| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: InstaShare geht nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.09.2014, 12:25
| #1 |
| |  InstaShare geht nicht löschen Hello TB Helpers, InstaShare hat sich auf meinem Rechner wie eine Zecke festgesaugt. Ich habe alle Programme aus der Beschreibung (http://www.trojaner-board.de/158525-...entfernen.html) laufen lassen, aber keines von ihnen hat InstaShare gefunden. Auch die "Uninstaller" wollen nicht deinstallieren. Störend ist es jetzt nicht sooo sehr da ich Foxy mit NoScript verwende, dennoch würde ich das Ding gerne los werden. Danke schonmal für die Hilfe  OTL.txt Code:
ATTFilter OTL logfile created on: 13.09.2014 12:57:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free 11,10 Gb Paging File | 9,40 Gb Available in Paging File | 84,64% Paging File free Paging file location(s): c:\pagefile.sys 8042 8042 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 255,47 Gb Free Space | 54,86% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Auresil\Desktop\otl.exe (OldTimer Tools) PRC - C:\Users\Auresil\Desktop\OTH.scr (OldTimer Tools) PRC - C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe (Interesting Solutions) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) PRC - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\V0470Mon.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\XhpjpKqvxe\dat\tIzuXbuyu.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\PROGRA~1\TUGZip\Plugins\TzArchive10.tgp () MOD - C:\Windows\System32\ztvunrar36.dll () MOD - C:\PROGRA~1\TUGZip\TzShell.dll () MOD - C:\PROGRA~1\TUGZip\Plugins\TzImage10.tgp () ========== Services (SafeList) ========== SRV - (fqQrhhY) -- C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe (Interesting Solutions) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (c2cautoupdatesvc) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) SRV - (c2cpnrsvc) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) SRV - (PandaAgent) -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (RoxMediaDBGame1X) -- C:\Program Files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe (Corel Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found DRV - (kbeepm) -- C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys File not found DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.) DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.) DRV - (PSINReg) -- C:\Windows\System32\drivers\PSINReg.sys (Panda Security, S.L.) DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.) DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.) DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.) DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.) DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.) DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.) DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.) DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.) DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.) DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.) DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.) DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.) DRV - (NNSHTTPS) -- C:\Windows\System32\drivers\NNSHttps.sys (Panda Security, S.L.) DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.) DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.) DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security, S.L.) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (H5xUSB) -- C:\Windows\System32\drivers\uth5x.sys (UT) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (kxwdmdrv) -- C:\Windows\System32\drivers\kx.sys (Eugene Gavrilov) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (VF0470Vid) -- C:\Windows\System32\drivers\V0470Vid.sys (Creative Technology Ltd.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/83878-o...processes.html IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 37 9B 4B C5 BB CB 01 [binary data] IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.4 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.41 FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:11.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.2.9 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.07.29 22:27:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.07.29 22:27:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014.06.11 12:18:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.27 22:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\Extensions [2014.09.12 15:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\Firefox\Profiles\n7vnhitj.default\extensions [2014.08.29 21:59:00 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Auresil\AppData\Roaming\mozilla\Firefox\Profiles\n7vnhitj.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014.09.06 12:54:12 | 004,222,513 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\firebug@software.joehewitt.com.xpi [2014.09.12 14:02:19 | 000,540,395 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014.07.23 16:56:38 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.06.18 09:30:41 | 000,788,466 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014.07.30 14:02:21 | 000,002,438 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\englische-ergebnisse.xml [2014.07.30 14:02:20 | 000,002,916 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\gmx-suche.xml [2014.07.30 14:02:21 | 000,002,457 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\lastminute.xml [2014.07.30 14:02:20 | 000,005,729 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\webde-suche.xml [2014.07.31 21:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2014.07.29 22:27:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.09.13 11:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\browser\extensions [2014.09.13 11:32:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600 O7 - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D9330F-7477-4B27-8C83-9DC1E6165EAB}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.09.13 12:56:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTL.exe [2014.09.13 10:11:38 | 000,048,736 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys [2014.09.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014.09.12 16:10:40 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.09.12 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.09.12 16:09:47 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014.09.12 16:09:47 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014.09.12 16:09:47 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014.09.12 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware [2014.09.12 15:53:50 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTH.scr [2014.09.12 15:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft [2014.09.12 15:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft [2014.09.12 15:43:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.09.12 15:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser [2014.09.12 15:28:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.09.12 11:11:55 | 000,000,000 | ---D | C] -- C:\InstaShare [2014.09.11 12:59:29 | 000,000,000 | ---D | C] -- C:\Users\Auresil\AppData\Local\Daring_Development_Inc [2014.09.11 12:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Daring Development [2014.09.11 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Auresil\AppData\Local\InstaShare [2014.09.11 12:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\XhpjpKqvxe [2014.09.11 12:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\InstaShare [2014.09.05 12:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2014.09.05 12:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2014.09.03 14:19:58 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2014.08.24 01:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2014.08.18 11:58:15 | 000,000,000 | R--D | C] -- C:\Users\Auresil\Desktop\Programme [2011.01.24 00:27:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Auresil\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2014.09.13 12:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTL.exe [2014.09.13 10:16:37 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.09.13 10:16:37 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.09.13 10:15:43 | 000,698,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2014.09.13 10:15:43 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.09.13 10:15:43 | 000,148,828 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2014.09.13 10:15:43 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.09.13 10:11:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.09.13 10:11:22 | 2616,745,984 | -HS- | M] () -- C:\hiberfil.sys [2014.09.12 16:44:02 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.09.12 15:53:53 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTH.scr [2014.08.17 19:48:18 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI ========== Files Created - No Company Name ========== [2014.09.12 15:50:48 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk [2012.12.18 11:32:08 | 000,007,601 | ---- | C] () -- C:\Users\Auresil\AppData\Local\resmon.resmoncfg [2012.11.09 18:29:33 | 000,000,085 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI [2012.10.23 15:22:21 | 000,611,791 | ---- | C] () -- C:\Users\Auresil\Antrag_Online_9_12.pdf [2012.09.28 03:21:22 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.09.28 03:21:22 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.07.31 18:07:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2011.10.22 03:29:35 | 000,032,256 | ---- | C] () -- C:\Users\Auresil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.04 17:25:05 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.24 00:27:28 | 000,087,608 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\inst.exe [2011.01.24 00:27:28 | 000,007,887 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\pcouffin.cat [2011.01.24 00:27:28 | 000,001,144 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\pcouffin.inf ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2014.08.16 18:46:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\.minecraft [2014.07.17 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Apowersoft [2014.07.18 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Audacity [2012.02.02 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BitTorrent [2012.02.02 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Blender Foundation [2014.04.19 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BSplayer [2011.06.02 19:15:32 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BSplayer Pro [2014.08.24 02:01:39 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Call Graph [2011.10.14 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Canon [2014.04.19 21:06:40 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Dropbox [2012.12.12 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\DVDVideoSoft [2013.11.28 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\ERoot [2014.09.09 13:41:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\FileZilla [2012.12.19 20:58:29 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\JDownloaderPackages [2014.01.07 04:36:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\library_dir [2011.02.07 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Local [2011.01.21 08:34:34 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Moonchild Productions [2012.10.19 16:59:23 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\mquadr.at [2011.01.24 00:41:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\NCH Swift Sound [2011.12.05 01:54:24 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Opera [2012.07.24 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Panda Security [2011.11.06 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\PhotoFiltre [2012.12.26 04:47:02 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\redsn0w [2014.02.15 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Rogue Legacy [2013.12.08 18:06:29 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\TeamViewer [2011.11.05 11:09:13 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Thunderbird [2014.03.17 13:08:46 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\TS3Client [2012.08.01 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Ubisoft [2013.03.08 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Ulead Systems [2011.05.04 16:51:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Vso [2011.05.04 14:06:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Win7codecs [2011.04.19 02:00:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\XMedia Recode [2014.09.09 13:20:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.09.2014 12:57:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Auresil\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free
11,10 Gb Paging File | 9,40 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): c:\pagefile.sys 8042 8042 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 255,47 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
Computer Name: RAZIEL | User Name: Auresil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1829A52D-F9F9-43E7-98E5-047AD99A1F37}" = lport=56077 | protocol=6 | dir=in | name=pando media booster |
"{2BE238F2-0A20-4FBA-9958-143A79F14A8B}" = lport=56077 | protocol=17 | dir=in | name=pando media booster |
"{34D66F00-C5F3-4638-A6DD-7D44B101DDE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52CC97E1-60C2-40C1-ACE8-622FD6980F01}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C325310-68E3-4DBD-A4FB-2F76ACF0A554}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69522E36-471A-404D-A949-6F6E522EA0C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CE2CD76-F28B-42A7-8BA6-7706A9CD6EB8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D4D59E8-7A1D-412C-934F-4F84BB073F87}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81D2BA40-1E2E-42A4-A5F1-A71096DEE32A}" = lport=56077 | protocol=6 | dir=in | name=pando media booster |
"{9331E873-1706-40A4-91FF-5DFCCDD7A508}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD7A2255-D647-4AD7-A4E0-5A2E96754B65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B313E7E7-FBE7-4558-B2B5-83573F294F56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD74C3D2-EF94-4A85-99E2-07CA84F417D5}" = lport=56077 | protocol=17 | dir=in | name=pando media booster |
"{CC8F8EFE-D056-4038-9E22-1895711EC2FF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D48A2BAD-31B2-402C-A2D3-C0D486DEDE94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00756FAA-DE7E-43B7-9226-BD4D12675A92}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{02C8A5E0-C26D-40A4-A1A3-A87C09A53B42}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{03351A73-9C5D-4E14-AC61-68227BBB1D3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{07BD83EA-97AF-454D-BBB0-6E05E90FE3D8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0CACBEC8-B3C0-41BA-A950-47C982914D76}" = protocol=6 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe |
"{11FF047C-B55D-4153-BB7E-76CA4B1C7467}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{19B0359B-54FB-4F18-B295-2368E558C113}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{1A7CFEAB-0460-4AA3-8C0F-81C75E9D71B4}" = protocol=6 | dir=out | app=system |
"{1D9D393D-7340-4300-B851-48877184FE79}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{1DB11439-3ED5-4B2D-8FDC-A06B24FF1E90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E203E06-5844-4907-ACAF-11CA73E78F3E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2214C8DD-2D4F-4EEC-A9F3-FDB16BE46667}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2677CEF6-6421-48BB-B158-F30C16C5458C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{27836CE6-D8BB-4032-95FE-C75BD19BE972}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2924C504-9F36-4C1D-8CD3-68F8CF169F1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{298E629A-D74C-4664-B47C-66EA742BA24A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2EEACAD8-25B6-4D8A-8335-AC48FDB6E3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3742A4B0-0C52-4AFA-B8E0-815D6938E32B}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{3AD49685-38C5-4AFB-8459-32027DDA7FB2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3C439830-8444-4530-A782-96FCEA9B5112}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{416E51AD-D706-4190-BB55-8FB75E2C5A80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446C80B6-BBD8-4A62-8166-27F449D7F5A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55052623-6130-4EFF-BFE5-8C98CA2FA363}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{706EC381-8F84-45F5-A9C5-9E00A60CC716}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{746C3D71-A279-4DE0-A32C-1F1E72C14566}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7492DB02-DCE1-47E0-BD94-628FD8A3B3B9}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{75CD9B76-DCC8-4421-AE2B-0D6F97A8FA8B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{7ACB354D-81F2-4232-8DA9-40682063140D}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{7C2704A7-4769-429C-8B70-B5AF0EAC221A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{7FCAD0ED-4689-4000-8BFC-CF75B754F836}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{80C54042-E7F2-454B-BB46-603C78D9CBA0}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{81DE1D39-0837-454A-A774-E12B88FA4012}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{850440A4-7A13-4963-8A5E-913FA3AECFEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{8C07B52E-CC3F-4553-8830-51C23F9D90F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\unturned\unturned.exe |
"{8D91D3D6-99E1-41E6-B240-5F1AE27C8F1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8E0F053C-0DFA-492C-985E-C44555F4BDF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9A7033F7-1B81-4589-B8D7-BBD15DD9C7E9}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{9DBCF1F5-7504-4AB4-9662-2C7FA081BE25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{A1A7453C-7108-4DC5-AC05-637FC82ADB03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2CC24EB-0DBA-4911-B52B-171ECE0D08F3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A97978B8-6F58-465F-A55A-6AC6DC055090}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE41E1C5-84D5-4448-BE10-4C50AC66C370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{AF87289F-9A6B-4004-A438-96E8D3475172}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B68467A4-EFDD-4C63-8EC5-88AF99C6221A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC9FDB63-7997-4EAE-AEAC-58ABE09AE7C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{BF5BCAC6-8A0D-4509-91CE-A8F057B4704B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C18E7380-A4B2-4D21-B2F7-0F798D134FDD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\unturned\unturned.exe |
"{C5A3A96B-044A-4112-8AB1-1A4D3A4DCCF5}" = protocol=17 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe |
"{C7FE3958-2A4D-4661-A647-32B37CD6C50C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C8D1F135-C8C6-4D2D-B279-B85C51054468}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CE369EF4-72CB-49FB-80B0-C3AA64EB8C66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D5F28A84-55E6-43A9-A43E-C79731789116}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe |
"{D659188C-F7D2-488A-8168-9EAB3D98060B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA6DB775-D9AF-46C2-AD7B-1BBE061B16E7}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{DC639427-6E95-4F74-BD29-4F0AABD4D07A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{E2C6D24E-0B07-4644-A031-BDB8E158EDD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E321AC5D-85B2-4080-90BF-5D5622A8D7C1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{E979E7B6-296A-459C-A0F5-2A37163F72E8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EF0E93BD-46D6-40A6-A95B-989BBCBE6496}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\castlecrashers\castle.exe |
"{EF327770-6869-42CE-BC24-D18CBE4EFA6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F100963D-D614-49CC-A8FB-64600721ECF1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{F2E9A2BA-0652-4765-9108-AE448417C578}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\castlecrashers\castle.exe |
"{FF36F9DF-4B01-4511-830B-EDC34D28026A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"TCP Query User{21DE1C5D-61E2-4BE8-8ACE-17D7F28C2F26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{404EBF36-929E-44CB-B72A-FC8C9C2B0019}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{51A8817E-4948-4619-9F50-3B01AD58E871}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{6F24AA88-ADEE-4E90-AD86-8E5A7E079558}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A5C6B71F-248C-4AF8-8443-E7637D1A9C15}C:\program files\steam\steamapps\common\cry of fear\cof.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\cof.exe |
"TCP Query User{DE777748-985F-467C-83E4-7D90F3678869}C:\program files\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files\call graph\callgraph.exe |
"UDP Query User{36329AFD-9E94-4C7B-A6BB-B22559006B83}C:\program files\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files\call graph\callgraph.exe |
"UDP Query User{653864CC-10B1-43DE-909A-576323E45B81}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{68E661A6-01CC-4CE3-87D2-6B733D704D04}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{90F063D3-EE5A-4B0B-AFA6-D5F5DA181656}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AB63B2B9-9C15-4017-AEF0-B389255A4F2B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{CED9FBBD-1566-4A5E-BC49-76DAC433F91A}C:\program files\steam\steamapps\common\cry of fear\cof.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\cof.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05B324AB-7428-4C00-AD3B-E591C561645C}_is1" = eJIFFY
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}" = Roxio Game Capture HD PRO
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363FA5D0-68EB-48F2-B986-E6C12CCDD0F8}" = Roxio GameCAP HD PRO
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{5F187E71-93D7-4849-B5C2-1DD1747C81A7}" = Roxio CinePlayer Decoder Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6FF4C560-A95B-42DE-83AD-62C8737115E9}" = Roxio Game Capture HD PRO
"{70B1DA58-A2B9-4EA0-B83D-F03CBEEAE22D}" = LogMeIn Hamachi
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E5C379D-035B-815D-E087-4CEA06C76A08}" = AMD Drag and Drop Transcoding
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C3024B-A974-450C-4D46-C031F801F5EC}" = ccc-utility
"{86A8B70E-D4B4-4052-AAA0-41D1F46F8D71}" = Panda Cloud Antivirus
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6D4A7A-DD9A-4044-B200-24E569B8D121}_is1" = Pinnacle Studio 14 Content v.0.1
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFB6965-D714-3786-6B50-58E21223CB96}" = ATI AVIVO Codecs
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.197
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Absolute Uninstaller" = Absolute Uninstaller 5.3.1.17
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Blender" = Blender
"Call Graph" = Call Graph
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Creative VF0470" = Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstaShare" = InstaShare
"king.com" = king.com (remove only)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.17.1863" = Opera 12.17
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Steam" = Steam
"Steam App 204360" = Castle Crashers
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 223710" = Cry of Fear
"Steam App 304930" = Unturned
"Steam App 35720" = Trine 2
"Steam App 620" = Portal 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TUGZip_is1" = TUGZip 3.5
"Update Engine" = Sony Mobile Update Engine
"VL Sound 5.1" = VL Sound 5.1
"VLC media player" = VLC media player 2.0.8
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"XMedia Recode" = XMedia Recode 2.2.9.7
"XnView_is1" = XnView 1.97.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.7.1
"JDownloader Packages" = JDownloader Packages
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 12.09.2014 10:00:59 | Computer Name = Raziel | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2014 um 15:59:39 unerwartet heruntergefahren.
Error - 12.09.2014 10:01:23 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.09.2014 10:42:21 | Computer Name = Raziel | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2014 um 16:40:49 unerwartet heruntergefahren.
Error - 12.09.2014 10:42:44 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.09.2014 11:47:49 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 13.09.2014 04:11:38 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
|
Baum-Darstellung