Flutjaker | 01.05.2013 12:27 | Weißer Bildschirm / Trojaner Hallo zusammen,
ich habe mir wohl den Trojaner eingefangen, der mich nach dem Hochfahren auf einen weißen Bildschirm leitet.
Hier die logs von OTL. Code:
OTL logfile created on: 01.05.2013 13:07:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 86,71% Memory free
8,17 Gb Paging File | 7,75 Gb Available in Paging File | 94,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 271,08 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 179,25 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 7,52 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.01 12:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.07.04 08:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.11 19:56:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.21 21:42:04 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Robert\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.09.11 08:38:20 | 000,155,648 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\TFK\InternetfilterPlus\difsvc.exe -- (difsvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.11.13 10:41:02 | 000,628,840 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.04 07:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.06.30 19:28:00 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008.06.24 00:21:32 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2005.09.05 20:56:10 | 000,044,608 | ---- | M] (Datapol GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\difdrv.sys -- (difdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=5E88002215F3DD3E
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 E1 38 26 AF 28 CE 01 [binary data]
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{03EA8FA1-ED8A-4062-8746-1A76519ED951}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5E88002215F3DD3E
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{40BB25F3-8B1D-4E6C-A242-E0039E8228BE}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{7C2DB858-722D-4B41-B791-048E30CD1D32}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{98A1B7C0-85A2-4D72-B010-C5F7B709981D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{9B508555-B498-46E7-8306-F99C2C437F0B}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{B19AED0C-9F2E-4245-B5CB-4A5DF9E21656}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1B581F24-A7E4-428A-AFDB-A07E6BDCDB57&apn_sauid=CECEE4F6-A5C0-421A-B0FD-159367F88D83
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\..\SearchScopes\{D2A3864E-4751-43EC-BF50-517963E49918}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=83e73dbd-aabb-4951-9173-7500e2ab8800&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
[2013.03.31 19:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=5E88002215F3DD3E
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Beautiful landscape = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: YouTube Unblocker = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\
CHR - Extension: Google Mail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012.10.24 00:31:01 | 000,444,147 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Robert\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WebFilter] C:\Program Files (x86)\TFK\InternetfilterPlus\difapp.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE78511-C8BE-48FB-A933-A588B5E82EBC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93990287-A724-4293-A3AA-1A29F99C102E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-20595319-3473838875-2974261393-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-20595319-3473838875-2974261393-1000 Winlogon: Shell - (C:\Users\Robert\AppData\Roaming\skype.dat) - C:\Users\Robert\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.26 17:10:48 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.12.25 22:07:02 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.12.25 22:06:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.12.25 22:06:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.12.25 22:06:49 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.12.25 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.30 15:23:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{729F1B2D-1663-4EDE-8151-281A3C18DAD8}
[2013.04.29 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Blubb
[2013.04.29 11:43:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2895984C-95D4-4946-8082-6A8DB317D619}
[2013.04.26 00:08:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{77732A9F-89AD-4A2C-8E2B-0435EA930987}
[2013.04.24 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0B70C36D-4BB1-4C9A-85E9-87894F5BE2DA}
[2013.04.23 15:22:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0C8E6EA9-197C-4A22-B025-8B0E10187C3C}
[2013.04.21 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F1E82A14-D12C-40CF-BD8D-019E36532CFD}
[2013.04.21 13:34:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Various Artists - Reclusive's Lemming Chiptune Compilation (2012)
[2013.04.20 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EB62EE21-7E2B-45C0-BDE7-B9C97C92D4C8}
[2013.04.17 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Caesar III [Wineskin].app
[2013.04.17 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{825D59F5-8F2F-45E9-9EB3-87FC31E68FA5}
[2013.04.16 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1B167708-44BB-43B5-BF40-89AC7C1E2CE7}
[2013.04.15 21:34:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2F29D6BA-5924-439D-9800-7A1D64DFD46C}
[2013.04.15 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{90AF7006-6C22-40F2-8B28-F4B30E6FBFB4}
[2013.04.13 09:34:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\SVZ
[2013.04.11 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\GTA San Andreas User Files
[2013.04.11 10:44:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 10:44:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 10:44:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 10:44:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 10:44:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 10:44:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 10:44:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 10:44:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 10:44:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 10:44:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 10:44:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 10:44:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 10:44:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 10:44:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 10:44:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 17:02:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{ADCC0F9E-CABB-40A8-8130-F7E03A54665D}
[2013.04.10 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Tracing
[2013.04.10 15:56:38 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 15:56:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 15:56:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 15:56:20 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.04.10 15:56:19 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 15:56:19 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.06 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Tracing - Kopie (1)
[2013.04.06 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Local Settings - Kopie (1)
========== Files - Modified Within 30 Days ==========
[2013.12.25 22:06:44 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.12.25 22:06:43 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.12.25 22:06:43 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.12.25 22:06:43 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.12.25 22:06:43 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.12.25 22:06:43 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.01 13:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.01 12:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.01 12:54:01 | 000,000,000 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\skype.ini
[2013.05.01 12:53:59 | 000,000,680 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2013.05.01 12:53:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 12:53:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 12:20:24 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.01 12:20:24 | 000,670,448 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.01 12:20:24 | 000,631,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.01 12:20:24 | 000,143,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.01 12:20:24 | 000,118,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.30 22:45:59 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20595319-3473838875-2974261393-1000UA.job
[2013.04.26 02:45:59 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20595319-3473838875-2974261393-1000Core.job
[2013.04.20 17:24:31 | 000,024,155 | ---- | M] () -- C:\Users\Robert\Desktop\image_m.jpg
[2013.04.17 23:00:15 | 487,924,185 | ---- | M] () -- C:\Users\Robert\Desktop\caesarium.zip
[2013.04.12 16:06:19 | 000,257,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 11:15:33 | 000,002,047 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013.04.30 23:47:01 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2013.04.30 23:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\skype.ini
[2013.04.20 17:24:30 | 000,024,155 | ---- | C] () -- C:\Users\Robert\Desktop\image_m.jpg
[2013.04.17 23:19:41 | 000,001,037 | ---- | C] () -- C:\Users\Robert\Desktop\Read Me.rtf
[2013.04.17 20:20:27 | 487,924,185 | ---- | C] () -- C:\Users\Robert\Desktop\caesarium.zip
[2012.11.28 04:26:30 | 000,092,936 | ---- | C] () -- C:\Users\Robert\skype_modern_ringtone-ringtone.mp3
[2012.10.21 19:07:54 | 000,000,170 | ---- | C] () -- C:\Windows\Sierra.ini
[2012.10.21 18:59:36 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.10.21 18:59:36 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.09.06 22:23:52 | 003,884,962 | ---- | C] () -- C:\Users\Robert\Wir sind bereit !.mp3
[2012.08.06 18:20:42 | 007,837,987 | ---- | C] () -- C:\Users\Robert\UeruWpwCE4JM.128.mp3
[2012.05.05 22:53:23 | 001,538,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.10 21:24:45 | 000,058,368 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\skype.dat
[2012.02.27 17:35:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.02.27 17:35:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.02.27 17:34:44 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.02.25 15:40:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.02.24 22:02:33 | 000,040,448 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.21 20:59:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.02.21 20:59:02 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.02.21 20:59:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.02.21 20:59:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.02.21 20:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.21 20:44:33 | 000,033,784 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.21 20:43:53 | 000,033,390 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.21 20:36:16 | 000,000,732 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps64.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report > Code:
OTL Extras logfile created on: 01.05.2013 13:07:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 86,71% Memory free
8,17 Gb Paging File | 7,75 Gb Available in Paging File | 94,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 271,08 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 179,25 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 7,52 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4F 47 37 8F 43 17 CD 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096502FF-B195-43FB-AF34-C39C41B8C923}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{137232D0-0521-4219-90F0-03F74922E526}" = rport=137 | protocol=17 | dir=out | app=system |
"{14B63EF1-DB4F-48DD-8DC5-29ADB38DE9F0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{18C21C62-BEA4-4F34-9AB4-DB35FE56C8AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BBAB35B-C768-4A4E-A314-6CAC030C3D88}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{45688C8D-C1D8-416D-AD66-71653C613C65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F97ECBC-FF56-43D5-B606-7DFCE613D294}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70E74FDF-3B10-4139-9A5E-61CE9F01E0BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B244565-B272-4669-A810-859497E36E2B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7DD5EE9A-8CCB-40C7-8223-DBB5B325F2DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{83B3583E-022F-49BD-8DDE-CF6C8506D8CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{89F9475B-6965-43E2-A26F-8C3055C79D44}" = lport=139 | protocol=6 | dir=in | app=system |
"{8ED5BDF1-FDC7-4E68-8D9B-C381126DB3BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5AD3B9-FBB1-4D85-AF6C-8663628985F0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AAA85AC1-69D4-4C3D-B658-C134B74034D5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B041F85F-2D28-40DD-ADF6-BED6141562E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B08A322D-85E0-4797-BB5E-0EB90D1218BB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B48695AB-93C4-421D-BB96-C89DE68C223F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B92D4D6F-DD09-4AB1-8038-57E5C23E5B50}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BBFEBE1A-7819-40A6-A46D-D2BD945C6341}" = lport=137 | protocol=17 | dir=in | app=system |
"{BCA5C99D-2004-4522-9D82-99E0F509DD31}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D1AB4FEC-66DB-42EB-A3EC-86E314F27FA7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DFCE3A6B-4B58-4561-A9DC-B7C2223B3AB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{E73EBFB7-A09E-4F0A-ADD9-8F952AC93344}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006A1B2F-C9BC-4496-AE34-0307A9378B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flutjaker\counter-strike\hl.exe |
"{078EDA90-5D53-4C3F-BF83-D14F5934F6E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09E34348-A026-4988-B222-08243BAF30EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{0EDD05EA-43A2-4868-A81A-C00386CA854F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0EF671C6-AA0C-439B-9189-B4E2EF20CBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0FA56F8D-0B78-4629-98AF-A7B852AA4698}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{11E8E6BB-6E0C-44D2-9ACE-8DAB82CADD83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{136FEE08-5672-4F5F-937E-F58AFD84904C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{1427E0B8-26A9-4A1C-A67D-1B68E5B48109}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{184F6940-8175-477B-848F-D016F47CEB62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BE7A704-EF44-4784-B76A-4BD0105FEF66}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{1D9F5F40-8103-41DC-818A-7F1D710DC237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{1F33B4CF-E096-4239-8C45-7503050972FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe |
"{215E0F26-8A74-40FD-8774-12A84CD42E31}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{224F80BE-EEB9-4C8E-B5A3-1A35D2224CF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe |
"{239D5F28-5908-4FE9-AED0-60073CBF7BE3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A7A8E93-0789-45A7-B9AE-3C7B43590A86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{2BEFF151-8065-4ED8-9070-90EA498438CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{2FD79A46-3FA5-4088-9C02-E8AE5EDFBA89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{32F1E8FD-CF84-4C6B-AA8D-1AB6536686BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{3488D16F-0145-491F-A018-48F0E249B304}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{35430044-752A-4E08-BFA7-D690B09FE653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{37674455-447C-46CE-825B-3B3781C29E39}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{38527DA8-0457-4CFE-BAB2-50B6054DC4A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flutjaker\day of defeat\hl.exe |
"{38D57B5B-09F9-4E0B-BD57-8E330DBE266A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3FBA45A5-E81A-4469-91F0-DF6410DA9BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{405316BF-9DB6-4223-A864-147DB3F5A3A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flutjaker\day of defeat\hl.exe |
"{4115F421-7CEF-4DDC-AC19-7695BEA5FB95}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4C7661F1-F9E0-4FE8-9E39-DD17AAE87B99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironfront\ironfront.exe |
"{4D259D95-AF95-404A-A0A7-A6C8E59FEA27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D7543E8-D122-4D8A-993A-64CA9AEA6195}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4D75B1ED-9A6D-4862-B270-9A517C5558D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{572E2480-D743-4F7B-AD56-E86DE2ADBA16}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{596F354E-C1AF-450F-BFC6-25E149C5BD44}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5AB1822D-A40F-412D-B3D4-F27A14013B9D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{5BD11399-38F8-4B16-ACE7-4C1C8413A55A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{65725E49-0537-48AE-96C8-2C1D99CD13DD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6A5239FE-3279-42C5-93ED-69E8A018910F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{6B7A1FE1-0E19-44FF-8853-A9F7F69E41EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7175280B-B17F-4A5A-B9AE-6BD99F247B5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{76B847ED-4479-4895-82E3-F117B7FC510E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{78470EB5-AF09-423C-8F06-02863809BD7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{796813F9-3293-4385-B0F0-C202F83713BB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{7C94893F-653A-4E07-8356-7952E288CD68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcry.exe |
"{7F86E381-BA68-4705-BC5F-D538FC9C3EDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ibomber defense\game.exe |
"{8C5F48AC-502D-4D6F-9EB4-C5E7FBC8513A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironfront\ironfront.exe |
"{8C76CAFC-86B4-4DEE-9CB6-713EABE6FF0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{8F798BAD-A2D9-41DC-A71C-D4C5F92972C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{8FC3517A-4D9F-4E7E-BE77-5F04DDA2C462}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{A086C86C-4A00-46F6-8539-C1B6B0764E7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5901E1F-E288-4F0D-AD9C-9B672BB8B298}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{A9915FF8-A8CD-4471-BE56-A699E781DE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\udk.exe |
"{B0C22F49-EAC4-4671-A0F6-3463BC5D5628}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{BBB9B822-2D56-4D3D-8C90-478D6B3219F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{BDD5C546-ED3B-4352-B977-E8D210EA1CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\udk.exe |
"{BF84B500-56D4-4C39-B3F5-0B312A5674F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{C1B284D0-FF5D-41DF-B841-0433AB456641}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flutjaker\counter-strike\hl.exe |
"{C223F8E3-AFD6-4194-9F13-5BC26AC8BD99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{C25F6D37-3F99-4966-94BC-165744F2253F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C4BD730F-E181-448F-84BF-0D818C636BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{C912F127-B37C-47FF-B846-46A7B8416072}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CC71B116-C42B-45BE-8EC5-73185B449361}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CFC79739-6035-4F63-AEA3-696526D7CA8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{D097A4AC-F1E0-4CCC-9DA4-48C11AC84A90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{D376B651-B57F-46A4-8E5E-40B1FBA5FEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D3DA8E06-E367-422B-907B-CC0BCEFB71E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{D5F598A3-7370-44F0-8CBE-1ECE9995BF36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{D7EF0E76-7C4C-4565-86BE-DDD28D72118C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D9978ED2-CDF0-4891-8C1D-7534EB1D2D28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ibomber defense\game.exe |
"{E03E041A-E162-4928-90BF-CE0EB9780292}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E8A2500F-7833-4B96-9230-1718F045D3B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{EF4B7E36-5C93-4494-81BD-E2E9CF66273E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcry.exe |
"{F65AD6F0-51C6-43DB-B8D2-5BE8EEB9BA9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"TCP Query User{31B82DEC-8371-49AA-B1E3-955169CB01AF}C:\users\robert\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede.exe |
"TCP Query User{9417B147-8974-44D7-B430-5E2BD162ECF4}C:\users\robert\downloads\diablo-iii-setup-dede (2).exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede (2).exe |
"TCP Query User{9A17B595-596F-449E-A3C8-E93B2E9860D6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{CD4A04FE-E418-42AF-B75E-DEDD596CAC6B}C:\program files (x86)\maxis\simcity 3000 deutschland\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maxis\simcity 3000 deutschland\apps\updater\updater.exe |
"TCP Query User{EB1432F6-6982-43D1-8C36-575762A0B4B0}C:\users\robert\downloads\diablo-iii-setup-dede (1).exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede (1).exe |
"UDP Query User{2F9040B3-5C26-4575-9AC0-C36F8616D032}C:\users\robert\downloads\diablo-iii-setup-dede (1).exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede (1).exe |
"UDP Query User{3E16373E-C5B1-473A-A8C2-23FB130B04E6}C:\users\robert\downloads\diablo-iii-setup-dede (2).exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede (2).exe |
"UDP Query User{DD7137E3-E629-4A19-89D7-C66E6F83F3DA}C:\program files (x86)\maxis\simcity 3000 deutschland\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maxis\simcity 3000 deutschland\apps\updater\updater.exe |
"UDP Query User{DF5AB03A-ED7A-48CE-BDE9-5A0DDF29CB59}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{F0D459AD-CE10-4FAF-B049-31C71DE11667}C:\users\robert\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\diablo-iii-setup-dede.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6547 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{118B6CA9-FD8B-467A-988C-44E212689A9B}_is1" = GutscheinRausch.de - AddOn für Chrome
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArtMoney PRO_is1" = ArtMoney PRO v7.28
"BattlEye for Iron Front" = BattlEye for Iron Front Uninstall
"bi_uninstaller" = Bundled software uninstaller
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"Internetfilter Plus" = Internetfilter Plus
"IrfanView" = IrfanView (remove only)
"LinCity-NG_is1" = LinCity-NG 1.1.2
"mv61xxDriver" = marvell 61xx
"OpenAL" = OpenAL
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"Steam App 10" = Counter-Strike
"Steam App 104000" = iBomber Defense
"Steam App 104900" = ORION: Dino Beatdown
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 13520" = Far Cry
"Steam App 207610" = The Walking Dead
"Steam App 211600" = Thief Gold
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 400" = Portal
"Steam App 42650" = Transformers: War for Cybertron
"Steam App 47410" = Stronghold Kingdoms
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 91330" = Iron Front : Liberation 1944
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-20595319-3473838875-2974261393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2013 18:08:41 | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 18:10:53 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung difsvc.exe, Version 0.0.0.0, Zeitstempel 0x4323d0db,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x5b0, Anwendungsstartzeit 01ce45ef94df8cb3.
Error - 30.04.2013 18:12:23 | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 06:17:21 | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 06:22:58 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung difsvc.exe, Version 0.0.0.0, Zeitstempel 0x4323d0db,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x5f4, Anwendungsstartzeit 01ce4655d9c39b24.
Error - 01.05.2013 06:31:56 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung difsvc.exe, Version 0.0.0.0, Zeitstempel 0x4323d0db,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x5dc, Anwendungsstartzeit 01ce46571af3c8fb.
Error - 01.05.2013 06:53:37 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung difsvc.exe, Version 0.0.0.0, Zeitstempel 0x4323d0db,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x5e8, Anwendungsstartzeit 01ce465a2258f0d4.
Error - 01.05.2013 06:54:04 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16476, Zeitstempel
0x5126ee6c, Ausnahmecode 0xc00002b4, Fehleroffset 0x00414e98, Prozess-ID 0x88c, Anwendungsstartzeit
01ce465a303ab101.
Error - 01.05.2013 06:55:02 | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.05.2013 07:05:53 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report > Vielen Dank schon mal für eure Hilfe !
VG
Flutjaker |