bekirikus | 24.03.2013 14:29 | OTL.txt
OTL Logfile: Code:
OTL logfile created on: 24.03.2013 14:03:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bekir\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,16% Memory free
7,99 Gb Paging File | 5,99 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 93,49 Gb Free Space | 20,08% Space Free | Partition Type: NTFS
Computer Name: XEBAT-PC | User Name: Bekir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.24 14:00:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bekir\Desktop\OTL.exe
PRC - [2013.03.21 20:18:39 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\B&B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.03.08 19:14:13 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.02.23 16:49:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.01.25 13:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.01.25 13:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.08.17 20:38:38 | 000,209,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe
PRC - [2011.05.24 21:48:24 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.26 09:41:40 | 001,118,208 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe
PRC - [2010.01.21 07:11:40 | 000,045,056 | R--- | M] (Realtek) -- C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.08 19:14:13 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.06 09:57:59 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.03.06 09:55:33 | 000,574,416 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll
MOD - [2013.01.08 17:05:19 | 019,218,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\fa05854883514ef98d7ccaa4f34c7cb4\System.ServiceModel.ni.dll
MOD - [2013.01.08 17:04:59 | 002,979,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5a93c981458b78a8c92a6c65d7d52652\System.IdentityModel.ni.dll
MOD - [2013.01.05 13:51:58 | 001,849,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1d0aa0406a27c833221a7d0dba20ad93\System.Web.Services.ni.dll
MOD - [2013.01.05 13:51:57 | 000,775,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35c\54e678fa5e8bbb5cf9f6edc45fa4f255\System.EnterpriseServices.ni.dll
MOD - [2013.01.05 13:51:57 | 000,245,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35c\54e678fa5e8bbb5cf9f6edc45fa4f255\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.05 13:51:00 | 018,543,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00fc\f274a1cd643b2afe9e07d9b9eb5180de\PresentationFramework.ni.dll
MOD - [2013.01.05 13:50:50 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\27746763fb9fc1f31d4d5217ca5c7170\System.Data.ni.dll
MOD - [2013.01.05 13:50:49 | 012,765,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\327c24848f3b168e4e30dc0e0ba8df16\System.Windows.Forms.ni.dll
MOD - [2013.01.05 13:50:49 | 010,872,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\acf3001ba42b52a48c56f29102e5a6c6\PresentationCore.ni.dll
MOD - [2013.01.05 13:50:48 | 002,935,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12c\66b84be54ee5b8188e68e1d7737fe4fe\System.Runtime.Serialization.ni.dll
MOD - [2013.01.05 13:50:43 | 007,218,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ce8c87657a647bd1d00c51c806ffeefc\System.Xml.ni.dll
MOD - [2013.01.05 13:50:43 | 007,052,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9b19b923434bcc0b7819f6cfe76ae0b5\System.Core.ni.dll
MOD - [2013.01.05 13:50:42 | 001,619,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5595b10e610ed491557d502eba9fadb1\System.Drawing.ni.dll
MOD - [2013.01.05 13:50:41 | 000,766,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626c\7bd41b588f59d6d020adec72f0b224b4\System.ServiceModel.Internals.ni.dll
MOD - [2013.01.05 13:50:41 | 000,146,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051c\76292b6477716961c3be95f2a45c1160\System.Configuration.Install.ni.dll
MOD - [2013.01.05 13:50:41 | 000,124,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fbca595f4176470bbd005afc282d4e52\SMDiagnostics.ni.dll
MOD - [2013.01.05 13:50:40 | 003,887,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0d3018df6cdf50ed06c0d5d1dbaba3aa\WindowsBase.ni.dll
MOD - [2013.01.05 13:50:40 | 000,634,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\a94f5c4de3acd9c1e71819ec79d389e9\System.Transactions.ni.dll
MOD - [2013.01.05 13:50:39 | 001,851,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c1abb9f5be2ebf11eda6ffb535205c6a\System.Xaml.ni.dll
MOD - [2013.01.05 13:50:38 | 000,976,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\64e625cd64b5c7e2078c5927e02f964e\System.Configuration.ni.dll
MOD - [2013.01.05 13:50:37 | 009,421,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\3fd483dadf2feb2ca34fa2cca3e5095c\System.ni.dll
MOD - [2013.01.05 13:50:32 | 016,271,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\8705ac9b123bdadbe406af124465cc62\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.13 14:43:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 19:14:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.02.23 16:49:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.08 17:45:52 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.02.03 22:48:58 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.03.05 13:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.08.05 00:25:50 | 000,091,984 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.01.21 07:11:40 | 000,045,056 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe -- (Realtek11nSU)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.01.31 09:19:36 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013.01.31 09:19:36 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013.01.31 09:19:36 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013.01.31 09:19:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.18 14:06:23 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.09.18 14:06:23 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.09.18 14:06:22 | 000,610,648 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.20 23:06:21 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.06.08 10:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.06 11:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.11.25 05:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.11.11 12:55:56 | 000,099,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P0630Vid.sys -- (P0630VID)
DRV:64bit: - [2005.09.23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.09.25 01:36:32 | 000,006,640 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [1999.09.25 01:36:32 | 000,005,008 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mspclock.sys -- (MSPCLOCK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={E89781BC-1394-11E2-9628-50E549D5F581}
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=07a37781-2e85-4e47-ae8d-7688d9651cfd&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={E89781BC-1394-11E2-9628-50E549D5F581}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=B4F200116B4AAF30
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=B4F200116B4AAF30
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 A8 F7 07 62 10 CE 01 [binary data]
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=B4F200116B4AAF30
IE - HKU\S-1-5-21-1882182305-919884967-52417350-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=B4F200116B4AAF30"
FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: c:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.21 17:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 19:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 13:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.23 13:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 19:14:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.02.09 16:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bekir\AppData\Roaming\mozilla\Extensions
[2013.03.23 14:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bekir\AppData\Roaming\mozilla\Firefox\Profiles\9n8h4k0n.default\extensions
[2013.03.23 13:20:43 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Bekir\AppData\Roaming\mozilla\Firefox\Profiles\9n8h4k0n.default\extensions\ffxtlbr@delta.com
[2013.03.15 18:12:35 | 000,281,240 | ---- | M] () (No name found) -- C:\Users\Bekir\AppData\Roaming\mozilla\firefox\profiles\9n8h4k0n.default\extensions\download_mp3@dilandau.eu.xpi
[2013.03.23 13:20:28 | 000,006,468 | ---- | M] () -- C:\Users\Bekir\AppData\Roaming\mozilla\firefox\profiles\9n8h4k0n.default\searchplugins\BrowserProtect.xml
[2013.03.23 13:20:43 | 000,001,294 | ---- | M] () -- C:\Users\Bekir\AppData\Roaming\mozilla\firefox\profiles\9n8h4k0n.default\searchplugins\delta.xml
[2013.03.08 19:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.23 13:21:16 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.03.08 19:14:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.23 13:20:28 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.02.09 15:09:33 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 95.211.0.120 www.google-analytics.com.
O1 - Hosts: 95.211.0.120 ad-emea.doubleclick.net.
O1 - Hosts: 95.211.0.120 www.statcounter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1882182305-919884967-52417350-1007\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1882182305-919884967-52417350-1007..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1882182305-919884967-52417350-1007..\Run: [Spotify Web Helper] C:\Users\B&B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\B&B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1DEB.lnk = File not found
O4 - Startup: C:\Users\B&B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3188.lnk = File not found
O4 - Startup: C:\Users\B&B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5D5B.lnk = File not found
O4 - Startup: C:\Users\B&B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\60C4.lnk = File not found
O4 - Startup: C:\Users\B&B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\906C.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{330374FF-02BC-4E74-9AC0-4B7CCE155AFA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\261125~1.80\{C16C1~1\BROWSE~1.DLL) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) - c:\program files (x86)\microsoft\desktoplayer.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d42ce4f7-eb12-11e1-9cc5-a4bd9ce8a7b1}\Shell - "" = AutoRun
O33 - MountPoints2\{d42ce4f7-eb12-11e1-9cc5-a4bd9ce8a7b1}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C3E0F57-547A-3AF4-B6DB-2CA5969518D1} - .NET Framework
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C3E0F57-547A-3AF4-B6DB-2CA5969518D1} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Xebat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Nuhoreawv - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Xebat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.03.24 14:00:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bekir\Desktop\OTL.exe
[2013.03.24 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Desktop\Dragonblood
[2013.03.24 11:51:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.24 11:51:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.24 11:51:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.24 11:51:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.03.24 11:46:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.24 11:45:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 13:21:44 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Local Settings
[2013.03.23 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.03.23 13:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.23 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\BabSolution
[2013.03.23 13:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.03.23 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\Babylon
[2013.03.23 10:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.23 10:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.21 00:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 3
[2013.03.21 00:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Modern Warfare 3
[2013.03.18 16:32:38 | 000,000,000 | ---D | C] -- C:\Games
[2013.03.18 14:09:51 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Documents\My Games
[2013.03.18 02:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.03.18 02:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.03.17 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.03.17 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\Awesomium
[2013.03.17 17:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.03.17 17:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.03.17 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.03.16 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Documents\League of Legends
[2013.03.16 18:27:11 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Desktop\LOLPBE
[2013.03.14 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\ElevatedDiagnostics
[2013.03.13 14:43:32 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.13 13:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.11 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Desktop\Yamuna2
[2013.03.10 19:22:44 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\Diagnostics
[2013.03.10 17:36:23 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\fontconfig
[2013.03.10 17:36:16 | 000,000,000 | ---D | C] -- C:\Users\Bekir\.gimp-2.8
[2013.03.10 17:36:15 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\gegl-0.2
[2013.03.10 17:11:42 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Microsoft
[2013.03.09 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Documents\My Cheat Tables
[2013.03.09 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.03.09 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013.03.08 19:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.06 20:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\SkinSoft
[2013.03.06 20:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bekir\Desktop\Hikari-Mt2 Client 2.0 -
[2013.03.06 20:17:55 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\WinRAR
[2013.03.03 15:51:45 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll
[2013.03.03 15:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2013.03.03 15:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN
[2013.02.25 20:53:39 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\Programs
[2013.02.23 14:22:37 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2013.02.23 14:22:00 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.02.23 14:21:20 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\Apps
[2013.02.23 14:21:18 | 000,000,000 | ---D | C] -- C:\Users\Bekir\AppData\Local\Deployment
[2012.08.23 16:46:35 | 000,478,816 | ---- | C] (Aeria Games & Entertainment) -- C:\Program Files\ava_us_downloader.exe
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.24 14:00:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bekir\Desktop\OTL.exe
[2013.03.24 13:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882182305-919884967-52417350-1004UA.job
[2013.03.24 13:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 13:38:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882182305-919884967-52417350-1000UA.job
[2013.03.24 11:12:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 11:12:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 11:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 11:06:57 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 03:38:05 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882182305-919884967-52417350-1000Core.job
[2013.03.23 23:05:35 | 496,940,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.23 17:43:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882182305-919884967-52417350-1004Core.job
[2013.03.20 01:13:29 | 001,102,244 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.20 01:13:29 | 000,769,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.20 01:13:29 | 000,272,900 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.20 01:13:29 | 000,233,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.20 01:13:29 | 000,006,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.18 02:46:32 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2013.03.18 02:46:32 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk
[2013.03.18 02:46:27 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2013.03.16 17:54:36 | 002,219,670 | ---- | M] () -- C:\Users\Bekir\Desktop\Unbenannt.png
[2013.03.13 14:43:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 14:43:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 14:43:32 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.12 20:03:59 | 000,056,571 | ---- | M] () -- C:\Users\Bekir\Documents\auf-ins-konklave.jpg
[2013.03.10 22:15:17 | 000,064,367 | ---- | M] () -- C:\Users\Bekir\Desktop\Die Reihenschaltung.odt
[2013.03.10 18:27:09 | 000,420,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.10 13:13:28 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.10 13:13:28 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.09 17:40:19 | 000,001,081 | ---- | M] () -- C:\Users\Bekir\Desktop\Cheat Engine.lnk
[2013.03.06 19:44:19 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.06 16:05:33 | 000,000,000 | ---- | M] () -- C:\Users\Bekir\Desktop\Neue Bitmap.bmp
[2013.02.23 16:49:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.23 14:22:00 | 000,000,332 | ---- | M] () -- C:\Users\Bekir\Desktop\Ghost Recon Online.appref-ms
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.24 11:51:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.24 11:51:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.24 11:51:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.24 11:51:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.24 11:51:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.18 02:46:32 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2013.03.18 02:46:32 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk
[2013.03.18 02:46:27 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2013.03.16 17:54:35 | 002,219,670 | ---- | C] () -- C:\Users\Bekir\Desktop\Unbenannt.png
[2013.03.12 20:03:54 | 000,056,571 | ---- | C] () -- C:\Users\Bekir\Documents\auf-ins-konklave.jpg
[2013.03.10 22:15:13 | 000,064,367 | ---- | C] () -- C:\Users\Bekir\Desktop\Die Reihenschaltung.odt
[2013.03.09 17:40:19 | 000,001,081 | ---- | C] () -- C:\Users\Bekir\Desktop\Cheat Engine.lnk
[2013.03.06 16:05:33 | 000,000,000 | ---- | C] () -- C:\Users\Bekir\Desktop\Neue Bitmap.bmp
[2013.03.05 21:28:24 | 001,380,616 | ---- | C] () -- C:\Users\Bekir\Desktop\Lev Grossman - Fillory - Die Zauberer.epub
[2013.02.25 20:54:25 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.02.23 14:22:00 | 000,000,332 | ---- | C] () -- C:\Users\Bekir\Desktop\Ghost Recon Online.appref-ms
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.02.02 12:37:24 | 000,003,520 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2013.02.02 12:37:24 | 000,002,040 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012.10.07 11:24:05 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.07 11:23:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.30 14:15:01 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\Dualunis.exe
[2012.08.30 12:20:29 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012.08.20 23:31:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.08.20 23:29:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.20 23:07:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.09.07 20:18:56 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report > --- --- ---
Extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 24.03.2013 14:03:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bekir\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,16% Memory free
7,99 Gb Paging File | 5,99 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 93,49 Gb Free Space | 20,08% Space Free | Partition Type: NTFS
Computer Name: XEBAT-PC | User Name: Bekir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exeirewallpolicy\standardprofile\authorizedapplications\list
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exeirewallpolicy\standardprofile\authorizedapplications\list
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BBDE5E-6B09-36CD-B5C3-E537E3F49051}" = Microsoft .NET Framework 4.5 Extended Developer Preview
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{116C20CC-0843-1FC0-2AE8-BD3535911B36}" = AMD Drag and Drop Transcoding
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2C3E0F57-547A-3AF4-B6DB-2CA5969518D1}" = Microsoft .NET Framework 4.5 Client Profile Developer Preview
"{30CAD3B3-7EF6-4087-2A50-97EF66966776}" = ATI AVIVO64 Codecs
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Creative PD0630" = Creative WebCam Live! Driver (2.00.06.0000)
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4.5 Client Profile Developer Preview
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4.5 Extended Developer Preview
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0EA34126-B183-4934-90F5-5AF97B7ABA9D}_is1" = Call of Duty Modern Warfare 3 Version v1.0
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E47B090-5274-4D73-84C6-744B993DF88A}" = Warframe
"{3E7F5A51-7657-43D6-A9B3-C3A21473834B}_is1" = Far Cry 3
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0427.1
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018305}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018306}" = Fable III
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{8B8E431A-A079-4D81-A353-D64BC01E209D}_is1" = Assassin's Creed III
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = LevelOne WUA-0605 Wireless LAN Driver and Utility
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC}" = HydraVision
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF090D51-8646-4110-9E1B-84C29551B5BC}" = Just Aion Launcher
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"1ClickDownload" = OnlineHDTV
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"bi_uninstaller" = Bundled software uninstaller
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead Space™_is1" = Dead Space™
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Driver Updater" = Carambis Driver Updater
"ESN Sonar-0.70.4" = ESN Sonar
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.22.128
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.22.128
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"IMBoosterARP" = Iminent
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PicaLoader" = PicaLoader 1.7.1
"Picasa 3" = Picasa 3
"PricePeep" = PricePeep
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"RumbleFightereu" = Rumble FighterEU
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
"The Walking Dead Episode 3 (c) TellTale Games_is1" = The Walking Dead Episode 3 (c) TellTale Games version 1
"The Walking Dead Episode 4 (c) Telltale Games_is1" = The Walking Dead Episode 4 (c) Telltale Games version 1
"The Walking Dead Episode 5 (c) Telltales_is1" = The Walking Dead Episode 5 (c) Telltales version 1
"The Walking Dead_is1" = The Walking Dead Episode 2 - Starved for Help
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1882182305-919884967-52417350-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2013 15:45:25 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DesktopLayermgr.exe, Version: 0.3.6000.0,
Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af ID des fehlerhaften
Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0x01ce266ca08c90d5 Pfad der
fehlerhaften Anwendung: C:\Users\Bekir\Microsoft\DesktopLayermgr.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: df48035e-925f-11e2-b494-50e549d5f581
Error - 21.03.2013 15:45:25 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernelSrvmgr.exe, Version:
0.3.6000.0, Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af
ID
des fehlerhaften Prozesses: 0x1660 Startzeit der fehlerhaften Anwendung: 0x01ce266c9fe33165
Pfad
der fehlerhaften Anwendung: C:\Users\Bekir\Desktop\LOLPBE\RADS\system\rads_user_kernelSrvmgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: df5ee6c0-925f-11e2-b494-50e549d5f581
Error - 22.03.2013 10:45:43 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernelSrvmgr.exe, Version:
0.3.6000.0, Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af
ID
des fehlerhaften Prozesses: 0x15c0 Startzeit der fehlerhaften Anwendung: 0x01ce270bec1d7c95
Pfad
der fehlerhaften Anwendung: C:\Users\Bekir\Desktop\LOLPBE\RADS\system\rads_user_kernelSrvmgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 2b9a4a0a-92ff-11e2-9123-50e549d5f581
Error - 22.03.2013 10:45:43 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DesktopLayermgr.exe, Version: 0.3.6000.0,
Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af ID des fehlerhaften
Prozesses: 0x1538 Startzeit der fehlerhaften Anwendung: 0x01ce270bec719141 Pfad der
fehlerhaften Anwendung: C:\Users\Bekir\Microsoft\DesktopLayermgr.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 2b9a22fa-92ff-11e2-9123-50e549d5f581
Error - 22.03.2013 14:20:15 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x968 Startzeit der fehlerhaften Anwendung: 0x01ce2729da7cd998 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 23f3bdf0-931d-11e2-8d82-50e549d5f581
Error - 22.03.2013 15:08:34 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DesktopLayermgr.exe, Version: 0.3.6000.0,
Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af ID des fehlerhaften
Prozesses: 0x14dc Startzeit der fehlerhaften Anwendung: 0x01ce2730a585ea58 Pfad der
fehlerhaften Anwendung: C:\Users\Bekir\Microsoft\DesktopLayermgr.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e427a2f5-9323-11e2-8d82-50e549d5f581
Error - 22.03.2013 15:08:34 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LoLLauncherSrvmgr.exe, Version: 0.3.6000.0,
Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af ID des fehlerhaften
Prozesses: 0xce8 Startzeit der fehlerhaften Anwendung: 0x01ce2730a5e9e424 Pfad der
fehlerhaften Anwendung: C:\Users\Bekir\Desktop\LOLPBE\RADS\projects\lol_launcher\releases\0.0.0.23\deploy\LoLLauncherSrvmgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e427ca05-9323-11e2-8d82-50e549d5f581
Error - 22.03.2013 15:08:34 | Computer Name = Xebat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernelSrvmgr.exe, Version:
0.3.6000.0, Zeitstempel: 0x4d6ff3f5 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c4af
ID
des fehlerhaften Prozesses: 0x17e4 Startzeit der fehlerhaften Anwendung: 0x01ce2730a52451ed
Pfad
der fehlerhaften Anwendung: C:\Users\Bekir\Desktop\LOLPBE\RADS\system\rads_user_kernelSrvmgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e427f115-9323-11e2-8d82-50e549d5f581
Error - 22.03.2013 17:16:40 | Computer Name = Xebat-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d54 Startzeit: 01ce2742816d8833 Endzeit: 0 Anwendungspfad: C:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: c8ab7b0d-9335-11e2-8d82-50e549d5f581
Error - 22.03.2013 17:17:09 | Computer Name = Xebat-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 40c Startzeit: 01ce27428d2bf22b Endzeit: 0 Anwendungspfad: C:\Users\Bekir\Desktop\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
d923200e-9335-11e2-8d82-50e549d5f581
[ System Events ]
Error - 24.03.2013 06:46:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.03.2013 06:46:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 24.03.2013 06:46:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 24.03.2013 06:46:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.03.2013 06:46:28 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "BrowserProtect" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 24.03.2013 06:47:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Anwendungserfahrung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 24.03.2013 06:48:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 24.03.2013 06:48:06 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 24.03.2013 06:49:30 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "BrowserProtect" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 24.03.2013 06:50:00 | Computer Name = Xebat-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "BrowserProtect" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report > --- --- ---
defogger_disable.txt
[Spoiler]defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:15 on 24/03/2013 (Bekir)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-[/Spoiler]
Gmer.txt
GMER Logfile: Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 14:25:59
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-003CA0 rev.15.01H15 465,76GB
Running: 0dbwdonp.exe; Driver: C:\Users\Bekir\AppData\Local\Temp\fgloipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2404] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072cc1a22 2 bytes [CC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2404] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072cc1ad0 2 bytes [CC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2404] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072cc1b08 2 bytes [CC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2404] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072cc1bba 2 bytes [CC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2404] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072cc1bda 2 bytes [CC, 72]
.text C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe[2456] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Users\B&B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2688] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Users\B&B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Users\B&B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe[2784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007767fa38 5 bytes JMP 00000001723b139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007767ffc8 5 bytes JMP 00000001723b1a54
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2944] C:\Windows\syswow64\user32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1984] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe[4792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[5304] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007767fa38 5 bytes JMP 00000001723b139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[5304] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007767ffc8 5 bytes JMP 00000001723b1a54
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Users\Bekir\Desktop\0dbwdonp.exe[2536] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076172a62 5 bytes JMP 0000000172e24620
.text C:\Users\Bekir\Desktop\0dbwdonp.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Users\Bekir\Desktop\0dbwdonp.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\taskhost.exe [1888:1532] 000007fef9892740
Thread C:\Windows\system32\taskhost.exe [1888:2064] 000007fefb341010
Thread C:\Windows\system32\taskhost.exe [1888:2116] 000007fef9541f38
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{330374FF-02BC-4E74-9AC0-4B7CCE155AFA}@LeaseObtainedTime 1364131343
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{330374FF-02BC-4E74-9AC0-4B7CCE155AFA}@T1 -783352306
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{330374FF-02BC-4E74-9AC0-4B7CCE155AFA}@T2 1901002254
---- EOF - GMER 2.1 ---- --- --- --- |