BKA Trojaner - Systemwiederherstellung was nun?
Hallo, ich mal wieder -.-
Ich bzw meine Mutter hat es geschafft sich über Facebook oder ähnliches den BKA Trojaner einzufangen. Ich habe jetz notwendigerweise eine Systemwiederherstellung gemacht von ein paar Stunden..
Was kann ich nun tun damit der Plagegeist sofort verschwindet sofern er noch drauf ist? Bitte helft mir es ist wirklich dringend!!!
Ich werd jetz erstmal einen Komplettscan mit Anti Maleware Bytes durchführen und den Log herein editieren.
So Hier der Log von AMB Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.17.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Katy :: GITHY-PC [Administrator]
17.09.2012 19:32:12
mbam-log-2012-09-17 (19-32-12).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345786
Laufzeit: 47 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| Sorry ich habe leider nicht mehr geschafft mit OTL rechtzeitig zu scannen bevor der Editierbutton verschwindet.
Mit Defogger habe ich den Disable Button getätigt, keine Fehlermeldung. Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:58 on 17/09/2012 (Katy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Und hier die OTL Logs
OTL
OTL Logfile: Code:
OTL logfile created on: 17.09.2012 20:58:53 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Katy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,44% Memory free
7,99 Gb Paging File | 5,42 Gb Available in Paging File | 67,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 14,79 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 547,34 Gb Total Space | 350,38 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 71,85 Mb Free Space | 71,85% Space Free | Partition Type: NTFS
Computer Name: GITHY-PC | User Name: Katy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.17 20:57:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Katy\Desktop\OTL.exe
PRC - [2012.09.08 09:53:06 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Firefox\firefox.exe
PRC - [2012.08.08 18:53:28 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.08.08 18:53:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 20:30:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:30:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.07.19 23:29:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
========== Modules (No Company Name) ==========
MOD - [2012.09.08 09:53:05 | 002,244,064 | ---- | M] () -- C:\Programme\Firefox\mozjs.dll
MOD - [2012.05.10 08:54:03 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 08:53:20 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 08:53:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 08:53:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 08:53:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.08 09:53:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:30:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:30:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.07.19 23:29:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.08.22 19:42:49 | 000,025,216 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.08 20:30:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:30:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.05 14:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.23 16:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2007.12.06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 5E 5C 97 60 83 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.deviantart.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.09.08 09:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012.09.08 09:53:04 | 000,000,000 | ---D | M]
[2010.08.27 20:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\mozilla\Extensions
[2012.05.02 20:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\mozilla\Firefox\Profiles\5bhpqnng.default\extensions
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBA6CA7F-ACF3-4649-B7F5-42B2E64EBE49}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (UserInit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6db9ea40-b303-11e1-b0e7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6db9ea40-b303-11e1-b0e7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.17 20:57:28 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Katy\Desktop\OTL.exe
[2012.09.17 17:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hiyqellaeykzwax
[2012.09.13 15:06:48 | 000,000,000 | ---D | C] -- C:\Users\Katy\Documents\HeroBlade Logs
[2012.09.09 15:16:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2012.09.09 15:16:36 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2012.09.09 15:16:36 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2012.09.08 21:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ
[2012.09.08 09:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox
[2012.09.07 22:09:46 | 000,000,000 | ---D | C] -- C:\Users\Katy\Documents\Star Wars - The Old Republic
[2012.09.05 18:58:53 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Local\SWTOR
[2012.09.01 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.29 14:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.25 09:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012.08.25 09:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012.08.24 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.24 20:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.23 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Katy\Documents\Anti-Malware
[2012.08.22 19:42:49 | 000,025,216 | ---- | C] (Dev47Apps) -- C:\Windows\SysNative\drivers\droidcam.sys
[2012.08.22 19:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\DroidCam
[2012.08.22 10:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.08.22 07:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.22 07:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.08.22 07:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
========== Files - Modified Within 30 Days ==========
[2012.09.17 20:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Katy\defogger_reenable
[2012.09.17 20:57:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Katy\Desktop\OTL.exe
[2012.09.17 20:57:09 | 000,050,477 | ---- | M] () -- C:\Users\Katy\Desktop\Defogger.exe
[2012.09.17 19:36:55 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.17 19:36:55 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.17 19:36:55 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.17 19:36:55 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.17 19:36:55 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.17 19:33:15 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.17 19:33:15 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.17 19:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.17 19:25:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.09.17 19:25:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.17 17:44:01 | 000,076,347 | ---- | M] () -- C:\ProgramData\ascjlwdngrjsrpl
[2012.09.11 20:44:41 | 000,103,624 | ---- | M] () -- C:\Users\Katy\Desktop\training.png
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.29 14:51:47 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.22 20:20:43 | 000,000,031 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.08.22 19:42:49 | 000,025,216 | ---- | M] (Dev47Apps) -- C:\Windows\SysNative\drivers\droidcam.sys
[2012.08.22 14:02:16 | 000,239,232 | ---- | M] () -- C:\Users\Katy\Documents\cc_20120822_140200.reg
[2012.08.22 10:37:17 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
========== Files Created - No Company Name ==========
[2012.09.17 20:58:12 | 000,000,000 | ---- | C] () -- C:\Users\Katy\defogger_reenable
[2012.09.17 20:56:57 | 000,050,477 | ---- | C] () -- C:\Users\Katy\Desktop\Defogger.exe
[2012.09.17 17:41:55 | 000,076,347 | ---- | C] () -- C:\ProgramData\ascjlwdngrjsrpl
[2012.09.11 20:44:41 | 000,103,624 | ---- | C] () -- C:\Users\Katy\Desktop\training.png
[2012.08.25 09:17:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.08.22 19:44:35 | 000,000,031 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.08.22 14:02:06 | 000,239,232 | ---- | C] () -- C:\Users\Katy\Documents\cc_20120822_140200.reg
[2012.08.22 10:37:17 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.05.30 19:44:51 | 000,007,597 | ---- | C] () -- C:\Users\Katy\AppData\Local\Resmon.ResmonCfg
[2012.03.09 17:17:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.11 12:23:09 | 000,000,058 | ---- | C] () -- C:\Users\Katy\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.19 23:29:12 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.19 23:29:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.12 18:33:11 | 000,000,092 | ---- | C] () -- C:\Users\Katy\AppData\Local\fusioncache.dat
[2011.01.12 18:32:19 | 001,619,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2011.06.27 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Anthropics
[2012.08.22 14:02:30 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\DAEMON Tools Lite
[2011.11.11 12:23:09 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\DonationCoder
[2012.01.03 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\FileZilla
[2011.06.02 17:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\GetRightToGo
[2011.07.30 20:31:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Hi-Rez Studios
[2012.01.20 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\HTC
[2011.08.08 17:16:24 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.05.07 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\JavaEditor
[2010.12.10 23:11:47 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\SYSTEMAX Software Development
[2012.08.24 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\TS3Client
[2010.12.10 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\WTouch
[2012.08.02 17:43:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
Extras
OTL Logfile: Code:
OTL Extras logfile created on: 17.09.2012 20:58:53 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Katy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,44% Memory free
7,99 Gb Paging File | 5,42 Gb Available in Paging File | 67,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 14,79 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 547,34 Gb Total Space | 350,38 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 71,85 Mb Free Space | 71,85% Space Free | Partition Type: NTFS
Computer Name: GITHY-PC | User Name: Katy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1763FD82-3B35-4D26-91DF-A2E07AF254C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B26AA2-1E93-48F7-A8E8-C19A27703A87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3910293C-E730-41A4-9737-3B4C241B8D25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49105213-B111-440F-9463-AFE5B286D1DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F1F85F0-2767-41B3-8715-EBF8359637E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{524FBC5E-3361-4215-A679-A1302C9EFA19}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52A2DC20-903F-4C90-91A4-2D275BFD775B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{542C4201-C340-4F3A-8450-EDD9762C0FED}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C72FFC2-1CD3-4EBF-BF77-B2210678252B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5F53796D-3E8B-417A-A615-48624C4A9BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{5F80A605-6564-48C9-91BB-F457E072DB1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E6D75CE-CA04-4089-83BD-51071BD70CF9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D2AC020-FE20-4A2C-AFA1-D5AC63E8D254}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FE87BF9-9309-40CB-AFDD-FC1B180B7494}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A533751C-63C4-4E81-83D6-B869A575EA06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF765ADC-AA6B-4C26-AEA0-CAF3C28033B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{C8CD3668-6F64-4052-B35C-CA2E0E778F7C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB704DA3-341F-4A76-B3DC-70FC4F39951C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2766950-EACC-434E-8F2A-E9F4D477B109}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F03B9546-E034-431D-B36F-7EE9CAA7B15C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0E4EEB8-FF27-44BE-AFDE-9B48B1F7DDCA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBD13777-49F2-4E19-9C66-DD97B8616144}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035F0B1D-BE19-4B78-879F-EBF4176F8F92}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{081142B4-2992-4E49-9411-5C0810E83065}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09E69922-141E-415D-B2AC-71A17A39BF4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DEA5D24-FDA4-446F-9F6B-096B4D056584}" = protocol=17 | dir=in | app=c:\program files\icq\icq7m\icq.exe |
"{16894D30-1549-4907-803D-D2764E55126F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D114714-9B7C-429D-8267-EC5B27B385F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26573D69-FDCF-4C0C-955C-C404FAB3C37E}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{26871575-0460-40D6-9774-8695F5792535}" = protocol=17 | dir=in | app=c:\program files\icq\icq7m\icq.exe |
"{27F5CDF4-E26F-4B29-A2EC-572A78CE985A}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{2C7B6843-F2DB-4D71-B7FA-D30FB6580D24}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{3077EBB8-8BBE-4522-BC5F-F2970FF5A23D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{31E2A5B7-D00A-45D7-95B2-892B3C74E17E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{42EC1808-E913-4EAD-A20F-1CC0424880CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{480EC606-EABE-4F0F-8000-6E783FAAFFDC}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{4880B33F-C791-490B-8D3A-362F12C7AF6D}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{48C9232D-3688-4089-9979-C230200A5DAF}" = protocol=6 | dir=in | app=c:\program files\icq\icq7m\icq.exe |
"{5144750E-8EA0-4D39-A748-1E688F12ED9D}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{5726560C-6E55-4617-95DA-213A60E653A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5B4045CD-863C-4A43-9BA4-4C3DE887ED4F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6231D483-9ADB-4BE1-A9F1-CCA6EECB78EF}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{67E0FBE7-1670-4C84-A2CB-A345C41EED29}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{68A52CA0-FA9A-4EFC-A8D9-51C1212408BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70A243E0-7AC8-4F48-8C96-52DAEF88BC89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77339CF2-AFB8-47B3-835F-82FDC3F0882D}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{78FBE1E2-574E-4C3B-8F50-8C9D6DC30A30}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{7A01109E-FC4D-435E-83EE-0EC4F35B25E8}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{7D6D5486-0FBA-4D14-9057-FB1DF12DA884}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7DF26D81-DC3C-48D3-9A2B-D724199CF7A5}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{8B7ED426-2093-43E3-BEF4-E2E2AD295944}" = protocol=6 | dir=in | app=c:\program files\icq\icq7m\icq.exe |
"{A444045D-8FEB-4C3E-AB18-825E1133FBEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4F71EC0-3C48-45FC-99E1-41AFFA50304D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACB93E25-B672-4951-A39C-2B372859318C}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{ADDD67E5-63B4-4D7F-8BC2-03C977DCC6C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1601759-13F1-4652-BD66-A68677613B04}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{B78F4ED6-206E-435D-9713-0FFF4A169A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA368C79-F315-47A0-AA1A-D39E523E1AD5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C481E99D-4EC0-43CB-9C29-5C4F9BAEEE4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC1A24D0-8E17-4FA4-B711-3AD55C8DED87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4A2677B-A6A7-49C1-8197-0308FCAD27C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DED0F02C-6666-4AD6-922B-804F188F07CC}" = protocol=6 | dir=out | app=system |
"{E8083241-0117-41FE-BE27-818BE586A3BB}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{E93E8B3B-3117-43E7-BBDB-6B944F303850}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9CDF5A6-34B2-4755-9537-C2CE32E8A7BD}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{F4F5F614-B6EB-4592-A7DE-91BA41D1F244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7063B05-A3C6-4DD8-9D05-1D97D1ACF1ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFB82FF7-CE4A-4122-BBB1-C001DDBCB0EB}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"TCP Query User{121D0865-6AB6-4560-BD54-F35A718A04CA}D:\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\repair.exe |
"TCP Query User{145EFA15-303C-4E3A-A39F-22D5D4B760C2}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{5DA2D4EA-0FD6-4137-8686-8793A97B1047}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{80EA5CC3-56F4-43AA-9909-A599FAA8D30B}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{87C28070-7E95-4392-B3C5-751D6F397B0F}D:\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"UDP Query User{01C711B2-A12C-4361-AF24-6E2DCCECA11A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4E008E77-3668-49CD-8A9B-48128176F52B}D:\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\repair.exe |
"UDP Query User{8742D1EA-5937-4323-89BD-CC8347302B15}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{E560D154-376B-4E13-8E7E-E394E97684E3}D:\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"UDP Query User{F18C364D-E76C-4A6F-BA53-05226D05A4F7}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
"{0991D3E2-736E-4674-8C78-5E4AF3B9DD63}" = World of Warcraft Model Viewer 64-bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders
"{717690AA-0C4B-1E11-F13B-D737E230B8CD}" = ATI Problem Report Wizard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E311AD5-3CC4-23CE-02C1-FBDAE91707E7}" = ATI AVIVO64 Codecs
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D10B35A6-786F-2879-DC2F-EBBD735E51B8}" = AMD Fuel
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{10EBB586-D21E-60CA-0856-AA753EBE1F16}" = Application Profiles
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.13, 2012.04.22
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C4F98C5C-69EC-34D5-45B6-9CF4AD8FCDFD}" = HydraVision
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.2
"Fraps" = Fraps (remove only)
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.08.2012 09:56:27 | Computer Name = Githy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Katy\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 24.08.2012 09:56:27 | Computer Name = Githy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Katy\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 24.08.2012 09:56:29 | Computer Name = Githy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Katy\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 24.08.2012 11:27:00 | Computer Name = Githy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 24.08.2012 14:16:45 | Computer Name = Githy-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 25.08.2012 07:25:57 | Computer Name = Githy-PC | Source = Application Hang | ID = 1002
Description = Programm TESV.exe, Version 1.1.21.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16c Startzeit:
01cd82b441da7208 Endzeit: 41 Anwendungspfad: D:\Games\Skyrim\The Elder Scrolls V-
Skyrim\TESV.exe Berichts-ID: a1a5fc18-eea7-11e1-937a-0013469931f3
Error - 04.09.2012 00:31:13 | Computer Name = Githy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: htcUPCTLoader.exe, Version: 1.0.2.34,
Zeitstempel: 0x4f8cde22 Name des fehlerhaften Moduls: OutputLog.dll, Version: 1.0.0.3,
Zeitstempel: 0x4f87d8a6 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000050c0 ID des fehlerhaften
Prozesses: 0xa60 Startzeit der fehlerhaften Anwendung: 0x01cd8a561c6a48db Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll Berichtskennung:
5b686b3a-f649-11e1-9d01-0013469931f3
Error - 04.09.2012 00:46:39 | Computer Name = Githy-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 04.09.2012 17:34:43 | Computer Name = Githy-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.10.0.116 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fb4 Startzeit:
01cd8a95ff15282d Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
54fa7c41-f6d8-11e1-a157-0013469931f3
Error - 15.09.2012 07:31:06 | Computer Name = Githy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
0x4626b2f4 Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4fa119ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x6b29cfde ID des fehlerhaften
Prozesses: 0xda0 Startzeit der fehlerhaften Anwendung: 0x01cd9335824d3263 Pfad der
fehlerhaften Anwendung: C:\Users\Katy\AppData\Local\Temp\{D1CC0C81-5E02-4E4F-8100-42D00DD7ED8B}\ICQ7.exe
Pfad
des fehlerhaften Moduls: MoveIt.dll Berichtskennung: d64add84-ff28-11e1-aff0-0013469931f3
[ System Events ]
Error - 17.09.2012 13:01:14 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.09.2012 13:01:14 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.09.2012 13:01:14 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.09.2012 13:01:14 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
Error - 17.09.2012 13:13:59 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.09.2012 13:16:34 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.09.2012 13:17:42 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.09.2012 13:17:44 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.09.2012 13:26:09 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.09.2012 13:26:10 | Computer Name = Githy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
--- --- --- |
