Otl.txt. :OTL Logfile: Code:
OTL logfile created on: 20.04.2013 20:43:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,10% Memory free
5,86 Gb Paging File | 4,65 Gb Available in Paging File | 79,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,97 Gb Total Space | 7,37 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 70,87 Gb Free Space | 96,76% Space Free | Partition Type: NTFS
Drive E: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 16,83 Gb Total Space | 16,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 15,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\o.tel.o\o.tel.o.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\SDL2.dll ()
MOD - C:\Program Files\o.tel.o\o.tel.o.exe ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
MOD - C:\Program Files\o.tel.o\NDISAPI.dll ()
MOD - C:\Program Files\o.tel.o\atcomm.dll ()
MOD - C:\Program Files\o.tel.o\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\o.tel.o\DetectDev.dll ()
MOD - C:\Program Files\o.tel.o\NetInfoPlugin.dll ()
MOD - C:\Program Files\o.tel.o\LocaleMgrPlugin.dll ()
MOD - C:\Program Files\o.tel.o\DeviceMgrPlugin.dll ()
MOD - C:\Program Files\o.tel.o\DialUpPlugin.dll ()
MOD - C:\Program Files\o.tel.o\XCodec.dll ()
MOD - C:\Program Files\o.tel.o\DeviceOperate.dll ()
MOD - C:\Program Files\o.tel.o\ConfigFilePlugin.dll ()
MOD - C:\Program Files\o.tel.o\NotifyServicePlugin.dll ()
MOD - C:\Program Files\o.tel.o\isaputrace.dll ()
========== Services (SafeList) ==========
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HPSLPSVC) -- C:\Users\Chris\AppData\Local\Temp\7zS35A5\hpslpsvc32.dll (Hewlett-Packard Co.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (dump_wmimmc) -- C:\AeriaGames\Wolfteam-DE\GameGuard\dump_wmimmc.sys File not found
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (C2xxUSB) -- C:\Windows\System32\drivers\C2xxUSB73.sys (Samsung Electronics)
DRV - (C2XXCOM) -- C:\Windows\System32\drivers\C2XXCOM73.sys (Samsung Electronics)
DRV - (C2xxUsbStorage) -- C:\Windows\System32\drivers\C2xSTR73.sys (Samsung Electronics)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={E474F079-1DDE-11E2-A7E5-001F16C30F2F}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=5ac9b83c-e3d7-4794-8c14-b684c7fdcc70&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={E474F079-1DDE-11E2-A7E5-001F16C30F2F}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=4612_8&babsrc=HP_clro&mntrId=4cc741b20000000000000617c4a9b88a
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.giga.de/go/wwr
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 89 A9 5F 40 5F CD 01 [binary data]
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=5ac9b83c-e3d7-4794-8c14-b684c7fdcc70&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=5ac9b83c-e3d7-4794-8c14-b684c7fdcc70&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes,DefaultScope = {83E98DA9-80CA-4B86-A39D-B973A8918F56}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=5ac9b83c-e3d7-4794-8c14-b684c7fdcc70&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4612_8&babsrc=SP_clro&mntrId=4cc741b20000000000000617c4a9b88a
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{1153DAF0-A67F-44A2-95B5-E8EE355D2543}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8AF536D9-7475-49F7-ABD1-F2610DFE00C4&apn_sauid=16F809E5-4ADF-4FA4-85DA-4FA393256ED2
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{83E98DA9-80CA-4B86-A39D-B973A8918F56}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B047E692-A4A3-4CEF-B044-C7B831E8105A}&mid=d040bdb0fd5247d08518d1565027e6dc-cef37c04eba536c9a53b0621563c095083e8192f&lang=en&ds=yu012&pr=sa&d=2012-07-31 16:20:09&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/cheatengine/{5128B052-0231-4F23-BDE5-B537E91B33D7}?q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={E474F079-1DDE-11E2-A7E5-001F16C30F2F}
IE - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.17 20:29:49 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fun Switcher = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: F2B Dark Electrique - Ibis Tribute on Black = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0\
CHR - Extension: Color Piano! = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\2.1.1.40_0\
CHR - Extension: Google Mail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fun Switcher = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: F2B Dark Electrique - Ibis Tribute on Black = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0\
CHR - Extension: Color Piano! = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\2.1.1.40_0\
CHR - Extension: Google Mail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-3153247948-3028354880-3382878320-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5753622-AF3C-4536-8F67-783474087488}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B711C2F3-6708-4574-BC14-129418E3F5FF}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA517052-0F16-4E48-BE62-FC205EDB235B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\24897~1.175\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.28 10:00:55 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.09.19 11:12:34 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0416767e-7c35-11e2-a087-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{0416767e-7c35-11e2-a087-001f16c30f2f}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a371844a-de68-11e1-89b8-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{a371844a-de68-11e1-89b8-001f16c30f2f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{c184c39c-832b-11e2-a6fd-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c184c39c-832b-11e2-a6fd-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c184c3a1-832b-11e2-a6fd-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c184c3a1-832b-11e2-a6fd-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c184c3a3-832b-11e2-a6fd-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c184c3a3-832b-11e2-a6fd-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c184c3a6-832b-11e2-a6fd-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c184c3a6-832b-11e2-a6fd-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c3afab7e-8350-11e2-8832-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c3afab7e-8350-11e2-8832-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c3afab80-8350-11e2-8832-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c3afab80-8350-11e2-8832-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cd0111a7-81ae-11e2-8871-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{cd0111a7-81ae-11e2-8871-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoInstaller.exe
O33 - MountPoints2\{e1fbdbc3-cab5-11e1-a0eb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e1fbdbc3-cab5-11e1-a0eb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010.08.11 06:51:04 | 000,349,992 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{e8b8e778-81af-11e2-830f-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b8e778-81af-11e2-830f-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoInstaller.exe
O33 - MountPoints2\{f0e2f6c6-de52-11e1-84ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e2f6c6-de52-11e1-84ef-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{f0e2f6f8-de52-11e1-84ef-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e2f6f8-de52-11e1-84ef-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fd6ec46e-7905-11e2-832b-001f16c30f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{fd6ec46e-7905-11e2-832b-001f16c30f2f}\Shell\AutoRun\command - "" = G:\AutoInstaller.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.20 20:33:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013.04.18 20:17:27 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.13 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\My Games
[2013.04.13 17:54:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.13 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013.04.13 16:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.13 16:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013.04.13 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\stranded2
[2013.04.11 14:19:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 14:19:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 14:19:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.11 14:19:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 14:19:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 14:19:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.11 14:19:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.11 14:19:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 15:28:36 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 15:28:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 15:28:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 15:28:29 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 15:28:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 15:28:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.08 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.04.08 20:17:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Paint.NET
[2013.04.08 19:48:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Aurora3D
[2013.04.08 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Configure
[2013.04.08 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Maker3D
[2013.04.06 22:09:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.04.06 22:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.06 22:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.31 12:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal Fudge Pack
[2013.03.31 11:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Postal2STP
[2013.03.29 15:18:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.28 19:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso
[2013.03.27 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\SimCity Societies
[2013.03.27 20:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2013.03.21 21:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013.03.21 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\GTA San Andreas User Files
[2013.02.26 20:55:09 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\dxdiag.exe
========== Files - Modified Within 30 Days ==========
[2013.04.20 20:35:35 | 000,027,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 20:35:35 | 000,027,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 20:34:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013.04.20 20:29:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.20 20:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.20 20:27:55 | 2359,980,032 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 20:10:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3153247948-3028354880-3382878320-1000UA.job
[2013.04.20 20:05:07 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.04.20 19:59:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3153247948-3028354880-3382878320-1000.job
[2013.04.17 22:52:59 | 000,707,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.17 22:52:59 | 000,153,044 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.17 22:52:59 | 000,125,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.17 22:52:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.17 15:15:58 | 000,000,224 | ---- | M] () -- C:\Users\Chris\Desktop\Sid Meier's Civilization V (DirectX 11).url
[2013.04.14 13:10:18 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3153247948-3028354880-3382878320-1000Core.job
[2013.04.13 18:02:25 | 000,000,214 | ---- | M] () -- C:\Users\Chris\Desktop\Sid Meier's Civilization V.url
[2013.04.13 17:24:33 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.13 17:03:03 | 000,007,625 | ---- | M] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2013.04.13 10:51:23 | 013,629,267 | ---- | M] () -- C:\Users\Chris\Desktop\stranded2.zip
[2013.04.12 07:06:52 | 000,327,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.12 07:05:10 | 000,003,496 | ---- | M] () -- C:\bootsqm.dat
[2013.04.08 20:19:26 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013.03.21 23:08:38 | 000,003,451 | ---- | M] () -- C:\Users\Public\Documents\cheats.rtf
========== Files Created - No Company Name ==========
[2013.04.17 15:15:58 | 000,000,224 | ---- | C] () -- C:\Users\Chris\Desktop\Sid Meier's Civilization V (DirectX 11).url
[2013.04.13 17:54:14 | 000,000,214 | ---- | C] () -- C:\Users\Chris\Desktop\Sid Meier's Civilization V.url
[2013.04.13 17:03:03 | 000,007,625 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2013.04.13 16:37:09 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.13 10:50:27 | 013,629,267 | ---- | C] () -- C:\Users\Chris\Desktop\stranded2.zip
[2013.04.12 07:05:10 | 000,003,496 | ---- | C] () -- C:\bootsqm.dat
[2013.04.08 20:19:26 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013.04.08 20:19:26 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013.03.21 23:08:37 | 000,003,451 | ---- | C] () -- C:\Users\Public\Documents\cheats.rtf
[2013.03.14 17:18:28 | 000,000,048 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\TheHunterSettings_live.cfg
[2013.01.17 20:59:06 | 000,001,452 | ---- | C] () -- C:\Users\Chris\AppData\Local\recently-used.xbel
[2013.01.11 21:06:50 | 000,138,056 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2012.11.17 20:19:22 | 000,000,528 | ---- | C] () -- C:\Users\Chris\AppData\Local\UserProducts.xml
[2012.11.09 16:40:02 | 000,172,003 | ---- | C] () -- C:\Users\Chris\AppData\Local\Tempbg.jpg
[2012.10.14 12:13:03 | 001,426,411 | ---- | C] () -- C:\Users\Chris\AppData\Local\Tempmusic.ogg
[2012.07.11 14:58:42 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.11.29 15:44:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2012.10.25 13:50:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Aeria Games & Entertainment
[2012.11.17 20:29:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2012.09.30 16:06:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\convert
[2013.01.20 19:53:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2013.01.27 13:07:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\flightgear.org
[2013.01.27 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\fltk.org
[2012.11.17 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Hotspot Shield
[2012.10.21 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Jardinains 2!
[2012.11.17 20:39:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\loadtbs
[2012.07.30 16:15:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenCandy
[2012.11.01 15:33:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012.11.30 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2012.11.17 20:42:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PerformerSoft
[2013.01.27 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Subversion
[2013.03.03 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Systweak
[2013.04.09 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tropico 3
[2012.07.11 13:58:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013.02.21 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vodafone
[2012.08.10 09:15:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\XSManager
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CC69D3C
< End of report > --- --- ---
Extra txt.:OTL Logfile: Code:
OTL Extras logfile created on: 20.04.2013 20:43:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,10% Memory free
5,86 Gb Paging File | 4,65 Gb Available in Paging File | 79,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,97 Gb Total Space | 7,37 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 70,87 Gb Free Space | 96,76% Space Free | Partition Type: NTFS
Drive E: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 16,83 Gb Total Space | 16,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 15,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFDF3CF-7B56-4EBF-9F8B-13E6508ED0D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6FF2BF-40EB-4BE1-8E14-8F6003BD3C57}" = lport=80 | protocol=6 | dir=in | name=qw |
"{1C116718-2BA7-426E-9072-17652C9F7FB2}" = rport=445 | protocol=6 | dir=out | app=system |
"{20106899-3636-43D6-A2D0-D7012824F100}" = lport=137 | protocol=17 | dir=in | app=system |
"{20B574BD-4E58-458D-BFD3-DA83108723DC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{28171A90-E0FF-4BC0-A6A3-0FDB38604788}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DB00119-32AC-4BDE-BC57-EA829E6C707C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{3130DF92-75EA-4C4E-B9C1-4F4BF91C57B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3296BD91-94E8-45B5-A510-26132B8779E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{393E6788-FEDA-40A8-9A6C-B786EC4DC35B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{3CB2BE7F-F935-41B5-B17C-19297740601D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{3EC667C4-D18E-47A9-81AC-2FC466F0C1CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{407E37E2-A81D-4F9B-8379-0FCEB1309030}" = rport=80 | protocol=6 | dir=out | name=qw |
"{42FC0E0F-4F68-4C5B-8502-1144CD2E71B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49CA71B1-53E4-41DE-B40F-159B5D777EB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4AF946ED-418A-408E-9DF0-AB14B7CA9A03}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C17EAC4-A45F-40AA-B064-D8C00C676E87}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{51961315-2D61-41BC-B8C5-7DDC2FC8C567}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{671CA012-4C4A-4670-8F7D-D3DCD18557C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{679A226B-E919-42EB-B509-CC7144A60EA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{7B141564-1416-4B0A-A1BF-DA3CD40441B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{7F78220D-2FCE-4DE3-90DA-69FB8E2FECDF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{8B5212A8-19EE-4B17-B588-AA68C97ABF60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8E20A300-4D03-4803-9F39-DD24DA034075}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8FC03F39-5701-45BB-89CB-3D3D4456A1D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{9769A257-687D-4CC8-BA6E-33DE9BCB7E99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AA3AACA-BEBD-4B07-AC37-797CDCC00A83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D8D9BD5-79E2-4C07-83F3-52FC8C6EF2BB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{9EF3F61E-3D33-4152-AF83-12E3E2972819}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A025A74C-EA7E-4E21-A80A-C5D00804EB6C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2783247-F8F0-4DF6-9211-53756AF43C06}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{A5D0A5B6-A352-421D-B934-5FEF8BF34562}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADF2508-63A9-409B-9A82-7C4D258B688E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B13A3D4D-B502-48E0-A1FC-26C5A3620A4C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{B6CCE407-3016-40D5-A458-BF0D5EB7AEB8}" = rport=80 | protocol=6 | dir=out | name=qwe |
"{BA767EBF-BFD0-432E-B477-7A1EB91F5115}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BA9DA0E7-8EC4-485A-8F7C-D4965B66BE7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE93BE17-DB3F-4D5F-A6D7-ED5FDEE9E638}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFBDC5E5-C4FE-4034-ACD1-655CA53562FF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{C3A3CBD9-266E-4870-9275-B8EB8FABBE19}" = lport=80 | protocol=17 | dir=in | name=qwe |
"{C3BF15D9-04F0-4C19-BF36-D793A2498474}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C455E574-FD4B-4E90-AA68-39F484BF94E6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{C5D0FDD6-B72E-4002-9528-BFE2328570B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CA809E9C-BF67-41D1-9819-FCDFC3D0D05E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{CED4629A-02C2-45C2-985C-EDF2F595CC77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA9D7D93-1095-4D3E-A01B-B3E7AE08267D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF926E8D-BA2E-4EE8-BCF5-EBA81189F5C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{F9BADB1F-5F97-470C-81AE-E7C915B10ECA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB118150-784E-4276-A9B1-99EE7D6ADE02}" = rport=138 | protocol=17 | dir=out | app=system |
"{FC93780C-8BDA-4B8C-B51B-53B4079382BD}" = lport=80 | protocol=17 | dir=in | name=wergf |
"{FD2B5605-25CF-4E7A-ACAF-5A9D60A14C33}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{FF18021C-F922-4BF4-B75A-92AFE132128A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0023B22F-392F-4BD2-89A1-F9782421E63E}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\temp\7zs35a5\hppiw.exe |
"{022B2A14-9FB5-4FF1-B70A-BD977A06A576}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\temp\7zs35a5\hppiw.exe |
"{15DAF0B7-BD61-4CB2-A7EC-BEE6CD361D60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1606C5AD-7742-4B69-BF08-F9A8C76D8154}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{21D2AB94-A9E7-42B6-B621-8443346408A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A3D170F-C126-4878-9C85-C8E0D87B0B4C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D0C560A-D6F3-4E66-A69F-37A5F8855AF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3618A277-96AE-44BF-8B7E-B2216407F6AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3B7D56E8-8E4D-41E8-B27B-6B96D23E95C0}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3CBAA1BB-F334-4466-901D-1DAA578C7A63}" = protocol=6 | dir=out | app=system |
"{44F04F12-771A-4115-AB46-FBEE50A773B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{45E88528-19B3-47CD-AE44-9992917AA051}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{4EF577B0-E6BD-453B-BB1B-17374783ABD4}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{52863225-9BAA-45F6-8C41-CA820173B93B}" = protocol=6 | dir=in | name=we |
"{541CCA51-E5C8-4B85-9829-671E954DF244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5483569C-3B92-40B7-AD87-B70E8C0ADD6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57067056-8DD6-4B40-A39D-DD7F279339C2}" = protocol=17 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe |
"{57FD5F45-D9E2-4FCC-A591-B0D402E9EB12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EABBB0F-0565-4662-BBFC-AEAFA8358FF1}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{67D83DD9-DC78-4287-BF73-E6A4A9DDD07A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{6961AEBE-10C3-40FA-992F-5568D31B1DA6}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6BBCF7AC-B2D9-460C-9765-C81F46CD0369}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{6C26C7E4-A8C9-4C49-ACF3-3CE30493C37D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6CE827C6-95E7-4880-ABB9-673B1AB6E87A}" = protocol=6 | dir=in | app=c:\program files\thehunter\game\thehunter.exe |
"{7485C9CB-A1FF-42D9-8650-F60E2353995E}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{767772A4-42FA-4B50-8A16-4C2D3511E228}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{78C7188E-EDB3-41BC-90FB-704B05F4D573}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7E2382E7-FDA5-48A8-BA0C-91DDAB3086CA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7FAF2282-2EE9-4F0E-AF62-9CFD9B027783}" = protocol=6 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe |
"{8AC5C6EF-1372-42EA-A23E-F84B1978793B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{8BFF3635-181D-49CD-85E0-A75EF3AF100C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{8CA13D4F-F9ED-4B50-8E1D-6E4042FB7C27}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{8CFCC595-DFC5-4887-A9C8-C484A6D820EC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9147E6F0-CA4A-42AD-B2F9-85663A466880}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{92555C2B-0671-4630-A866-4B5FCB578C25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5A1D144-014C-4612-B5C8-3C3BE771C4C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A5C033FD-EAD9-4181-A59A-6CCAB91EAA5B}" = protocol=17 | dir=in | app=c:\program files\thehunter\game\thehunter.exe |
"{AB9868E0-EF8E-4470-87AA-1B6ADA5B2237}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2B6F984-335D-487B-97EC-0890C551F0AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6BE30D2-16DE-4D2E-9D01-4671316E0430}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0A210C0-5E3F-435F-923F-8596223A5AC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4B3762B-6211-4F96-8780-87FD6751CC47}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{CBE3A4BC-3A21-4A4D-B30D-2D9C262895E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CCFB0796-01BB-42F2-A965-C9AE955C9EC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE430625-9D14-42A2-9B3C-2AD9F52002C8}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{D29278E5-B8E0-4B3E-8447-C4EF95967692}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{D4B728B8-6DB9-4FC4-8B07-08EEC6A5F85E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD6B600E-B2F4-43B4-9ECF-7BF9AE186926}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{E6338C97-4E53-46B1-BB8D-4A3C5D7D5114}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{EF8D0E70-C10D-43F7-842D-8C40D7A3FB6C}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{F102BBDA-BFDE-4730-B183-82A9DEC5AFB2}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{F9B07B5F-3F90-40E7-9D5F-8C52B7014F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD347E8C-95BF-4A48-A984-5087825AD97E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{2352A7F2-11DC-4B98-8D2E-EF231802C99B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2FB1011D-1C83-4F12-AAF8-26F687718312}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3F6D5D12-8BA4-4C07-A35D-D080E1ED191F}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{49C6DB7E-6F73-4054-9978-697A224E672D}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{50F87F79-8A3B-4676-88C5-31DEF901A544}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{529846FE-784D-4745-8FF4-30909B736F57}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5FBEEABC-6280-4B7A-B0B2-53B405F91A5C}C:\users\chris\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{6B06C0B0-16A0-439A-8409-B2F207934854}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A9E58086-30E9-43BD-AE22-D44C3E9757CE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{AAAC937E-5FAE-4836-8755-464045A6E8CE}C:\program files\postal2stp\system\postal2mp.exe" = protocol=6 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe |
"TCP Query User{B6CED6EF-5C02-4C26-B56D-D62B7ED7C693}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{B735BDC2-B4D9-4E94-9265-9208D2C7A2AD}C:\program files\cheat engine 6.2\cheatengine-i386.exe" = protocol=6 | dir=in | app=c:\program files\cheat engine 6.2\cheatengine-i386.exe |
"TCP Query User{C76382CE-1683-42EA-BC0D-071A04FFFFAB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D509E766-2218-4FB7-ADA1-C5F2C61CC04A}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{D5A63726-2281-4A5E-B0B3-83F48E9FE6EB}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{DCE4CCFE-567C-4FA1-A1DC-EA1AE0376FDD}C:\program files\postal2stp\system\postal2.exe" = protocol=6 | dir=in | app=c:\program files\postal2stp\system\postal2.exe |
"UDP Query User{0871C736-EAF9-4FE3-82C3-ABE44888421C}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{3B99A0E2-1707-4B07-AC8A-FC52AD0E7A22}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{3DC39177-E857-4A59-95BA-BE75ED53D028}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{449D344D-EE66-4642-A51D-B226F0A7247F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{56E4E548-6855-4AC6-BD83-3224C0D0A7D3}C:\program files\postal2stp\system\postal2.exe" = protocol=17 | dir=in | app=c:\program files\postal2stp\system\postal2.exe |
"UDP Query User{5AA31995-F11C-4F93-A617-37A3CF9ABC5F}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{9A328CBC-4D16-4F4C-84BA-4F0074DC15BC}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{9D3E2662-E66B-476D-821F-4753DCB12294}C:\program files\cheat engine 6.2\cheatengine-i386.exe" = protocol=17 | dir=in | app=c:\program files\cheat engine 6.2\cheatengine-i386.exe |
"UDP Query User{A1FCAF88-77AB-4644-A940-6FEE53CEEB14}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{A3472412-D7E2-434E-B058-C716FF7C875E}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B139E38F-2C71-4FD6-BEC7-FCF8042D2612}C:\program files\postal2stp\system\postal2mp.exe" = protocol=17 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe |
"UDP Query User{C708BDEA-B97A-485D-9452-7781E9259937}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{CD4C4E00-E86D-49E5-B6EE-B0BF4BB9EAE8}C:\users\chris\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{D5352067-B69D-4E64-BAE4-472CBDF63960}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{D836E7E9-3671-4536-948C-6124A8344C3E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DE771252-54BB-4F75-BABA-37F03ABAA3DB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057131C-3F8C-E56A-8B91-4B96C109009B}" = ButtonBeats DubStep Balls
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ButtonBeats.Dubstep" = ButtonBeats DubStep Balls
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"o.tel.o" = o.tel.o
"Postal Fudge Pack" = Postal Fudge Pack
"Steam App 8930" = Sid Meier's Civilization V
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3153247948-3028354880-3382878320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2013 17:00:00 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 17.04.2013 17:00:00 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 17.04.2013 17:00:00 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 17.04.2013 17:00:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "P". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
Indexwerte enthalten.
Error - 17.04.2013 17:46:52 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2013 13:26:57 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2013 13:32:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 20.04.2013 13:32:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 20.04.2013 13:32:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 20.04.2013 13:32:06 | Computer Name = Chris-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "L". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
Indexwerte enthalten.
Error - 20.04.2013 14:29:50 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 24.03.2013 08:17:52 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 12:47:33 - Fehler beim Herstellen der Internetverbindung. 12:47:33
- Serververbindung konnte nicht hergestellt werden..
Error - 25.03.2013 15:14:49 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 20:01:32 - Fehler beim Herstellen der Internetverbindung. 20:01:32
- Serververbindung konnte nicht hergestellt werden..
Error - 27.03.2013 14:51:30 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 19:39:35 - Fehler beim Herstellen der Internetverbindung. 19:39:35
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2013 06:05:27 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 10:52:12 - Fehler beim Herstellen der Internetverbindung. 10:52:12
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2013 09:36:28 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 21:10:34 - Fehler beim Herstellen der Internetverbindung. 21:10:34
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2013 15:18:18 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 20:04:59 - Fehler beim Herstellen der Internetverbindung. 20:04:59
- Serververbindung konnte nicht hergestellt werden..
Error - 31.03.2013 03:13:58 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 09:13:58 - Fehler beim Herstellen der Internetverbindung. 09:13:58
- Serververbindung konnte nicht hergestellt werden..
Error - 31.03.2013 05:15:57 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 09:14:04 - Fehler beim Herstellen der Internetverbindung. 09:14:04
- Serververbindung konnte nicht hergestellt werden..
Error - 08.04.2013 00:46:04 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 06:45:58 - Fehler beim Herstellen der Internetverbindung. 06:45:58
- Serververbindung konnte nicht hergestellt werden..
Error - 08.04.2013 09:18:04 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = 15:17:53 - Fehler beim Herstellen der Internetverbindung. 15:17:53
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.03.2013 01:30:27 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 14.03.2013 10:00:03 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?03.?2013 um 14:58:02 unerwartet heruntergefahren.
Error - 14.03.2013 09:59:13 | Computer Name = Chris-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.03.2013 10:44:20 | Computer Name = Chris-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.03.2013 11:18:40 | Computer Name = Chris-PC | Source = DCOM | ID = 10001
Description =
Error - 14.03.2013 12:05:29 | Computer Name = Chris-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.03.2013 13:34:47 | Computer Name = Chris-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.03.2013 00:06:08 | Computer Name = Chris-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 16.03.2013 04:39:10 | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?03.?2013 um 09:37:09 unerwartet heruntergefahren.
Error - 16.03.2013 04:38:52 | Computer Name = Chris-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report > --- --- ---
Und wars das jetzt? |