| Bass1988 | 09.05.2013 13:13 |
Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner
Einen schönen guten Tag wünsche ich euch :)
Ich bin mittels Google auf dieses schöne Forum gestoßen und war erstaunt über die tolle Hilfe.
Ich habe seit gestern Schwierigkeiten mit dem Trojaner PWS:Win32/Zbot.gen!AJ
Dieser Trojaner gibt mir immer wieder ein Fenster mit einem "angeblichen Javaupdate" auf den Desktop. Das einzigste, was ich da noch tun konnte, war über den Taskmanager diesen Prozess zu beenden, weil ich auf keinen fall auf irgendeine Schaltfläche in diesem Fenster klicken wollte.
Leider habe ich keine Ahnung, wie ich mir den eingefangen habe. Ich surfe wenn überhaupt nur auf Seiten meines Vertrauens über normale Games bzw. als angehender Musiker in Foren oder Intrumentenshops.
Ich wäre euch sehr dankbar, wenn mir jemand helfen könnte, da ich mit meinem Latein leider am Ende bin. Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:28 on 09/05/2013 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL.txt: Code:
OTL Logfile:
Code:
OTL logfile created on: 09.05.2013 13:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop\Troja
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,08% Memory free
23,54 Gb Paging File | 21,46 Gb Available in Paging File | 91,17% Paging File free
Paging file location(s): c:\pagefile.sys 16000 16000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,47 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 596,35 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.09 13:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Troja\OTL.exe
PRC - [2013.04.21 22:37:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013.04.21 22:37:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.31 03:23:46 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.07.07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.13 19:57:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:33:41 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.01.10 20:33:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.01.10 20:16:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:16:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:16:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 20:16:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:16:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:16:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 20:16:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.30 02:53:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009.11.30 02:41:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.03.17 05:39:46 | 000,148,992 | R--- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.07 20:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.21 22:37:42 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013.04.21 22:37:34 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.16 14:03:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.21 12:17:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.25 17:54:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.04.25 17:54:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.31 03:23:46 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.04 08:48:30 | 000,117,248 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.29 00:35:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.09.29 00:35:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.21 12:04:20 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.08.08 13:07:36 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.29 05:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 05:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.12.04 06:58:20 | 000,644,696 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.10.02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 7E 59 E0 FC 22 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&babsrc=SP_ss&mntrId=9c7e0885000000000000bc5ff40d9164
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=9c7e0885000000000000bc5ff40d9164"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=9c7e0885000000000000bc5ff40d9164&q="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.10.19 15:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.07 20:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.07 20:47:49 | 000,000,000 | ---D | M]
[2012.04.30 16:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.05.01 21:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\p99v2nan.default\extensions
[2013.05.01 21:11:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\p99v2nan.default\extensions\ich@maltegoetz.de
[2013.04.01 01:08:14 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\p99v2nan.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.05.07 20:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.07 20:47:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.04 00:13:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.13 19:37:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.04 00:13:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.04 00:13:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.04 00:13:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.04 00:13:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.04 00:13:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE8D36F-2A4D-4B02-8CF6-5CDBC0B7273A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\icq.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\protoolsse.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall pro tools.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\icq.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\protoolsse.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall pro tools.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33d5ab55-8f20-11e1-a89a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33d5ab55-8f20-11e1-a89a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell - "" = AutoRun
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.09 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Troja
[2013.05.07 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.05 05:01:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ymovy
[2013.05.05 05:01:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ebcue
[2013.05.01 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.05.01 21:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.04.28 23:52:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\Tracing
[2013.04.28 23:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.28 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Windows Live
[2013.04.28 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.28 23:35:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.28 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Bioshock2
[2013.04.28 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bioshock2
[2013.04.28 23:31:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.04.28 23:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.04.28 23:30:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.04.28 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.04.24 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Bioshock
[2013.04.24 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2013.04.24 00:12:11 | 000,000,000 | RH-D | C] -- C:\Users\Admin\AppData\Roaming\SecuROM
[2013.04.23 22:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.04.22 02:34:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Witcher 2
[2013.04.22 02:34:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\The Witcher 2
[2013.04.22 01:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2013.04.21 22:39:15 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.18 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Unity
[2013.04.18 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Unity
[2013.04.16 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.09 13:28:09 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.05.09 13:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 10:47:23 | 008,565,480 | ---- | M] () -- C:\Users\Admin\Desktop\David Guetta feat Sia - Titanium (AURORABRIVIDO acoustic cover) on iTunes.mp3
[2013.05.09 10:46:10 | 007,921,764 | ---- | M] () -- C:\Users\Admin\Desktop\Assassins Creed III - Lindsey Stirling.mp3
[2013.05.09 10:44:02 | 010,925,227 | ---- | M] () -- C:\Users\Admin\Desktop\Mission Impossible - Lindsey Stirling and the Piano Guys.mp3
[2013.05.09 10:39:37 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 10:39:37 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 10:38:01 | 009,593,483 | ---- | M] () -- C:\Users\Admin\Desktop\Adele - Rolling in the Deep (Piano Cello Cover) - ThePianoGuys.mp3
[2013.05.09 10:37:40 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 10:37:40 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 10:37:40 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 10:37:40 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 10:37:40 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 10:32:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.05 21:14:25 | 000,025,297 | ---- | M] () -- C:\Users\Admin\Desktop\Pad Config-655-1-1.7z
[2013.05.03 13:24:49 | 000,000,220 | ---- | M] () -- C:\Users\Admin\Desktop\BioShock Infinite.url
[2013.05.02 15:25:16 | 000,001,685 | ---- | M] () -- C:\Users\Admin\Desktop\SKSE - Skyrim.lnk
[2013.05.01 21:01:56 | 000,001,850 | ---- | M] () -- C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk
[2013.05.01 21:01:56 | 000,000,958 | ---- | M] () -- C:\Users\Admin\Desktop\IrfanView.lnk
[2013.05.01 20:28:50 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.04.30 03:39:55 | 000,467,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.30 03:21:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 03:21:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.28 23:26:32 | 000,326,483 | ---- | M] () -- C:\Users\Admin\Desktop\ENB Customizer v2_1 FIXED-17400-2-1.rar
[2013.04.23 22:50:37 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\BioShock.lnk
[2013.04.22 01:51:18 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.22 01:49:08 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 starten.lnk
[2013.04.21 22:39:15 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.21 22:37:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.21 22:37:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.09 13:28:09 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.05.09 10:46:52 | 008,565,480 | ---- | C] () -- C:\Users\Admin\Desktop\David Guetta feat Sia - Titanium (AURORABRIVIDO acoustic cover) on iTunes.mp3
[2013.05.09 10:46:08 | 007,921,764 | ---- | C] () -- C:\Users\Admin\Desktop\Assassins Creed III - Lindsey Stirling.mp3
[2013.05.09 10:43:57 | 010,925,227 | ---- | C] () -- C:\Users\Admin\Desktop\Mission Impossible - Lindsey Stirling and the Piano Guys.mp3
[2013.05.09 10:38:01 | 009,593,483 | ---- | C] () -- C:\Users\Admin\Desktop\Adele - Rolling in the Deep (Piano Cello Cover) - ThePianoGuys.mp3
[2013.05.05 21:14:25 | 000,025,297 | ---- | C] () -- C:\Users\Admin\Desktop\Pad Config-655-1-1.7z
[2013.05.03 13:24:49 | 000,000,220 | ---- | C] () -- C:\Users\Admin\Desktop\BioShock Infinite.url
[2013.05.02 15:23:13 | 000,001,685 | ---- | C] () -- C:\Users\Admin\Desktop\SKSE - Skyrim.lnk
[2013.05.01 21:01:56 | 000,001,850 | ---- | C] () -- C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk
[2013.05.01 21:01:56 | 000,000,958 | ---- | C] () -- C:\Users\Admin\Desktop\IrfanView.lnk
[2013.04.30 03:21:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 03:21:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.28 23:51:29 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.04.28 23:26:31 | 000,326,483 | ---- | C] () -- C:\Users\Admin\Desktop\ENB Customizer v2_1 FIXED-17400-2-1.rar
[2013.04.23 22:50:37 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\BioShock.lnk
[2013.04.22 01:49:08 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 starten.lnk
[2013.04.03 23:00:22 | 000,001,533 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2012.10.17 22:04:53 | 000,052,224 | ---- | C] () -- C:\Users\Admin\GestureMouseSession.etl
[2012.08.27 13:56:35 | 000,027,520 | ---- | C] () -- C:\Users\Admin\AppData\Local\dt.dat
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.05.19 12:21:51 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.28 01:27:06 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.28 01:27:06 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.28 01:02:36 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.25 18:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.25 17:55:23 | 000,001,436 | ---- | C] () -- C:\Windows\CfgESSp.ini
[2012.04.25 17:55:23 | 000,000,932 | ---- | C] () -- C:\Windows\CfgESHp.ini
[2012.04.25 17:55:23 | 000,000,932 | ---- | C] () -- C:\Windows\CfgESDO.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESRMi.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESRLI.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESFMi.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESDI.ini
[2012.04.25 17:55:21 | 000,148,992 | R--- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2012.04.25 17:55:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.25 17:55:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.25 17:42:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.05.09 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012.09.23 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012.07.13 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2013.04.28 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2013.04.29 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock2
[2012.04.25 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2013.01.24 01:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.04.28 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.10.30 22:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Digidesign
[2013.05.05 15:55:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ebcue
[2012.06.10 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2013.01.28 00:29:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2013.05.01 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.05.19 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2012.04.28 00:51:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2013.03.09 04:26:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.05.19 12:45:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PACE Anti-Piracy
[2012.04.28 01:27:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PunkBuster
[2013.04.24 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012.04.28 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2012.11.15 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.04.18 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Unity
[2013.05.05 05:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ymovy
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013.04.22 02:18:18 | 007,549,238 | ---- | M] ()(C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive? [TV SPOT][DL-LINK].mp3) -- C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive [TV SPOT][DL-LINK].mp3
[2013.04.22 02:18:18 | 007,549,238 | ---- | C] ()(C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive? [TV SPOT][DL-LINK].mp3) -- C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive [TV SPOT][DL-LINK].mp3
========== Alternate Data Streams ==========
@Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:O92CpxikvwFJQxuA2nQ7gyXeUhf
@Alternate Data Stream - 1220 bytes -> C:\ProgramData\Microsoft:3cYdpHtSI1cmrrLOYTgCPIpx
@Alternate Data Stream - 1166 bytes -> C:\Users\Admin\AppData\Local\Temp:JWPBVahnC7QlILimG3Y2p
< End of report >
--- --- ---
Extras.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 09.05.2013 13:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop\Troja
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,08% Memory free
23,54 Gb Paging File | 21,46 Gb Available in Paging File | 91,17% Paging File free
Paging file location(s): c:\pagefile.sys 16000 16000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,47 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 596,35 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D5776-E860-4300-90A6-B35D5CCB1687}" = lport=139 | protocol=6 | dir=in | app=system |
"{09D41D7E-ACB1-4BB5-B8B5-E53E3E90F169}" = rport=138 | protocol=17 | dir=out | app=system |
"{0DA42BB4-4871-4574-A999-3BA240D961FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11BA9E48-BA42-4F24-B035-ED28705E68E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FDE8D4D-C784-4C18-AA10-AF91C144E24E}" = lport=137 | protocol=17 | dir=in | app=system |
"{23D55D66-02BE-4285-B2CF-30AF0306BB8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A979596-0926-44B1-8AF7-E35E530F5025}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{54F3C335-E97B-4765-AE8E-AA56170A3CEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{67C1E9E3-AEB7-4F81-8005-863741BAFF2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E3512AC-B1AF-4848-A028-DEE6243EA254}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A1CB602-C607-48CC-8374-79E725BD41F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{7CD8D511-D69C-4983-B8BD-2725224A8AFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DECD808-3E0C-4268-BDE0-C4E3B20722A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{A38F3CF6-EE2B-4863-907C-B4B7DA27C786}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3F99C79-12E0-4E8A-B69A-0EC0995E45DB}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4C45072-C786-4C03-8F5E-89F95046A740}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4D6ECAF-A0E8-46B3-8684-197E825A2593}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6E5BAEC-8832-404F-82DE-14B0F5D461D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B482BD36-E6E2-428E-B8A3-69E381A8CF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAC2BB43-DD7C-4922-A981-B3A50E3938B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BDEDBFB9-BE18-48C4-8FFC-A7A477DC1448}" = rport=139 | protocol=6 | dir=out | app=system |
"{C05AE496-B891-410D-A678-E8F132D5C26F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C6D4C0B1-E556-420D-8C4A-A2F575CFBD31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CDD88EC0-C9C1-428D-9AE0-949E190FA8FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA0590E4-78BA-42F5-9684-A2675113903F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8BF5878-B35D-4396-AB55-B3D65A9EFDF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EFECD3-F92A-4B71-A73F-E5CA2B6CDF5F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{033489E9-A433-475F-A4F9-931EDA2B5A9F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{056C261C-92A1-4F7B-BAE4-1FFA9B8E0CF7}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{06056C18-69B2-43AE-B4E4-615C2197A93D}" = protocol=17 | dir=in | app=d:\ubisoft\ac3mp.exe |
"{0A4876D8-16DF-46FF-9AC7-93683D23F635}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{0B82F6A3-2EF2-4162-B612-6019F21BFB64}" = protocol=17 | dir=in | app=d:\ubisoft\ac3sp.exe |
"{0BD0495B-9A14-4F77-8BED-BF9B73CF902A}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{0C1D9B23-EA0B-461E-A364-C803085259D8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{0D2E4838-9CEB-4E71-AF84-F661C12DC24C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{0D6CE2D1-D97C-435A-AFED-D62100E6CD07}" = protocol=6 | dir=out | app=system |
"{1256AE09-5A2A-43B8-A940-7E915E0952C5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe |
"{15C8092F-3471-4C82-8CB0-0266899B3695}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\anno5.exe |
"{17A548C0-9FF4-4870-A1CA-5AA99992C93F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{1801E0A6-4313-4EF9-99B6-03CA93055977}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{18B0A534-5C3B-4472-B779-5002C96CD252}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{1EAF6211-42B2-4001-A32A-8A70AC9CBF88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1FC87223-B3C0-4141-BB23-886A94417DDD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{20FE7F30-A4FC-4B8E-A359-CC55AD537448}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21728FB5-1ABC-44C8-94D2-54804B231810}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{257E6362-0596-4679-A96C-801D21D94FDA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{267B07DC-5F40-42D2-9C49-8A26BF0E68D5}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{26BC5463-CE75-415C-9152-9859888C939D}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{2883B452-E348-4465-962E-26F39E185E30}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{2B3184D6-1E52-42B3-8081-BA90C1EF7AD4}" = protocol=6 | dir=in | app=d:\ubisoft\ac3mp.exe |
"{2D045744-4126-4046-9354-E91FB60FC084}" = protocol=6 | dir=in | app=d:\program files (x86)\simcity\need for speed(tm) most wanted\nfs13.exe |
"{2DB1D183-45F5-4A17-8645-F42F8E3B0CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2E586663-52AB-4AA8-96F5-A20976B6C215}" = protocol=17 | dir=in | app=d:\ubisoft\assassinscreed3.exe |
"{39BBC0A0-BB7A-404A-9984-0099546609FC}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{3B91F768-0B91-4C5F-A351-D05E3E874A51}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fear.exe |
"{3BD5B557-8104-4C73-911F-153B0CE71753}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3C4F20B6-9684-48B9-9324-F3AA57CEA6F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3DE43C7D-49CB-494F-BE46-5FD2136831D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FE0BAC1-16A8-49C1-8F45-6A85E8A92445}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{41120940-9B7E-4094-ABFE-56240759792E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{43649CF9-6C84-435D-8105-6967162B03D9}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fear.exe |
"{43A98556-E466-4604-A0F7-D5FEEBD0E7CA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{46909076-7450-415D-9138-C3F28A0F7F54}" = protocol=17 | dir=in | app=d:\program files (x86)\simcity\need for speed(tm) most wanted\nfs13.exe |
"{47F0DCD1-F1D0-4087-98E6-2F62BA355E54}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\initengine.exe |
"{4955AE94-7EB0-415B-AB48-67EE46CFF488}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{497B7F0E-3C99-463D-87AC-5E54990C53D3}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{49A19E4F-65A7-4F60-A69D-2670E570A931}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4A1298BD-B710-4C99-9D94-121F8C706AE8}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{4B0AD022-9C70-4BE4-AA42-E6E3E0F9563D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4C694E9D-1BD6-4FA5-8CF0-553361C92FBA}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{4E214E4D-906F-4C90-B08E-C77929AAF505}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4E77B2FF-3DB0-42F9-8A52-DA4384D69A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ED174F9-FB6E-47ED-891C-3C7BDE66BBC7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo.exe |
"{500FE8F6-3FAA-4E60-AE5F-8DA2CB1E952D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50EE7E8F-1C12-4C46-947D-329765A491EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{52A05FEB-1D91-4115-AAC5-7670EFF4DB16}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{56296829-CACD-4583-9317-2E29FCEA035D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{56AD191E-29E4-4304-83C4-A496266172E0}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\initengine.exe |
"{5AC64AFC-2449-4941-98E0-A06B6E3C26F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CC9A926-0A47-4175-A575-339596D7440E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D513D46-FFB8-402F-87C1-3A9A8584C76E}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp\fearxp.exe |
"{5DCADD2E-3E04-4F9F-8DA8-D854EAFCF478}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{5E0D65E7-B679-4D3C-854C-675AC4B44A4E}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp2\fearxp2.exe |
"{5F3E1583-3686-4AE2-88E3-3E2867B3E6C0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{609DF84D-0C36-4691-B132-9A70219314B9}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp2\fearxp2.exe |
"{60D27E16-4B95-42D0-BAA7-B3CC7F3A34FA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{628D7CA3-6CDC-4312-91CA-6055B8CDA0D2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{62D6AA54-0E04-4674-B974-0848E31EBEEC}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{6464E79A-344E-40AB-8BF7-FD7CC5C1DD51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{64F5A6A7-E728-4F86-B900-4A3336A848B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A41357-65F3-49EA-A0FF-7095D3853DC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691BBDB8-2020-4BB6-8469-FF32460A1B12}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\anno5.exe |
"{6BB583D2-E8C9-4F37-B75B-4899DC9C46F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6C2A8EB5-2BD7-413F-9679-08BF5950658F}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\autopatcher.exe |
"{6E880364-E8DF-4C65-9C2A-01BBE2565713}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{70FF295E-7AE3-469A-B737-D323F237E567}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{7255AEF1-AC7B-494D-9C23-746EA736ECE3}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{7465E148-65B5-487C-AB1F-7EDA49D85B1E}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{765A47C5-DC53-4EDE-9F73-C60D3BAC5A81}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{79020837-F1E9-4C2A-8C80-9CB8F76F6F0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7913ADB0-03EC-472E-92F3-0F91F391FE98}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{7B45A464-511E-49B4-8111-1F0295F8E385}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{7B747831-3582-4B38-B3D2-1CBBD8B106A7}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{813EF923-AC5D-4AB7-9F65-130D3F0611A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{845F1CB7-3F45-49D9-8427-73428BB45631}" = protocol=6 | dir=in | app=d:\program files (x86)\simcity\simcity\simcity\simcity.exe |
"{8884FA7F-ADC1-41C6-8093-DC258A8B0679}" = protocol=6 | dir=in | app=d:\ubisoft\ac3sp.exe |
"{8A0E20D6-706A-4ED3-96C6-FF48E74EAF2F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{8F2E5B86-6F9F-47AE-8EB4-056A417F08EF}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{910A04F1-5B06-42D2-92CD-602B32113562}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{9128BB8B-9F28-4F9D-A890-24E41EC54675}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{91590EF2-BAF6-422D-B155-02F259F29CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{945EA94F-FE12-4689-BB51-1A44C9C06906}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{97EF507D-EBA3-445C-B6E3-BF4E64E269BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{98A2AABE-0367-4031-A2B9-AEAD1A40E2A2}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{9C02603A-EE49-4C01-8B3E-F9DEC757188B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E9E8B05-AB83-4BF1-90C5-5153963A353A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F1BDA60-8923-4C0C-8ACB-47BDB1490EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9F887C71-24E9-438C-9A20-CD6DAE20DF54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2131C58-FBC2-4B44-8963-10B27C7AF593}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{A63E16D6-306A-47C6-A21F-63E68BEFD619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7259451-1583-44B1-8531-7B873CEDED2D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{A97E291C-B261-4AB9-861D-3B7F28BF9DF2}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{AAA235EE-7A75-4251-A75B-B0C9648292E6}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{AB8B73FD-3F6C-4099-981C-82A927222926}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{AC84F021-D05E-4928-904D-C60A78897730}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B1D94C39-1DFF-41C9-8917-8DD0B73BBFA2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo.exe |
"{B5D92E4A-5713-4127-8EA6-A1F26D810FEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD29AA03-62DA-4A31-A3F3-ACCD0D84F1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BF23C7B3-5772-466A-B58D-D1D19A006F34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BFB7AEF6-E52E-4C3E-BEE9-652C9CB2A470}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{C093F698-3623-4CE3-A610-6F5BC2DFEB2A}" = protocol=17 | dir=in | app=d:\program files (x86)\simcity\simcity\simcity\simcity.exe |
"{C1A9D2F6-9F6C-477E-BC2C-EC4067F351C8}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{C1B9C2F0-5A73-4738-95A8-202057E9AC73}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp\fearxp.exe |
"{C1C11B9C-9BA2-4AAA-B042-91711174E339}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{C44FCB8A-65E0-4EFF-BD36-4DDF0F5ECDD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C7CDBCE6-9B3B-4F89-B792-5586B3D5B81F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{CB6455BF-1F73-4A80-9B34-C04889F78F98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE994199-3F90-4FA1-AC30-666E7BDEBBBA}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{D2399C61-981B-4706-8AC8-60C5AF027A6D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{D5558EC2-4546-440D-9E6F-2FC69AD8D407}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{D5D85225-F918-4CF1-A9D6-67D8A0376619}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{D84072DE-19BD-41E6-9E0B-9D248BCD4756}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe |
"{DB6E50C6-0349-488D-B26B-15ACFC673180}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{DC11A52D-DC3A-42BA-AC63-2640624EBC4C}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\autopatcher.exe |
"{DC178C2E-7902-48D9-9A0A-84AD11E53443}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF853CB0-89CA-44AC-863F-151A1A9D2BDE}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E0C00B6C-29E7-4AD4-99C5-8A050FD8F351}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{E7EB8130-3439-40D3-8FF1-9CD35988B256}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{EB77CF1B-E26D-4A67-8364-00DD57CF225D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC13ED3F-E92F-4C1F-8136-AF24E6CEFCD5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{ECC75B1C-0AA3-4DEC-B967-6E6ADF1C4037}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EE19C7C1-D667-462B-A80C-0528B01821CE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{EFD601EB-A31B-4010-86C2-7A2F36ED8ABD}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F01352F8-2F65-4B2E-8163-FA0D797DFD05}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{F04295D0-677C-4523-B05E-79ADC2093F50}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{F2C0B8E4-6562-4DA7-B1F7-B82A1269CD41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F62F7E25-C95D-447E-817D-95FB0318C653}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{F980986B-76F0-4031-B2B0-07AAF2D64C17}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{FBBE0681-AC0A-4EB3-9D16-F99944CD9EC9}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{FD486298-AFE4-47F4-9A7A-0876A016EBCD}" = protocol=6 | dir=in | app=d:\ubisoft\assassinscreed3.exe |
"TCP Query User{0A58BFE9-EE2A-49AE-A3BB-E8871B8CDAC7}D:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{4A37A1A1-A8C7-41E5-A9B8-6AA57740ABCF}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{4E2097EB-282B-4B83-9C39-E7E34C7C6386}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{5F1027C5-9FE1-4B9E-8A5D-8A4D83A1A933}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{8ED73766-66D3-4E86-BAF3-450E073769FD}D:\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\winamp\winamp.exe |
"TCP Query User{CF71F760-528E-4F9B-8CC3-907C7ED80A31}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{E46C15C6-B0F8-44FD-97B8-DC242C822011}D:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{3E8E73A4-204D-4234-9185-D0903C7A0D58}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{4A62FB4E-849F-4A77-A576-2A508FBDCA50}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5EE189E6-0875-41D9-A507-227E639DA0A2}D:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{68A245BC-D59C-4D8E-B3CD-B436B65AC9A1}D:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{7C44167D-3CB3-47A6-B5F4-EE550CF0E44B}D:\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\winamp\winamp.exe |
"UDP Query User{DF795A6D-8D39-42D7-9A91-6900D0E8E191}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{F5C923B4-E2AD-49DE-8329-0C2CF43F4B69}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"VIRTU_is1" = VIRTU 1.2.106
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.02
"{9EF2A56C-F12E-4E42-BB26-807EBB6DC271}" = Prodigy X-Fi NRG
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C03D7CF4-E172-421F-8209-667BAF0BEA1C}" = F.E.A.R. Ultimate Shooter Edition
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.116
"Audacity_is1" = Audacity 2.0.2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dxtory2.0_is1" = Dxtory version 2.0.119
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESAudioCS" = Audio-Systemsteuerung
"Host OpenAL" = Host OpenAL
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 203160" = Tomb Raider
"Steam App 205100" = Dishonored
"Steam App 211400" = Deadlight
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 48000" = LIMBO
"Steam App 49520" = Borderlands 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition Version 3.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2013 15:25:15 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09310931 ID des fehlerhaften Prozesses:
0x15fc Startzeit der fehlerhaften Anwendung: 0x01ce49c644bbe86b Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 83243494-b5b9-11e2-acba-bc5ff40d9164
Error - 05.05.2013 15:25:19 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b52f2c ID des fehlerhaften Prozesses:
0x15fc Startzeit der fehlerhaften Anwendung: 0x01ce49c644bbe86b Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe
Berichtskennung:
8577a32c-b5b9-11e2-acba-bc5ff40d9164
Error - 05.05.2013 15:25:42 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x09310931 ID des fehlerhaften Prozesses:
0x28c Startzeit der fehlerhaften Anwendung: 0x01ce49c6549b8e4c Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 92d6883b-b5b9-11e2-acba-bc5ff40d9164
Error - 05.05.2013 15:25:43 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel:
0x51437ce5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b52f2c ID des fehlerhaften Prozesses:
0x28c Startzeit der fehlerhaften Anwendung: 0x01ce49c6549b8e4c Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe
Berichtskennung:
93e934c0-b5b9-11e2-acba-bc5ff40d9164
Error - 06.05.2013 07:16:20 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.05.2013 05:46:14 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.05.2013 08:59:02 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.05.2013 12:30:02 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.05.2013 04:34:23 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.05.2013 06:30:07 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1090 Startzeit:
01ce4c902473a21b Endzeit: 26 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
[ OSession Events ]
Error - 06.06.2012 02:32:44 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.10.2012 11:22:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 25.10.2012 11:22:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.10.2012 14:49:05 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 29.10.2012 12:12:44 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 30.10.2012 11:35:04 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.11.2012 07:56:29 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.11.2012 11:34:39 | Computer Name = Admin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 15.11.2012 12:22:22 | Computer Name = Admin-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 16.11.2012 20:22:28 | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.139.2168.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender
Fehler bei der Installation.
Error - 16.11.2012 20:22:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
– KB2310138 (Definition 1.139.2266.0)
< End of report >
--- --- --- gmer.txt: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-09 14:05:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SS rev.3.3. 55,90GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003208000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000320802f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073321a22 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073321ad0 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073321b08 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073321bba 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073321bda 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073321a22 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073321ad0 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073321b08 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073321bba 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073321bda 2 bytes [32, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75]
.text ... * 2
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000733513c6 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000733513f6 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000733514ad 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000733514db 2 bytes [35, 73]
.text ... * 2
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000073351577 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000733515d7 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000073351794 2 bytes [35, 73]
.text D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000733518c1 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000733513c6 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000733513f6 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000733514ad 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000733514db 2 bytes [35, 73]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000073351577 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000733515d7 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000073351794 2 bytes [35, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000733518c1 2 bytes [35, 73]
---- EOF - GMER 2.1 ----
Ich hoffe, mir kann jemand helfen :) |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
SecurityCheck und: