden, allerdings wurden dort mehrere Logfiles anaylsiert, weshalb ich mein Problem hier noch einmal extra schildere. Ich hoffe, das war nicht falsch. Im entsprechenden Thread wird das Logfile eines Programms namens aswMBR.exe erwünscht, allerdings kann ich die Avast-Virendefinitionen nicht herunterladen, weil ich die Verbindung zu unserem Homeserver (und damit auch zum Internet) unterbrochen habe, um diesen nicht auch noch zu infizieren. Deshalb fehlt die entsprechende Logfile.
Ich danke schon einmal herzlichst im Vorraus!
Mit freundlichen Grüßen
SEG_San |
