Be4chb0y | 04.09.2012 13:28 | Live Securtiy Platinum Virus Hallo ich habe seit heute früh ein Problem mit dem Live Securtiy Platinum Virus.
Ich habe meinen Rechner im abgesicherten Modus erst einmal Internetfähig bekommen und nun einen Scan mit Malwarebytes nach Anleitung gemacht.
Hier ist mein Log dazu. Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.09.04.05
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Beachboy :: PC-BEACHBOY [Administrator]
04.09.2012 14:19:53
mbam-log-2012-09-04 (14-23-05).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220393
Laufzeit: 2 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Trojan.ZbotR.Gen) -> 2708 -> Keine Aktion durchgeführt.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{3BF6B3E9-56A7-AD41-5F8A-2E73672A0D6E} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt.
(Ende)
|
Ich hoffe mir kann jemand helfen.
EDIT
Ich habe noch einen OTL Scan gemacht. Hier sind die logs.
OTL.txt
OTL Logfile: Code:
OTL logfile created on: 04.09.2012 14:38:58 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free
15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS
Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32
Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe
PRC - [2012.08.08 11:22:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.06 09:02:51 | 000,366,968 | ---- | M] (Twain Working Group) -- C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010.10.27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.13 12:09:34 | 000,115,137 | ---- | M] () -- C:\Users\Beachboy\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.06.17 03:08:41 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.17 03:08:32 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.17 03:08:30 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.17 03:08:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.17 03:08:24 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.12 20:28:22 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.12 20:27:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 20:27:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.12 09:41:31 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 09:38:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.12 09:38:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.12 09:38:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.12 09:38:10 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.12 09:38:06 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010.10.27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010.10.27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010.10.27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2008.04.16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008.04.16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008.04.16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008.04.16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
MOD - [2008.04.02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.04 12:36:37 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 14:43:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.11 14:43:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.14 15:23:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.11 14:43:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.11 14:43:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.11.04 09:21:05 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.31 17:09:56 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.10.27 03:25:56 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2011.10.27 03:25:56 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd)
DRV:64bit: - [2011.10.27 03:25:56 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2011.10.27 03:25:56 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E1BFCE8-CFCB-4D46-9ECE-A14FD5B7F369}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=91186C84-7B31-426F-9206-2ED0CB937D7B&apn_sauid=C18BD8B9-A3B2-4B08-8884-29CAF470E74A
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.22 20:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.11.22 20:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Extensions
[2012.04.06 13:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions
[2012.03.11 09:46:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.04.06 13:16:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.24 09:57:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.20 20:36:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Beachboy\AppData\Roaming\mozilla\Firefox\Profiles\umq8ubvn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.02.24 21:53:11 | 000,000,933 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\11-suche.xml
[2011.07.26 19:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\askcom.xml
[2012.02.24 21:53:11 | 000,002,419 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 21:53:11 | 000,010,525 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\gmx-suche.xml
[2012.02.24 21:53:11 | 000,002,457 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\lastminute.xml
[2011.12.20 20:36:46 | 000,003,915 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\sweetim.xml
[2012.02.24 21:53:11 | 000,005,508 | ---- | M] () -- C:\Users\Beachboy\AppData\Roaming\Mozilla\Firefox\Profiles\umq8ubvn.default\searchplugins\webde-suche.xml
[2012.03.09 19:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.09 19:07:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.11.24 09:58:13 | 000,095,441 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011.11.22 20:07:11 | 000,048,898 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.02.24 21:53:09 | 000,577,788 | ---- | M] () (No name found) -- C:\USERS\BEACHBOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMQ8UBVN.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - homepage: hxxp://battlelog.battlefield.com/bf3/de/gate/?returnUrl=|bf3|de|
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Beachboy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Beachboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MSConfig] H:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [{3BF6B3E9-56A7-AD41-5F8A-2E73672A0D6E}] C:\Users\Beachboy\AppData\Roaming\Yfuje\tiahop.exe (Twain Working Group)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C783C802-FB37-4948-94D1-DCA36132B876}: DhcpNameServer = 192.168.170.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFB619D4-A159-4887-93D6-F9EE256E1325}: NameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell - "" = AutoRun
O33 - MountPoints2\{2305a0a6-0ca2-11e1-b89d-4061862eeb01}\Shell\AutoRun\command - "" = L:\RunGame.exe
O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa573ba-1a62-11e1-ae88-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe
O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell - "" = AutoRun
O33 - MountPoints2\{63698b35-06b2-11e1-84f2-4061862eeb01}\Shell\AutoRun\command - "" = I:\RunGame.exe
O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell - "" = AutoRun
O33 - MountPoints2\{b65a2b52-29ed-11e1-89c6-4061862eeb01}\Shell\AutoRun\command - "" = I:\ICM_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.04 14:37:25 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe
[2012.09.04 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\AppData\Roaming\Malwarebytes
[2012.09.04 14:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 14:18:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 14:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 13:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\225932DFC99A2705862C02154F147C45
[2012.09.04 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Beachboy\Desktop\Minimal
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Beachboy\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Beachboy\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Beachboy\AppData\Local\bass.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.04 14:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 14:19:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 14:18:10 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.04 14:17:50 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.04 14:17:50 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.04 14:17:50 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.04 14:17:50 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.04 14:17:50 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.04 14:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 14:11:53 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 14:11:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.09.04 13:53:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Beachboy\Desktop\OTL.exe
[2012.09.04 13:05:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000UA.job
[2012.08.29 20:07:20 | 292,675,006 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3
[2012.08.29 20:05:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826587176-4113039940-1591163767-1000Core.job
[2012.08.28 10:14:33 | 005,037,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.26 21:06:10 | 232,222,685 | ---- | M] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3
[2012.08.26 20:26:35 | 305,061,386 | ---- | M] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.26 20:22:46 | 279,839,774 | ---- | M] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3
[2012.08.26 19:56:55 | 217,419,163 | ---- | M] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.14 11:07:07 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.14 11:06:51 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.13 23:27:12 | 213,559,518 | ---- | M] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.13 13:44:31 | 310,335,697 | ---- | M] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3
[2012.08.09 17:31:55 | 009,928,126 | ---- | M] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.04 14:18:10 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 18:16:50 | 232,222,685 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012_08_10 Cannibal Cooking Club live SMS X6.mp3
[2012.08.26 18:15:44 | 217,419,163 | ---- | C] () -- C:\Users\Beachboy\Desktop\03 Foss & Stoxx @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.26 18:15:36 | 292,675,006 | ---- | C] () -- C:\Users\Beachboy\Desktop\2012.08.10 - Martin Anacker @ Muna, SonneMondSterne.mp3
[2012.08.26 18:15:32 | 305,061,386 | ---- | C] () -- C:\Users\Beachboy\Desktop\01 Disco Diamonds @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.26 18:15:30 | 279,839,774 | ---- | C] () -- C:\Users\Beachboy\Desktop\Reche & Recall @ Sonne Mond Sterne 2012.mp3
[2012.08.13 23:31:09 | 000,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.08.13 23:01:03 | 213,559,518 | ---- | C] () -- C:\Users\Beachboy\Desktop\04 Golden Toys @ Sonnemondsterne Festival 2012 - SMS X6 - Saalburg - 10.08.2012.mp3
[2012.08.13 13:09:20 | 310,335,697 | ---- | C] () -- C:\Users\Beachboy\Desktop\Breakfastklub @ SonneMondSterne Festival 2012 - Maincircus 11.08.2012.mp3
[2012.08.09 17:31:48 | 009,928,126 | ---- | C] () -- C:\Users\Beachboy\Desktop\Rudimental Ft John Newman - Feel the Love (Lyrics) HD.mp3
[2012.04.21 17:10:35 | 001,535,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.26 20:26:10 | 000,000,132 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.15 11:22:01 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.12.06 09:45:39 | 000,003,584 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.28 20:55:21 | 000,001,478 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\RecConfig.xml
[2011.11.04 10:12:32 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.04 10:12:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.04 10:12:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.10.31 18:13:08 | 000,000,482 | ---- | C] () -- C:\Users\Beachboy\AppData\Roaming\All CPU Meter_Settings.ini
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Beachboy\AppData\Local\no23xwrapper.dll
========== LOP Check ==========
[2011.12.25 13:17:38 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ableton
[2011.12.26 15:47:13 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Ashampoo
[2011.12.28 02:29:16 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\bizarre creations
[2012.01.15 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Canon
[2011.11.04 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DAEMON Tools Lite
[2012.04.06 13:16:58 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoft
[2012.04.06 13:16:53 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.05 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\kiosk__
[2011.10.31 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Leadertech
[2011.11.28 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\MAGIX
[2012.01.14 13:52:24 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Miranda Fusion
[2011.12.01 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Nik Software
[2012.03.22 13:28:25 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Opera
[2012.08.13 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Origin
[2012.01.19 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\PunkBuster
[2011.11.29 09:55:59 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Samsung
[2012.01.15 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\ScanSoft
[2011.12.27 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Sierra
[2012.05.26 21:31:46 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Solveig Multimedia
[2012.04.02 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Spotify
[2012.07.13 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Temp
[2012.03.24 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\TS3Client
[2011.11.06 09:02:51 | 000,000,000 | ---D | M] -- C:\Users\Beachboy\AppData\Roaming\Yfuje
[2012.07.31 14:16:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
Extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 04.09.2012 14:38:58 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Beachboy\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,31% Memory free
15,98 Gb Paging File | 14,22 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 156,15 Gb Total Space | 4,53 Gb Free Space | 2,90% Space Free | Partition Type: NTFS
Drive D: | 3,74 Gb Total Space | 0,35 Gb Free Space | 9,44% Space Free | Partition Type: FAT32
Drive E: | 309,51 Gb Total Space | 42,76 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: PC-BEACHBOY | User Name: Beachboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BC56FD-B1AE-4419-8CAC-C1BE337A6192}" = lport=139 | protocol=6 | dir=in | app=system |
"{13ECFAA4-AF4F-4C50-BAED-A3A454D3B587}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15DDC1D4-5152-4E84-9EFC-018FF7FA1AE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{235EDC0A-6FAC-4C8A-97F4-170BFB358059}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3A9B0B6A-1EC3-40D3-A54A-E7B395819BFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB0F851-5759-42EE-9713-C0066320FE78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{502E41F7-78BD-4035-B568-1A4AF7E648F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{51EEAA11-D2A3-4865-8CE9-73E8D8BC7AFB}" = rport=139 | protocol=6 | dir=out | app=system |
"{53871FAD-FBB4-401B-84C9-24CC4085D23D}" = lport=445 | protocol=6 | dir=in | app=system |
"{54D48E06-64C7-427B-9579-CEEC2705F942}" = rport=138 | protocol=17 | dir=out | app=system |
"{56025BE6-EB8C-4FFD-9AEF-76E5388DEEAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65050760-747D-42AB-A484-0BF7CC448C85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E3FA577-7D71-48FB-8EFE-55040BC84F6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{806F2F65-7923-47EB-B700-12E3FFD35B25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82615A51-FA71-4420-896F-0424D715F034}" = lport=25219 | protocol=6 | dir=in | name=tcp 25219 |
"{9E916B37-F704-41BA-9926-E6633D6F0A1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B602BB6F-E7CC-4466-9D02-40709DA28A16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE3315E2-CAA6-4661-9024-3293DF800884}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2BA1D39-2D09-4C81-B748-7D1E483B7669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4FCF9CE-4997-4209-88E2-0448A5051F89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8EEA66E-F37A-4F68-A1A6-2586E613F6B7}" = lport=17539 | protocol=6 | dir=in | name=tcp 17539 |
"{CDA99B93-64E3-47D4-B537-7EA53B7E9B1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDDEC04D-3C8A-4B77-8313-853279F18969}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD8B696A-0E67-4CAB-BFBE-D4ADFECE47A2}" = lport=27243 | protocol=17 | dir=in | name=udp 27243 |
"{E050EAC1-D4B6-430B-BA90-A07071DE7E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F01DB530-7B64-4B74-B26C-3ABFF172B657}" = lport=26044 | protocol=17 | dir=in | name=udp 26044 |
"{F915D701-77E3-44FB-B8E9-1AC33172EA37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDD9D147-3E42-4446-8EDF-5E102594146D}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8F246-ECE7-4E31-A470-9193F019A61A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{02FD0E58-B1B7-4B62-821C-73DE97B1DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{03E43E9E-9FA1-43C7-BEB4-0F53EB8B5779}" = protocol=6 | dir=out | app=system |
"{0C00199E-18A1-4E95-B11B-345096D08987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1196D9DC-18C3-402A-94F1-C5A1B8CAAECE}" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"{11A5130F-1D0D-48E2-9263-504D4970744C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{125CA631-CCF3-40F1-8349-5B894257ACE4}" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"{1513CF50-3C70-460E-B9B3-B262EE20D93C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1580AF80-0257-48BF-A0F3-45A5120507B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{168B6FA6-8AD7-4A10-9678-B4C11814A4D6}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{17082941-42D0-45C9-B104-F56FA14194CA}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{1B8B02A7-52E3-4EB4-86C0-7F7D3693970E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1C7AB1DD-C139-48ED-86E1-EAC405765663}" = protocol=6 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{1D9AF154-B320-40E6-93F8-AC6B5B3E6C13}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23BAEFBE-4D41-4310-95F6-F91F4FA1A102}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C096A78-B0E0-4BA9-98E3-64230CCE91A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2E108A45-732B-4452-B5B9-FD0E55CEC4FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2F166BB9-E21B-42A3-B911-358F4B2B094E}" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"{315E55C8-9E93-47F3-9927-F24DC4F26B0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{39C2FD6E-FA3F-4FF8-B3B2-C03EEEDF3D66}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{3D5E23E6-0832-4057-9C51-7D666C157151}" = protocol=17 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{3F8E3481-5A47-4283-930D-455B0D17F916}" = protocol=17 | dir=in | app=e:\battlefield 3™\bf3.exe |
"{3FA1CA9B-A953-4124-B6A0-E936D5524BAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{40259775-E022-4B4B-9247-389AB960EA5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4435BC4D-7907-4F05-AC8B-60DC07D81E78}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{460EDFFE-9C07-4CBA-ACA0-B3BD4758701E}" = protocol=17 | dir=in | app=e:\blur\blur.exe |
"{48C942A9-6476-4CD4-9BE9-EB4BFE766F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4AD1060A-1E3A-4738-8BF5-C8F560569652}" = protocol=17 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{4B7F2580-642C-44CF-877F-8D3AB97980B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F4C1A97-6DB8-4BB8-B370-2E1B551E57EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{519F13C0-38FC-463E-8962-483395134D61}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{55A01113-80E8-4BD8-9195-1DCC9CEADE1D}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{5AA69139-7919-491B-BFD0-CF059E5A618F}" = protocol=6 | dir=in | app=e:\racedriver grid\grid.exe |
"{64A70BF1-9B0F-42B9-A654-A7F80DC747B4}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"{668D57EC-D535-4363-8491-F7EECC7B529B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67B8F6EC-EA21-4A8D-B42B-10F83398CCA3}" = protocol=17 | dir=in | app=e:\racedriver grid\grid.exe |
"{6B44C6D6-50FC-4626-B03B-5E8DDC4E06D1}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{732CE301-55E8-4B44-9E19-BB815DB6720A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73323C52-4599-4927-A41A-35491F85C4D5}" = protocol=17 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{74DCF93B-B536-4B3F-AFEF-38F5B932204A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{775C13B4-492A-47B3-8B02-7E15ED177602}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7D6EF875-EB06-4F06-A3B3-508180C8B4F6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7EAA2859-EA13-480A-A23E-C8EAE7274D95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82CD8BA0-6C19-48A4-A165-4CC4C678EDB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89ABE586-E160-4517-86D5-4EFA78993048}" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"{8AB64601-601F-424A-9950-2D0A2457CDD3}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8D91DDE1-5565-4AA5-A51E-0541221F266B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E06B688-C069-4540-A1C2-F4422F443100}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe |
"{8E16D9A7-38FE-4750-8594-A7959AC57D3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90922079-B5EE-4115-B356-698F38A80054}" = protocol=17 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{95079124-A564-43DC-BB2A-AD6C035D4F09}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe |
"{9C94842A-A162-4C24-87DC-3F78D9326CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{9D8C4757-05DD-4232-AB68-01DC0183BAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A114C68A-1840-446E-A242-FE09A00AAC36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1BBB6C1-FF5F-4991-A5E7-84B00CF91C12}" = protocol=6 | dir=in | app=e:\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{AC4699B4-3B0F-401E-A3B7-CDD6847705BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ACFCAEE7-D3B6-4731-A17B-CFC1E34719EB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{B30C3917-2079-43F5-82BA-BA66C411B97A}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{B5FA64FB-27B1-4CE8-B022-26B22AFA4196}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{B7FF7C47-78BA-4D95-AB6B-F83E27E147E9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C3B881D9-5C59-49C6-B47A-2ACE98AA9C67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD9529A-884C-40BE-9923-901E9A1C3772}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{CDA4FF6B-8434-4E4A-AF13-CB6F7530B151}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D07409C6-EE3F-465F-BD0A-2445091BCA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{D11B178D-3F59-478C-B161-D4454596D6D9}" = protocol=6 | dir=in | app=e:\dirt 3\dirt3_game.exe |
"{D3BA29CD-0992-4353-A333-665A3F389DCC}" = protocol=6 | dir=in | app=e:\blur\blur.exe |
"{D743BE3F-F39B-4E36-8AFB-1A30E147F3DB}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{DAAD8FFD-C58F-4548-820C-79C7DAFE0C8F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DB0E05CD-F94A-4380-85DC-5CC1C0616B14}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe |
"{DE2CCE9E-033E-402D-AEE3-561B33EAB97B}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{E20B9521-92DA-44EB-8015-F63C72A235B8}" = protocol=6 | dir=in | app=c:\users\beachboy\appdata\roaming\spotify\spotify.exe |
"{E2AE6D68-BAC1-463D-93E1-FF0D9BE8F6D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6ABBEF6-2664-42FB-9E16-7E79FC0C211D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E81FEA4E-B85C-466B-B719-CE140483F52C}" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"{EAD25147-77BD-4BE3-A328-F082BCF2A417}" = protocol=6 | dir=in | app=e:\origin games\battlefield 3\bf3.exe |
"{F7FAA337-8BB7-40D8-80A0-B0C8FA394859}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F9A54A9C-A655-4B90-824F-67F2E1642170}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB2B1990-51B1-42C2-B81B-232F17FD5009}" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"{FB7D7C82-D2C7-467C-BBCB-FED280E1D616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBD01D49-9BF3-4BE5-99CE-CBD7EDABF4A5}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{1207DDB5-2CE7-4A62-A69D-F49D8F8E40DD}E:\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\metin2\metin2.bin |
"TCP Query User{15339FC2-66BC-42FA-847F-4BAE150466CE}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2170864C-D764-4D2F-8022-8ADC1B3E6C59}E:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=e:\dead island\deadislandgame.exe |
"TCP Query User{36EE16DC-BA66-4942-B572-C59150B695D1}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{5F95C314-0565-4005-9AE0-005895152F33}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{81C89D3A-5E6D-4DB5-B8D6-8AC9293A5897}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8A3712DA-ECF3-4044-9D14-2D203DFCF00B}E:\empire earth 2\ee2.exe" = protocol=6 | dir=in | app=e:\empire earth 2\ee2.exe |
"TCP Query User{99CF7144-998E-4E8B-9BB8-8E489A165727}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{99FF1918-3C95-47ED-A588-D3EC3C2E34FA}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{AC06EBB9-DC4C-4067-A463-7FE67D360616}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{BC29863B-CF5E-46FF-BF63-E994570A1082}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=6 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"TCP Query User{D80843AB-1F92-4A02-B29C-E67457AD02D3}E:\cs1.6\hl.exe" = protocol=6 | dir=in | app=e:\cs1.6\hl.exe |
"TCP Query User{E2B15E20-B70F-4DF2-A470-2F0BD4BAD182}E:\metin2\metin2.exe" = protocol=6 | dir=in | app=e:\metin2\metin2.exe |
"TCP Query User{E672CEE4-DA9B-4A70-A6EE-C860CB9AA6EC}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{058B89D3-4CEA-4BA7-A7B6-92CB2770CF22}E:\metin2\metin2.exe" = protocol=17 | dir=in | app=e:\metin2\metin2.exe |
"UDP Query User{4D2B5556-1F16-4350-B0F4-6BAC08CA7CFE}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{59722CC7-51DC-46CD-9BAD-D5EA4028DA0C}E:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=e:\dead island\deadislandgame.exe |
"UDP Query User{6D2D8A2C-B96D-4427-9C9C-1F26FAD7D476}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6DCA73E4-1822-446A-8EF3-514D832194C3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{86DB5C75-9DE5-4CBD-A3F6-D9BD0F02FBEE}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{9163FBAE-102E-4618-85ED-5A941008EB6A}E:\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\metin2\metin2.bin |
"UDP Query User{931A29B9-DFEF-4BD6-A9BB-8BCB75AB7067}E:\empire earth 2\ee2.exe" = protocol=17 | dir=in | app=e:\empire earth 2\ee2.exe |
"UDP Query User{9F1B2249-7406-4582-96C3-86DFC5FE8C54}E:\cs1.6\hl.exe" = protocol=17 | dir=in | app=e:\cs1.6\hl.exe |
"UDP Query User{B8DAEEAF-ACA9-46FA-B324-CA8B8965EEA9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CB73CE89-5825-4A3C-B3D1-DEFFB72882D6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{CE6AC62D-2705-4F87-A3A5-870064491769}C:\users\beachboy\desktop\miranda64-09\miranda64.exe" = protocol=17 | dir=in | app=c:\users\beachboy\desktop\miranda64-09\miranda64.exe |
"UDP Query User{E144B367-FAF8-46EF-9D8C-40F18E7C2315}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{E46A58EA-7218-46D0-B5E9-377AE4EF451B}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F110B6A-60A2-4542-BB19-AD6234E2969D}" = SAMSUNG Moblie USB Driver
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C485220-4029-48E7-9F27-965DA4A78D5E}" = Samsung Networking Wizard
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{109CCC7F-155C-4EC5-958B-F1B186E68DB9}" = MAGIX Video Pro X2
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6B7E4A1A-BBE1-4E8F-ABD2-7FCE1168E032}" = MAGIX 3D Maker (embedded MSI)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97922AE1-B850-4B21-85EF-FD1E7ED20D65}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter Strike 1.6 - By PirocaHP.F!N4LShare" = Counter Strike 1.6 - By PirocaHP.F!N4LShare
"Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare" = Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastFM_is1" = Last.fm 1.5.4.27091
"Live 8.2" = Live 8.2
"Live 8.2.7" = Live 8.2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Metin2_is1" = Metin2
"MirandaFusion" = Miranda Fusion 3.1.5
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.01.1532" = Opera 12.01
"Origin" = Origin
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Videodeluxe16_pro" = MAGIX Video Pro X2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Worms Reloaded_is1" = Worms Reloaded
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 18:13:47 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016092
ID
des fehlerhaften Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0x01cd79a0c532a542
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 26f91c20-e594-11e1-b28d-4061862eeb01
Error - 13.08.2012 18:14:49 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01cd79a0e98e1f6d
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 4b884728-e594-11e1-b28d-4061862eeb01
Error - 26.08.2012 09:25:06 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 09:25:29 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 26.08.2012 12:40:23 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 04:34:00 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.08.2012 08:35:04 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 10:44:21 | Computer Name = PC-Beachboy | Source = RasClient | ID = 20227
Description =
Error - 29.08.2012 11:58:04 | Computer Name = PC-Beachboy | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018778
ID
des fehlerhaften Prozesses: 0x3f4 Startzeit der fehlerhaften Anwendung: 0x01cd85f49e789083
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506a9319-f1f2-11e1-867b-4061862eeb01
Error - 29.08.2012 12:10:14 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.09.2012 18:28:15 | Computer Name = PC-Beachboy | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.09.2012 07:20:18 | Computer Name = PC-Beachboy | Source = VSS | ID = 8194
Description =
Error - 04.09.2012 07:31:05 | Computer Name = PC-BEACHBOY | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei C:\Users\Beachboy\Desktop\Bilder\100CANON\IMG_2342.JPG. [ACCESS_VIOLATION
Exception!! EIP = 0x1df6d92] Bitte Avira informieren und die obige Datei übersenden!
[ System Events ]
Error - 02.05.2012 10:41:01 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:43:37 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:44:30 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
Error - 02.05.2012 10:46:16 | Computer Name = PC-Beachboy | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "G:" den Befehl "chkdsk" aus.
< End of report > --- --- --- |