| Merooc94 | 23.07.2013 20:38 |
Bluescreen ohne erkennbaren Grund - Vireninfektion ausschließen
Hallo,
ich habe seit genau 3 Tagen nach einiger Zeit einen Bluescreen. Nun möche ich Vireninfektionen wenn möglich ausschließen, deshalb mal folgende Scanns:
gmer Log:
GMER Logfile:
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-23 21:36:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 M4-CT064 rev.0009 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\awtorpod.sys
OTL Log
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[1632] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075b01465 2 bytes [B0, 75]
.text C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[1632] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075b014bb 2 bytes [B0, 75]
.text ... * 2
.text D:\Program Files (x86)\Skype\Phone\Skype.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b01465 2 bytes [B0, 75]
.text D:\Program Files (x86)\Skype\Phone\Skype.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b014bb 2 bytes [B0, 75]
.text ... * 2
.text D:\Program Files (x86)\Skype\Phone\Skype.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b01465 2 bytes [B0, 75]
.text D:\Program Files (x86)\Skype\Phone\Skype.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b014bb 2 bytes [B0, 75]
.text ... * 2
.text C:\Users\Admin\Desktop\tools\Defogger.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b01465 2 bytes [B0, 75]
.text C:\Users\Admin\Desktop\tools\Defogger.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b014bb 2 bytes [B0, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [768:2624] 000007fef2ce9688
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
--- --- ---
--- --- ---[/CODE] OTL:
OTL Logfile: Code:
OTL logfile created on: 20.07.2013 17:38:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
9,99 Gb Total Physical Memory | 6,77 Gb Available Physical Memory | 67,73% Memory free
10,99 Gb Paging File | 7,63 Gb Available in Paging File | 69,42% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 12,08 Gb Free Space | 20,26% Space Free | Partition Type: NTFS
Drive D: | 781,25 Gb Total Space | 609,55 Gb Free Space | 78,02% Space Free | Partition Type: NTFS
Drive E: | 616,01 Gb Total Space | 595,13 Gb Free Space | 96,61% Space Free | Partition Type: NTFS
Drive R: | 1021,97 Mb Total Space | 1021,95 Mb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.20 17:38:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2013.07.14 20:40:01 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2013.05.20 11:56:08 | 000,440,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Phone\WindowsPhone.exe
PRC - [2013.04.17 14:28:38 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2005.11.14 16:24:00 | 000,121,064 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\Setup.exe
========== Modules (No Company Name) ==========
MOD - [2013.07.20 16:06:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013.07.20 16:06:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.20 16:06:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.20 16:06:29 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.20 16:06:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.20 16:06:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.20 16:06:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.07.20 15:00:49 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\4bb52b02b721bb5f8739eab898723751\PresentationFramework.ni.dll
MOD - [2013.07.20 15:00:40 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aa489a04fe509025c1baeb8a3a8185f4\PresentationCore.ni.dll
MOD - [2013.07.20 15:00:40 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\38a0a29884a7c5bb50d9114ceb6866c5\System.Xml.ni.dll
MOD - [2013.07.20 15:00:36 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed2841e8c3c99feb0d04e4ea5ca0a152\System.Core.ni.dll
MOD - [2013.07.20 15:00:36 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c5f14d8d1109365283a352a54f0a10cf\System.Xaml.ni.dll
MOD - [2013.07.20 15:00:34 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eee141c3bb48eaa1a0379fb82b3c4298\WindowsBase.ni.dll
MOD - [2013.07.20 15:00:34 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\389618567077f42c6247fed59cd7f87a\System.Management.ni.dll
MOD - [2013.07.20 15:00:33 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e4ffebb0f0a92f5e8caaacb697537040\System.Configuration.ni.dll
MOD - [2013.07.20 15:00:32 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c7fff6c73e859736f1f84b20f6b0b0a\System.ni.dll
MOD - [2013.07.20 15:00:32 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7bddc53dc2d50b327afaa798cb47c5b8\PresentationFramework.Aero.ni.dll
MOD - [2013.07.20 15:00:27 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\aa3538b86646ec3401d133b7f9bc8465\mscorlib.ni.dll
MOD - [2013.07.14 20:40:01 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2013.04.21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.04.21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.04.17 14:28:37 | 002,402,200 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.20 03:03:39 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.17 16:47:46 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2013.01.24 20:15:10 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.24 14:30:21 | 000,541,608 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.06.30 20:23:41 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.04.12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.03.01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013.02.22 03:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.20 03:03:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.11.29 12:50:06 | 000,073,552 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012.09.21 21:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012.09.21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.09.17 16:05:26 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.02.02 11:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.04.11 22:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.04.11 22:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.03 16:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 36 B4 5F B1 F6 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bf36c6cd1-da73-491d-b290-8fc9115bfa55%7D:2.2.1
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\BDTBEXT [2013.07.04 11:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.5\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.07.20 14:53:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.5\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013.07.04 11:51:54 | 000,000,000 | ---D | M]
[2013.06.28 19:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.06.28 19:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2013.07.01 14:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\9oid3g3q.default\extensions
[2013.04.16 18:20:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\9oid3g3q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.06.30 00:24:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\9oid3g3q.default\extensions\ich@maltegoetz.de
[2013.03.23 19:37:42 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\extensions\firefox@mega.co.nz.xpi
[2013.05.08 21:20:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.26 17:38:45 | 000,745,166 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi
[2013.03.21 21:17:50 | 000,001,050 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\searchplugins\11-suche.xml
[2013.03.21 21:17:50 | 000,002,418 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\searchplugins\englische-ergebnisse.xml
[2013.03.21 21:17:50 | 000,010,701 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\searchplugins\gmx-suche.xml
[2013.03.21 21:17:50 | 000,002,432 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\searchplugins\lastminute.xml
[2013.03.21 21:17:50 | 000,005,682 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9oid3g3q.default\searchplugins\webde-suche.xml
O1 HOSTS File: ([2013.03.12 15:36:43 | 000,002,213 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET.*
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 20 more lines...
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bdagent] "D:\BITDefender\Bitdefender\Bitdefender\bdagent.exe" File not found
O4:64bit: - HKLM..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bdruninstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.04.17 14:23:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60BAFB0B-1C79-455B-9316-2F103D59F3C8}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8475590-02B5-439B-9AAB-A5C3D2796428}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.20 15:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.07.20 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bitdefender
[2013.07.20 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2013.07.20 15:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013.07.20 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.07.20 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013.07.20 15:02:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2013.07.20 15:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.20 15:00:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.20 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.19 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\WBB Plugins
[2013.07.19 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Board
[2013.07.18 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\gtk-2.0
[2013.07.18 13:57:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.purple
[2013.07.18 13:56:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013.07.18 13:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013.07.18 13:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.07.18 13:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.07.18 13:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.07.18 13:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.07.18 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.07.18 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.07.18 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.07.17 18:34:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neues Textdokument (1)
[2013.07.17 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.07.14 00:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.07.13 13:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2013.07.13 13:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone
[2013.07.12 13:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2013.07.11 16:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bilder
[2013.07.05 13:58:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.07.05 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Program Files
[2013.07.03 18:35:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bitcoin
[2013.06.30 20:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2013.06.30 20:24:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TrueCrypt
[2013.06.30 20:23:41 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.06.30 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.06.30 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.06.28 19:38:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenVPN Technologies
[2013.06.28 19:38:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\OpenVPN Technologies
[2013.06.28 19:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Client
[2013.06.28 19:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2013.03.12 13:25:26 | 001,542,752 | ---- | C] (Lenovo Group Limited ) -- C:\Users\Admin\AppData\Local\cs01383264.exe
========== Files - Modified Within 30 Days ==========
[2013.07.20 17:38:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 17:38:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 17:37:44 | 001,636,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.20 17:37:44 | 000,705,126 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.20 17:37:44 | 000,658,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.20 17:37:44 | 000,151,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.20 17:37:44 | 000,123,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.20 17:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.20 16:22:22 | 000,168,982 | ---- | M] () -- C:\ProgramData\1374329013.bdinstall.bin
[2013.07.20 16:02:26 | 000,057,414 | ---- | M] () -- C:\ProgramData\1374328942.bdinstall.bin
[2013.07.20 16:02:04 | 000,173,843 | ---- | M] () -- C:\ProgramData\1374328896.bdinstall.bin
[2013.07.20 16:01:41 | 000,057,149 | ---- | M] () -- C:\ProgramData\1374328899.bdinstall.bin
[2013.07.20 16:00:32 | 000,169,617 | ---- | M] () -- C:\ProgramData\1374328814.bdinstall.bin
[2013.07.20 15:59:55 | 000,283,948 | ---- | M] () -- C:\ProgramData\1374328733.bdinstall.bin
[2013.07.20 15:58:23 | 005,095,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.20 15:46:43 | 000,131,047 | ---- | M] () -- C:\ProgramData\1374327580.3848.bin
[2013.07.20 15:46:43 | 000,115,503 | ---- | M] () -- C:\ProgramData\1374327580.3660.bin
[2013.07.20 15:46:07 | 000,021,541 | ---- | M] () -- C:\ProgramData\1374327580.1772.bin
[2013.07.20 15:46:05 | 000,115,484 | ---- | M] () -- C:\ProgramData\1374327580.3984.bin
[2013.07.20 15:44:47 | 000,016,869 | ---- | M] () -- C:\ProgramData\1374327580.1608.bin
[2013.07.20 15:44:47 | 000,001,699 | ---- | M] () -- C:\ProgramData\1374327580.844.bin
[2013.07.20 15:41:49 | 000,001,451 | ---- | M] () -- C:\ProgramData\1374327580.1636.bin
[2013.07.20 15:41:43 | 000,001,090 | ---- | M] () -- C:\ProgramData\1374327580.3576.bin
[2013.07.20 15:41:39 | 000,001,089 | ---- | M] () -- C:\ProgramData\1374327580.944.bin
[2013.07.20 15:40:51 | 000,008,922 | ---- | M] () -- C:\ProgramData\1374327580.2532.bin
[2013.07.20 15:40:17 | 000,015,990 | ---- | M] () -- C:\ProgramData\1374327580.4016.bin
[2013.07.20 15:40:09 | 000,002,969 | ---- | M] () -- C:\ProgramData\1374327580.2640.bin
[2013.07.20 15:00:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.20 12:04:52 | 000,574,468 | ---- | M] () -- C:\Users\Admin\Documents\IMG_20072013_120223.png
[2013.07.20 12:02:28 | 000,782,500 | ---- | M] () -- C:\Users\Admin\Documents\IMG_20072013_120038.png
[2013.07.20 02:04:36 | 000,002,036 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2013.07.19 23:55:22 | 000,106,101 | ---- | M] () -- C:\Users\Admin\Documents\Schnappschuss von mir 15.png
[2013.07.19 21:04:53 | 000,584,335 | ---- | M] () -- C:\Users\Admin\Documents\air-style.tgz
[2013.07.18 17:08:32 | 000,000,218 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel
[2013.07.18 13:46:37 | 000,001,445 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.07.17 18:38:43 | 000,010,752 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.14 16:20:43 | 027,686,480 | ---- | M] () -- C:\Users\Admin\ts3_recording_13_07_14_16_18_17.wav
[2013.07.12 17:42:44 | 074,106,320 | ---- | M] () -- C:\Users\Admin\ts3_recording_13_07_12_17_36_16.wav
[2013.07.11 16:25:28 | 001,936,122 | ---- | M] () -- C:\Users\Admin\Desktop\hi.png
[2013.07.11 16:25:25 | 000,000,132 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.07.10 20:13:46 | 192,999,621 | ---- | M] () -- C:\Users\Admin\Documents\Bilder.zip
[2013.07.03 19:11:36 | 000,055,291 | ---- | M] () -- C:\Users\Admin\Documents\Unbenannt.png
[2013.07.02 22:20:50 | 000,004,142 | ---- | M] () -- C:\Users\Admin\Documents\Xertonia.ovpn
[2013.07.01 22:21:49 | 001,835,008 | ---- | M] () -- C:\Users\Admin\Documents\TrueCrypt Rescue Disk.iso
[2013.06.30 20:23:41 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.06.30 20:23:41 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.06.30 13:03:11 | 000,641,048 | ---- | M] () -- C:\Users\Admin\Documents\Unbenannt1.PNG
[2013.06.29 21:14:30 | 001,362,472 | ---- | M] () -- C:\Users\Admin\Documents\adsdasfs.rar
[2013.06.28 19:38:12 | 000,001,376 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN Client.lnk
[2013.06.24 18:16:51 | 000,465,195 | ---- | M] () -- C:\Users\Admin\Documents\pack.rar
[2013.06.23 21:54:24 | 000,849,986 | ---- | M] () -- C:\Users\Admin\Documents\disconnected.bmp
[2013.06.22 15:52:22 | 000,293,591 | ---- | M] () -- C:\Users\Admin\Documents\magnet.png
========== Files Created - No Company Name ==========
[2013.07.20 16:22:22 | 000,168,982 | ---- | C] () -- C:\ProgramData\1374329013.bdinstall.bin
[2013.07.20 16:02:26 | 000,057,414 | ---- | C] () -- C:\ProgramData\1374328942.bdinstall.bin
[2013.07.20 16:02:04 | 000,173,843 | ---- | C] () -- C:\ProgramData\1374328896.bdinstall.bin
[2013.07.20 16:01:41 | 000,057,149 | ---- | C] () -- C:\ProgramData\1374328899.bdinstall.bin
[2013.07.20 16:00:32 | 000,169,617 | ---- | C] () -- C:\ProgramData\1374328814.bdinstall.bin
[2013.07.20 15:59:55 | 000,283,948 | ---- | C] () -- C:\ProgramData\1374328733.bdinstall.bin
[2013.07.20 15:44:44 | 000,001,699 | ---- | C] () -- C:\ProgramData\1374327580.844.bin
[2013.07.20 15:41:40 | 000,001,451 | ---- | C] () -- C:\ProgramData\1374327580.1636.bin
[2013.07.20 15:40:17 | 000,115,484 | ---- | C] () -- C:\ProgramData\1374327580.3984.bin
[2013.07.20 15:40:17 | 000,016,869 | ---- | C] () -- C:\ProgramData\1374327580.1608.bin
[2013.07.20 15:40:17 | 000,015,990 | ---- | C] () -- C:\ProgramData\1374327580.4016.bin
[2013.07.20 15:40:17 | 000,008,922 | ---- | C] () -- C:\ProgramData\1374327580.2532.bin
[2013.07.20 15:40:17 | 000,001,090 | ---- | C] () -- C:\ProgramData\1374327580.3576.bin
[2013.07.20 15:40:17 | 000,001,089 | ---- | C] () -- C:\ProgramData\1374327580.944.bin
[2013.07.20 15:39:49 | 000,002,969 | ---- | C] () -- C:\ProgramData\1374327580.2640.bin
[2013.07.20 15:39:42 | 000,131,047 | ---- | C] () -- C:\ProgramData\1374327580.3848.bin
[2013.07.20 15:39:41 | 000,021,541 | ---- | C] () -- C:\ProgramData\1374327580.1772.bin
[2013.07.20 15:39:40 | 000,115,503 | ---- | C] () -- C:\ProgramData\1374327580.3660.bin
[2013.07.20 15:00:27 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.20 12:04:46 | 000,574,468 | ---- | C] () -- C:\Users\Admin\Documents\IMG_20072013_120223.png
[2013.07.20 12:02:10 | 000,782,500 | ---- | C] () -- C:\Users\Admin\Documents\IMG_20072013_120038.png
[2013.07.19 23:55:19 | 000,106,101 | ---- | C] () -- C:\Users\Admin\Documents\Schnappschuss von mir 15.png
[2013.07.19 21:02:56 | 000,584,335 | ---- | C] () -- C:\Users\Admin\Documents\air-style.tgz
[2013.07.18 17:08:32 | 000,000,218 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2013.07.18 13:56:37 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2013.07.18 13:46:37 | 000,001,445 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.07.17 18:35:33 | 000,010,752 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.17 12:14:48 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013.07.14 16:18:18 | 027,686,480 | ---- | C] () -- C:\Users\Admin\ts3_recording_13_07_14_16_18_17.wav
[2013.07.14 00:42:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.07.12 17:36:18 | 074,106,320 | ---- | C] () -- C:\Users\Admin\ts3_recording_13_07_12_17_36_16.wav
[2013.07.12 13:54:27 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.07.11 16:25:24 | 001,936,122 | ---- | C] () -- C:\Users\Admin\Desktop\hi.png
[2013.07.10 19:45:53 | 192,999,621 | ---- | C] () -- C:\Users\Admin\Documents\Bilder.zip
[2013.07.02 22:20:49 | 000,004,142 | ---- | C] () -- C:\Users\Admin\Documents\Xertonia.ovpn
[2013.07.01 22:21:49 | 001,835,008 | ---- | C] () -- C:\Users\Admin\Documents\TrueCrypt Rescue Disk.iso
[2013.06.30 20:23:41 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.06.30 13:03:06 | 000,641,048 | ---- | C] () -- C:\Users\Admin\Documents\Unbenannt1.PNG
[2013.06.29 21:14:17 | 001,362,472 | ---- | C] () -- C:\Users\Admin\Documents\adsdasfs.rar
[2013.06.28 19:38:12 | 000,001,376 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN Client.lnk
[2013.06.24 18:45:18 | 005,195,636 | ---- | C] () -- C:\Users\Admin\Documents\sodii.rar
[2013.06.24 18:16:45 | 000,465,195 | ---- | C] () -- C:\Users\Admin\Documents\pack.rar
[2013.06.23 21:54:23 | 000,849,986 | ---- | C] () -- C:\Users\Admin\Documents\disconnected.bmp
[2013.06.22 15:52:16 | 000,293,591 | ---- | C] () -- C:\Users\Admin\Documents\magnet.png
[2013.06.21 15:37:04 | 000,055,291 | ---- | C] () -- C:\Users\Admin\Documents\Unbenannt.png
[2013.05.26 14:33:31 | 000,000,005 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Skype API Tool.ini
[2013.05.25 17:45:38 | 003,507,920 | ---- | C] () -- C:\Users\Admin\ts3_recording_13_05_25_17_45_37.wav
[2013.05.17 16:36:02 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.05.17 16:36:02 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.05.17 16:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.17 16:14:53 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.05.17 16:14:53 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.05.17 16:14:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013.04.23 20:47:07 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.04.22 18:42:52 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.22 18:42:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.22 18:42:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.03.10 21:30:24 | 000,067,863 | ---- | C] () -- C:\Windows\SysWow64\x264vfw-uninstall.exe
[2013.03.10 15:11:17 | 000,639,488 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2013.03.02 01:37:37 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.28 16:25:42 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
[2013.02.17 15:55:15 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2013.02.16 14:15:04 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.02.02 23:17:09 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2013.01.21 21:13:45 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.01.20 06:04:17 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013.01.20 06:04:16 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.20 06:04:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.20 03:27:40 | 001,654,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.12 22:39:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013.02.16 21:19:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.Nitrous
[2013.07.20 02:16:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.purple
[2013.07.05 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2013.07.03 18:41:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitcoin
[2013.07.20 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitdefender
[2013.04.28 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.28 19:28:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.03.21 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2013.01.20 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.07.19 21:32:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.04.28 19:16:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER
[2013.06.11 22:43:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ-Profile
[2013.06.11 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQM
[2013.01.21 16:40:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.06.03 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2013.05.17 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAXON
[2013.02.07 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\netz
[2013.05.05 14:58:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2013.06.28 19:38:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenVPN Technologies
[2013.01.21 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PDAppFlex
[2013.05.17 20:45:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers
[2013.05.20 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\puush
[2013.07.20 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2013.01.24 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-zsync
[2013.05.26 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2013.05.20 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SplitMediaLabs
[2013.03.28 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2013.07.01 22:26:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TrueCrypt
[2013.01.25 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wireshark
[2013.05.26 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XMedia Recode
========== Purity Check ==========
< End of report >
--- --- ---
[/CODE] Extras:OTL Logfile: Code:
OTL Extras logfile created on: 20.07.2013 17:38:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
9,99 Gb Total Physical Memory | 6,77 Gb Available Physical Memory | 67,73% Memory free
10,99 Gb Paging File | 7,63 Gb Available in Paging File | 69,42% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 12,08 Gb Free Space | 20,26% Space Free | Partition Type: NTFS
Drive D: | 781,25 Gb Total Space | 609,55 Gb Free Space | 78,02% Space Free | Partition Type: NTFS
Drive E: | 616,01 Gb Total Space | 595,13 Gb Free Space | 96,61% Space Free | Partition Type: NTFS
Drive R: | 1021,97 Mb Total Space | 1021,95 Mb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Photoshop CS6 Extended\PS CS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "E:\Treiber\MPC-HC.1.6.5.6366.x64\MPC-HC.1.6.5.6366.x64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "E:\Treiber\MPC-HC.1.6.5.6366.x64\MPC-HC.1.6.5.6366.x64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Photoshop CS6 Extended\PS CS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "E:\Treiber\MPC-HC.1.6.5.6366.x64\MPC-HC.1.6.5.6366.x64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "E:\Treiber\MPC-HC.1.6.5.6366.x64\MPC-HC.1.6.5.6366.x64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BFCC678-B851-4911-8D19-838BC0C3F3B2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CEB7F8-0A40-45A6-BB8A-050C73159A3C}" = dir=in | app=d:\users\admin\documents\the war z\warz.exe |
"{05463F9E-6F7F-4420-89BB-B6AF49B6032D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BEEDC34-17F9-4077-80AC-1E85A4CA23BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{165D3B4D-6406-44A2-890A-06B2F26062DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{18B3FB9D-AB9F-4A69-952C-483D01390AF6}" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\nmservice.exe |
"{19A299F3-1991-41AD-AA44-9DBBB2B4F9FE}" = protocol=6 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{1ABC2D16-8F86-48FC-958F-185FE0E6E8F5}" = protocol=17 | dir=in | app=d:\program files (x86)\premiumsoft\navicat premium\navicat.exe |
"{20291E71-B9CB-41F1-AB1B-41AC0A389CB5}" = protocol=17 | dir=in | app=e:\metin2\sanii v2\client\clientstarter.exe |
"{213AD472-7939-4CDA-9659-9047790C1EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{32E1C016-D173-4694-BED4-C94D5EC03132}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\icqm\icq.exe |
"{378FFAA6-CB22-45CF-B24B-654715C91D29}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3B5DB8AD-2C2F-4DA0-8A73-C834491E7873}" = protocol=6 | dir=in | app=d:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{3F20C220-4AF3-4475-9D38-4E99DB8E2826}" = protocol=17 | dir=in | app=d:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{42BB6E87-D31D-42DA-BBE5-05314CD3D5DA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{46CE6459-1F6C-41BD-A587-87307B31212A}" = protocol=6 | dir=in | app=e:\metin2\clients\ephelion2\ephelion2.exe |
"{47B30923-5340-4213-9BB8-32CB803F0272}" = protocol=6 | dir=in | app=d:\program files (x86)\starctaft ii\starcraft ii\starcraft ii public test.exe |
"{4C36C975-9288-43C0-89D0-47B07B121648}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\icqm\icq.exe |
"{50DC1E6D-6015-4E49-A5C9-011C49159E25}" = dir=in | app=e:\itunes\itunes.exe |
"{53501722-AA70-44C9-A381-1C561B377C76}" = protocol=17 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{5644CE3A-230B-4533-A6C0-9134D8F94E54}" = dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"{57A1DA27-5CC9-43DB-8741-56023292E69E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{5A92FCBA-6A98-466E-9736-B6C45CD1D672}" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\nmservice.exe |
"{63FC6CCD-CE7D-414F-A439-793A52C7375A}" = protocol=6 | dir=in | app=e:\metin2\clients\invoice-world2 client\metin2client.exe |
"{79E5B22C-1B74-4132-AD9C-0A1E23B337E0}" = protocol=17 | dir=in | app=c:\users\admin\desktop\mymetin\clientstarter.exe |
"{81CF026E-58DD-4E41-B9A6-1FAC6CB00EB2}" = protocol=6 | dir=in | app=d:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{82269EC7-ECBF-4CDC-AB56-9B30A5477723}" = protocol=17 | dir=in | app=e:\metin2\clients\invoice-world2 client\metin2client.exe |
"{89CE3550-109F-4997-AA85-509AC353ED05}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{8CA5A646-9D2E-444A-A412-1F2CA60CE80F}" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\nmservice.exe |
"{A016CBDF-4DB7-4707-B5D9-3C9DDF94F76F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0A7CB43-55BD-4F31-B48E-31A1EE318EF3}" = protocol=17 | dir=in | app=d:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A5E9CE63-10B4-4232-8062-E9E3F1936E3C}" = protocol=6 | dir=in | app=e:\metin2\sanii v2\client\clientstarter.exe |
"{AE0414B9-9565-4F02-9792-32316338AD58}" = protocol=17 | dir=in | app=d:\program files (x86)\starctaft ii\starcraft ii\starcraft ii.exe |
"{B94B19E1-9CD8-4889-B726-B9CA02D8B336}" = protocol=17 | dir=in | app=e:\metin2\clients\ephelion2\ephelion2.exe |
"{BA3F0D78-14AA-4618-A7ED-13B4F851150D}" = protocol=6 | dir=in | app=c:\users\admin\desktop\metin2\portmap\portmap.exe |
"{BF4229AC-8FCF-4B02-9A8E-965D0ABA1018}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{C113297F-55CA-4B54-8974-6AE1BB83500B}" = protocol=6 | dir=in | app=d:\program files (x86)\starctaft ii\starcraft ii\starcraft ii.exe |
"{C4011773-9C74-4138-9F86-A089E00475D0}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{CB407DD6-048A-48EC-9602-04521F5C22C1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{CDB8B6AE-F72E-4214-9C7F-1193FF84BDD8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D09A58E3-3AAE-408E-AA48-EA6EC48F5366}" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\nmservice.exe |
"{D0D141B7-CE32-4A5D-8AAE-0607DD694519}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\sodii_like\counter-strike source\hl2.exe |
"{D470B6CF-BA94-4148-A2F9-E692184B0BEF}" = protocol=6 | dir=in | app=c:\users\admin\desktop\mymetin\clientstarter.exe |
"{D7B4FFC7-9520-4B4D-A241-6C17F61D7192}" = protocol=17 | dir=in | app=c:\users\admin\desktop\metin2\portmap\portmap.exe |
"{D8F11339-C369-40B7-A5A1-B5B51C6C2803}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DB4D9186-6D8A-4D05-9F11-255FC937D477}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{DF3A23D6-1A12-43C2-8AB4-FA601C032A8E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E149499D-C8AA-4AD7-B1EF-3594BD436723}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E96615CE-AD91-47C3-85A1-8FB0703CE0DB}" = protocol=17 | dir=in | app=d:\program files (x86)\starctaft ii\starcraft ii\starcraft ii public test.exe |
"{FDBD1162-DD22-43D0-B24D-93079AD6686C}" = protocol=6 | dir=in | app=d:\program files (x86)\premiumsoft\navicat premium\navicat.exe |
"{FF9E916A-012F-4CB6-8EBF-B426B57DE402}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\sodii_like\counter-strike source\hl2.exe |
"TCP Query User{1294DB01-E4EC-4C63-8641-3E33EDE3A780}E:\metin2\clients\ephelion2\ephelion2.exe" = protocol=6 | dir=in | app=e:\metin2\clients\ephelion2\ephelion2.exe |
"TCP Query User{18262028-7D15-4B7C-BD86-B3617805A0EE}E:\metin2\clients\nakumi3 client\nakumi3.exe" = protocol=6 | dir=in | app=e:\metin2\clients\nakumi3 client\nakumi3.exe |
"TCP Query User{20A18353-F1E7-42E7-8C1B-5A8515CAEDA8}E:\zephos\zephos\zephos.exe" = protocol=6 | dir=in | app=e:\zephos\zephos\zephos.exe |
"TCP Query User{280748C0-0667-442C-B37D-121877210894}D:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{3E38A290-FCCF-4C8E-A8F8-3404DE9DAB74}C:\users\admin\desktop\ms paint\ms paint\ms paint updater.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\ms paint\ms paint\ms paint updater.exe |
"TCP Query User{3ED3A606-1F75-4842-A111-9921863577E7}D:\program files (x86)\combat arms\ca\combat arms eu\engine.exe" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\engine.exe |
"TCP Query User{43077FC4-A37B-48BF-988E-4D7695842261}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{460FA642-82CF-47D7-9DCF-28168705F6AB}E:\metin2\clients\infernum - client -2013\infernum.exe" = protocol=6 | dir=in | app=e:\metin2\clients\infernum - client -2013\infernum.exe |
"TCP Query User{4D17C74E-94B8-43BB-8E4D-E1472DA3A940}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{6774DBF0-E10B-46EB-B14E-CA447F821733}D:\downloads\zephos\zephos.exe" = protocol=6 | dir=in | app=d:\downloads\zephos\zephos.exe |
"TCP Query User{7E81B9D8-67D0-4098-8CAB-57520740E7C5}E:\metin2\sanii v2\client\clientstarter.exe" = protocol=6 | dir=in | app=e:\metin2\sanii v2\client\clientstarter.exe |
"TCP Query User{80F8685F-B4C1-44C2-B4D2-15926CA7A798}D:\combat arms\combat arms eu\engine.exe" = protocol=6 | dir=in | app=d:\combat arms\combat arms eu\engine.exe |
"TCP Query User{96B4FD43-760C-4175-829B-0166E0C03A63}E:\dokumente\legonia\legonia-client\legonia.exe" = protocol=6 | dir=in | app=e:\dokumente\legonia\legonia-client\legonia.exe |
"TCP Query User{A590A9D9-8610-4C5B-B8D3-A468BA4D19A0}C:\users\admin\desktop\metin2\portmap\portmap.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\metin2\portmap\portmap.exe |
"TCP Query User{A804A08E-E03E-4E50-B7CC-1EAC1603905A}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{AADBC681-C686-4940-B719-E6750301C9DB}C:\users\admin\desktop\mymetin\clientstarter.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\mymetin\clientstarter.exe |
"TCP Query User{C4030AE6-1557-4DAE-BD5B-380E04B235C3}D:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe |
"TCP Query User{D24251A2-EEFA-44D5-8BFD-618B57EEA5CC}E:\metin2\clients\sharvan 2\sharvan 2 64bit.exe" = protocol=6 | dir=in | app=e:\metin2\clients\sharvan 2\sharvan 2 64bit.exe |
"TCP Query User{D8BBF850-AF24-485C-B55A-1F340980CE45}D:\program files (x86)\java\64bit\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\64bit\bin\javaw.exe |
"TCP Query User{E2DF6E6F-1B61-4DE9-A697-6FDC395EE4CB}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{F923A3F1-A8F3-4231-81D4-2C97625931F4}E:\metin2\clients\invoice-world2 client\metin2client.exe" = protocol=6 | dir=in | app=e:\metin2\clients\invoice-world2 client\metin2client.exe |
"TCP Query User{FFE29F5E-4A8A-43AF-8CE9-697BC4981A70}D:\program files (x86)\premiumsoft\navicat premium\navicat.exe" = protocol=6 | dir=in | app=d:\program files (x86)\premiumsoft\navicat premium\navicat.exe |
"UDP Query User{02EAD615-CD0D-45D6-BBCA-A0FB5851FAA2}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1660815E-C52C-4277-A9B6-203A50AB6773}D:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe |
"UDP Query User{1F898738-1E0A-4D83-BDE9-1DFA34E0AC3D}E:\metin2\clients\nakumi3 client\nakumi3.exe" = protocol=17 | dir=in | app=e:\metin2\clients\nakumi3 client\nakumi3.exe |
"UDP Query User{2376399C-2B40-4011-B64A-29CC5BC11F4F}D:\program files (x86)\combat arms\ca\combat arms eu\engine.exe" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms\ca\combat arms eu\engine.exe |
"UDP Query User{281A444E-75CD-4ADB-AE32-901032631311}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{36E4A32A-0A7C-4F77-B16B-C3EC26B2B6A8}E:\metin2\clients\invoice-world2 client\metin2client.exe" = protocol=17 | dir=in | app=e:\metin2\clients\invoice-world2 client\metin2client.exe |
"UDP Query User{3E963272-0BDB-4954-8748-9AE94B7361E6}E:\dokumente\legonia\legonia-client\legonia.exe" = protocol=17 | dir=in | app=e:\dokumente\legonia\legonia-client\legonia.exe |
"UDP Query User{421FF8E5-DCF8-4B74-8A6F-C6226B37B1D5}C:\users\admin\desktop\mymetin\clientstarter.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\mymetin\clientstarter.exe |
"UDP Query User{466AE488-9774-4C68-BE9A-4F0A0EE08BD9}E:\metin2\clients\infernum - client -2013\infernum.exe" = protocol=17 | dir=in | app=e:\metin2\clients\infernum - client -2013\infernum.exe |
"UDP Query User{5B5DAC7F-F289-4ECE-B28D-0F43F78B7C71}E:\metin2\clients\sharvan 2\sharvan 2 64bit.exe" = protocol=17 | dir=in | app=e:\metin2\clients\sharvan 2\sharvan 2 64bit.exe |
"UDP Query User{64491142-FE6E-4250-B72A-478FAD49BEB8}D:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{80A5A919-8E06-4BF7-B505-82F1AC46D20D}D:\downloads\zephos\zephos.exe" = protocol=17 | dir=in | app=d:\downloads\zephos\zephos.exe |
"UDP Query User{8161A08F-E2EE-4E5B-A92F-CAF489B2DB79}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{9E414BFE-8F2B-4F60-B3F4-5FD170389420}C:\users\admin\desktop\metin2\portmap\portmap.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\metin2\portmap\portmap.exe |
"UDP Query User{B80658C6-99ED-49A3-B6C7-7AEE149E7815}E:\metin2\clients\ephelion2\ephelion2.exe" = protocol=17 | dir=in | app=e:\metin2\clients\ephelion2\ephelion2.exe |
"UDP Query User{B8AB395B-CD1A-4914-A54F-9ACA915ABD2B}D:\program files (x86)\java\64bit\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\64bit\bin\javaw.exe |
"UDP Query User{C1165FB3-AB4F-4979-944B-7D0A155A5F22}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{DD97BA1A-A556-4469-A3FB-FD35B33427B5}E:\metin2\sanii v2\client\clientstarter.exe" = protocol=17 | dir=in | app=e:\metin2\sanii v2\client\clientstarter.exe |
"UDP Query User{DEC3763E-9614-4E9B-BD9A-9178D3E65C7F}D:\combat arms\combat arms eu\engine.exe" = protocol=17 | dir=in | app=d:\combat arms\combat arms eu\engine.exe |
"UDP Query User{E2B94AE8-D306-4F3A-9928-5C615C9497EC}E:\zephos\zephos\zephos.exe" = protocol=17 | dir=in | app=e:\zephos\zephos\zephos.exe |
"UDP Query User{EEF56FE2-15D9-4F11-AAD1-42A00BEEA156}D:\program files (x86)\premiumsoft\navicat premium\navicat.exe" = protocol=17 | dir=in | app=d:\program files (x86)\premiumsoft\navicat premium\navicat.exe |
"UDP Query User{F94B54DE-1FD4-4301-BD9F-4DA3D4069BB6}C:\users\admin\desktop\ms paint\ms paint\ms paint updater.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\ms paint\ms paint\ms paint updater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Bitdefender" = Bitdefender Internet Security
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"PROSet" = Intel(R) Network Connections Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{181241DD-2FC2-4CF9-94CE-97F3E37D6F0B}" = Adobe Edge Animate
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{51682D1A-7FFF-44B4-960F-447C0F63E90D}" = RAMDisk
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}" = Windows Phone app for desktop
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 17.0.5 (x86 de)" = Mozilla Firefox 17.0.5 (x86 de)
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"SumatraPDF" = SumatraPDF
"TrueCrypt" = TrueCrypt
"WinPcapInst" = WinPcap 4.1.3
"winscp3_is1" = WinSCP 5.1.4
"Wireshark" = Wireshark 1.10.0 (64-bit)
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.8.1-0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
"ICQ" = ICQ 8.0 (build 6017)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2013 07:09:01 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Ausnahmecode: 0x40000015 Fehleroffset:
0x000178f0 ID des fehlerhaften Prozesses: 0xfc8 Startzeit der fehlerhaften Anwendung:
0x01ce8536ad2d6f6e Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Berichtskennung:
c78d5844-f12c-11e2-842c-00016c6ebaf1
Error - 20.07.2013 07:48:54 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2013 08:51:30 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2013 08:53:46 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: icq.exe, Version: 8.0.6017.0, Zeitstempel:
0x51681572 Name des fehlerhaften Moduls: YLUSBTEL.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4c19cc23 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1008d9a8 ID des fehlerhaften
Prozesses: 0x970 Startzeit der fehlerhaften Anwendung: 0x01ce85479d36cf7b Pfad der
fehlerhaften Anwendung: C:\Users\Admin\AppData\Roaming\ICQM\icq.exe Pfad des fehlerhaften
Moduls: YLUSBTEL.dll Berichtskennung: 69844db4-f13b-11e2-a565-00016c6ebaf1
Error - 20.07.2013 08:53:52 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: icq.exe, Version: 8.0.6017.0, Zeitstempel:
0x51681572 Name des fehlerhaften Moduls: YLUSBTEL.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4c19cc23 Ausnahmecode: 0xc0000005 Fehleroffset: 0x100150e6 ID des fehlerhaften
Prozesses: 0x970 Startzeit der fehlerhaften Anwendung: 0x01ce85479d36cf7b Pfad der
fehlerhaften Anwendung: C:\Users\Admin\AppData\Roaming\ICQM\icq.exe Pfad des fehlerhaften
Moduls: YLUSBTEL.dll Berichtskennung: 6d817ae8-f13b-11e2-a565-00016c6ebaf1
Error - 20.07.2013 08:53:53 | Computer Name = Admin-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "ICQ" konnte nicht heruntergefahren
werden.
Error - 20.07.2013 09:59:56 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2013 10:05:02 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2013 10:29:45 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe,
Version: 11.7.700.224, Zeitstempel: 0x51a67447 Ausnahmecode: 0x40000015 Fehleroffset:
0x000178f0 ID des fehlerhaften Prozesses: 0xbd8 Startzeit der fehlerhaften Anwendung:
0x01ce8552016673b1 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
Berichtskennung:
d25d0acd-f148-11e2-82ad-00016c6ebaf1
Error - 20.07.2013 11:33:42 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.05.2013 10:59:53 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 10:59:53 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 10:59:53 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 10:59:59 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 10:59:59 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 10:59:59 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 11:00:31 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 11:00:31 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 11:00:31 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.05.2013 11:04:28 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
--- --- --- |
FRST 32-Bit | FRST 64-Bit