Lately I got a message from my email provider that the password for my account has been captured by the virus "hermes_v01". I immediately changed the password and nothing bad happened since then. Anyway I would like to make sure that my computers are clean.
There are two possible computers I use which could be infected. I am posting all necessary logs for the first computer now.
Thanks in advance for your help!
Please excuse that the extras.txt log file contains some german language. I couldn't figure out how to switch OTL to english, but I think the german parts are in unimportant entries of the log file.
OTL.txt
OTL logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - A:\Programme\Tools\Sicherheit\OTL.exe (OldTimer Tools)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
PRC - A:\Programme\Vista\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
PRC - A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
PRC - A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Windows\BisonCam\BisonHK.exe (mychat)
PRC - C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
PRC - A:\Programme\Vista\Razer\razerhid.exe ()
PRC - A:\Programme\Vista\Razer\razerofa.exe (Razer Inc.)
PRC - A:\Programme\Vista\Razer\razertra.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - A:\Programme\Vista\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Windows\BisonCam\KBHookDLL.dll ()
MOD - A:\Programme\Vista\Razer\razerhid.exe ()
MOD - A:\Programme\Vista\Razer\razertra.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (SkypeUpdate) -- A:\Programme\Vista\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Nero BackItUp Scheduler 3) -- A:\Programme\Vista\Nero 8\Nero BackItUp\NBService.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (nm3) -- C:\Windows\SysNative\DRIVERS\nm3.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\Drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes,DefaultScope = {6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}: "URL" = http://www.google.de...q={searchTerms}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: A:\Programme\Vista\iPhone\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: A:\Programme\Vista\Canon Pixma\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: A:\Programme\Vista\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: A:\Programme\Vista\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: A:\Programme\Vista\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: A:\Programme\Vista\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: A:\Programme\Vista\Adobe\Reader 10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.04 10:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: A:\Programme\Vista\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 13:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\[email protected]
[2012.08.14 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions
[2010.04.28 13:05:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 19:49:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
O1 HOSTS File: ([2012.04.13 17:00:47 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - A:\Programme\Vista\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] A:\Programme\Vista\Razer\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\Run: [SpybotSD TeaTimer] A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\Programme\Vista\MS Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.stu...ache=1222095909 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1764FA82-2AAD-48AC-AD19-1AAF123D0AEC}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435FDF61-F9B2-460D-BF4F-E9C93379F1C9}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394D44A-938C-4448-84A3-437A7541EA7E}: DhcpNameServer = 217.0.43.81 217.0.43.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\AutoRun\command - "" = I:\mirk\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\explore\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\open\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GlobeTrotter Connect.lnk - C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe - (Option)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - A:\Programme\Vista\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - A:\Programme\Vista\Yahoo Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - A:\Programme\Vista\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - A:\Programme\Vista\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - G:\Games\Vista\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - G:\Games\Vista\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.08.18 13:48:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.08.15 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.15 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 16:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.08.13 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 18:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.11 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\NPE
[2012.08.07 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2012.07.30 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Network Monitor 3
[2012.07.30 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.07.24 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\iPhone
[2012.07.21 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.07.21 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.21 20:39:07 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.07.21 20:39:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.21 20:39:07 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.07.21 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.21 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.21 16:29:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.07.21 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2012.07.21 16:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2012.07.21 16:24:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2012.07.21 16:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid
========== Files - Modified Within 30 Days ==========
[2012.08.18 12:59:22 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.18 12:59:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.18 12:59:07 | 008,405,015 | ---- | M] () -- C:\Windows\TmpFile1
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 12:58:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.16 14:58:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.15 11:26:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:26:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 10:27:53 | 000,227,904 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | M] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.08.06 19:39:41 | 001,588,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 19:39:41 | 000,682,142 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 19:39:41 | 000,641,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 19:39:41 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 19:39:41 | 000,123,016 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 19:39:28 | 000,144,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.24 10:52:35 | 003,140,283 | ---- | M] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
========== Files Created - No Company Name ==========
[2012.08.14 10:27:53 | 000,227,904 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | C] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.07.24 10:52:33 | 003,140,283 | ---- | C] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.06.20 11:25:39 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.20 11:25:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.14 17:25:41 | 000,000,079 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\.ettercap_gtk
[2011.09.20 11:42:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.20 11:42:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.28 13:31:37 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.28 13:29:22 | 001,568,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.04 22:22:11 | 000,002,976 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011.04.04 22:15:53 | 000,000,882 | ---- | C] () -- C:\Users\Daniel\.ufrawrc
[2010.09.16 13:50:33 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.08 17:00:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.06.03 21:06:18 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2010.04.10 20:12:50 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.02.08 16:37:59 | 000,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008.12.18 11:18:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.27 21:09:45 | 000,001,033 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini
[2008.09.15 23:42:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.10 18:48:34 | 000,144,384 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 16:18:35 | 000,001,460 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps64.dat
========== LOP Check ==========
[2008.09.17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Anthropics
[2011.11.03 11:43:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2011.09.06 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bio-Rad
[2011.10.04 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bitcoin
[2012.06.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2009.10.25 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2008.09.10 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
[2012.07.22 16:09:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2009.03.13 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO Labs
[2009.03.13 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO_Labs
[2010.09.26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Flickr
[2010.09.15 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.04.04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012.06.16 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.12.18 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.10.26 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2010.09.12 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2010.09.14 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2012.05.25 04:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2009.06.11 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.03.13 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.06.16 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\poclbm
[2012.04.18 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PTGui
[2011.04.03 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RawTherapeeAlpha
[2012.08.07 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2011.11.05 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RStudio
[2012.07.21 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2011.11.17 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tinn-R
[2010.09.13 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.07.21 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.08.18 12:58:05 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012.08.18 12:55:17 | 000,001,546 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012.08.18 12:56:33 | 000,001,665 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2012.08.18 12:56:11 | 000,000,286 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.08.18 12:57:23 | 000,001,482 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2009.12.13 22:21:49 | 000,000,678 | ---- | M] () -- C:\BnetLog.txt
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.09.10 17:03:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.sys /90 >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\* >
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /HideShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /ShowShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: A:\Programme\Vista\Firefox\firefox.exe [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -preferences [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -safe-mode [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
========== Alternate Data Streams ==========
@Alternate Data Stream - 72 bytes -> C:\Windows:5F0592099A32DCC0
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1376 bytes -> C:\ProgramData\Microsoft:2aFCTYIauh49VL3a6T3hn1x
@Alternate Data Stream - 1339 bytes -> C:\Users\Daniel\AppData\Local\pgz9ZkDlY8W:uJVY4whjdMSVr0HoJctvFpH
@Alternate Data Stream - 1334 bytes -> C:\ProgramData\Microsoft:yZvVHxMnho9TrFuHvzEft1
< End of report >
Extras.txt
OTL Extras logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3E 1C B0 6A A9 51 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661488324-2594523016-1501765560-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A9D8F9-727F-40B5-A1C8-137D549EE2F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FDC75A7-3678-42B5-8C77-7215A3AB3D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2000FCCE-56E9-47B3-9603-0B0A2118132C}" = lport=138 | protocol=17 | dir=in | app=system |
"{25F3B178-0433-4ECD-86AD-D4C071873DC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{27F0BBE8-E77B-4644-ADC1-32439D041379}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F0BEDCE-4BEF-49F3-BFEC-7BF115414BFB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3B2C05E6-F7C2-4DE2-971B-0338BC64589C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3E5F873E-1594-4ABE-BE8E-5A42516FC4F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FF324-190E-4503-8697-BCEC983ACBF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F9A149F-1E12-4443-89F7-00E48737657F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70284FBE-7A2E-4227-934B-7BD84123AFD0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77896EB8-D669-4D03-B975-EFD4306C13C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{98126AF1-83C9-400F-9304-D799B9546A23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B8101E1-00CD-4640-B49B-6CEE6F30E948}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9DD04AD7-FBA1-40C5-9493-4D0B478FCDF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F408C4A-981D-420E-BE0A-6588B47A34B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FF9B398-A7C7-4EDF-802F-93D7301EAB7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FFE290F-9123-4377-9D76-33A92FC0204D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BF7F3FF4-055E-4654-9B43-8136ED845F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{C03CF2ED-101F-43BB-8B62-7426734A3CDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8BF147E-7D53-45FA-A3FE-5B93306E9376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96DD8B1-5AA9-443C-BC5E-6C2329B9C9C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBCF9561-9AB4-4232-B3CF-3E9FD323F479}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDE2FA16-3EFA-4BAF-B7F6-62C09C4B75D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DDC764-E218-40F5-B696-7B133421B7F6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B03262E-6968-44C4-90D1-AACBBBFC45C1}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{1078D3BB-3A27-4923-84E7-A4E8EE0B7F0A}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{11F834EF-62A8-42DB-835D-AF510DA44920}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{1A64B0AC-0FC5-45CF-9EAB-23AA981121B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B92EE72-0EBF-4DD7-8D04-90B36DA4E806}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C790510-A155-4D1C-AFB1-7C97BD74F5B3}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{1FC7DBF4-2E2B-4AE7-828D-309A0C76FC18}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{20E2A033-6409-4925-B1CA-3F504BDEB694}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{26613B22-3198-4406-A8F5-7D8191C97C08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A108E73-0147-4E4F-8C35-DA1F684BFA8B}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{2D6DC1CE-A4EB-49AF-8BBE-00567B0083A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30703650-CAF3-4885-AF29-971BFB83D740}" = protocol=6 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{31966044-CF10-473F-B9EF-C26464BF2415}" = dir=in | app=a:\programme\vista\iphone\itunes\itunes.exe |
"{360D7458-167C-49B6-9EE7-11F1C0047412}" = protocol=17 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{382CB011-1ED4-4424-87F0-A0F8B6D5072D}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{3993FF3D-4A5A-4626-8B31-2AA03B31FE4C}" = dir=in | app=a:\programme\vista\skype\phone\skype.exe |
"{412439BA-C36B-49B9-8EFD-53A35853121E}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{4322B004-2B5F-42B2-A41F-3DD04B8A3A92}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{49EBE3C1-3B14-4E5D-A0AB-D8D2750165C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AFB02F4-9FF5-46CB-9BB3-0D0DB99476D7}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{517B5C67-A172-4E21-B4BC-5A844C3E50DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58B4E94D-8588-4EC9-BE0B-41F48747A24A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5DC5928C-BEE6-4B54-8AA1-54D01EB30961}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6050A661-9EA2-4921-95E2-AD93CB5AD355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6418A616-FA10-442E-8577-B6E1DF2E383B}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{67F04552-42DD-4B41-BB13-A28941A6BD57}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{69A5BF7D-E0B9-4953-A92D-98BE1EE946EB}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6E247E8F-BF3F-4AE6-8208-DB733AB4640C}" = protocol=17 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{730F4B70-CF5B-42AB-8431-B07EFA18FF9C}" = protocol=6 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{758FF5F4-B039-4F9A-B561-13586821B039}" = protocol=1 | dir=out | [email protected],-28544 |
"{75CE771B-4E20-4040-93DF-E9AC6392DFA5}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{79057D84-01F0-468F-ABF8-8C0C996F43DE}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{7BE3683F-5FE0-4021-BC9D-318D46426C07}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{7C3C64C1-92CA-453D-A1A6-AD15199F9A58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CE9F49E-B0DB-440D-ABDA-0968E746FA6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80AC9C10-8CE9-467A-A1DA-DE7B82DDCDE2}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{8152E850-656F-417F-9510-EE65EBF66730}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{831E3C9D-CFDA-48CD-97E5-A7D851D11394}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{8606AE1F-B8B6-4E72-9790-9FB6E182CC7F}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{862618BF-ABD0-4E8C-B1F9-EADCB8093E0F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8861A561-9378-42FE-9264-9E259B211533}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{8FDC12BF-61CA-4245-AB60-A4853F7564AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9332F4AF-F521-421B-82EC-807048E7B15F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98F2597F-F0E3-4FA0-9184-8F38B431C3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A271B458-ECB9-4F8B-A814-F05DE0F2D532}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5CFD30A-F1DE-469C-9B4C-ED7DAB63F609}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{A6231193-6437-4717-93B6-F6B7B3256B30}" = protocol=6 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{B582AA15-4D45-4094-9564-549491F5441A}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{B63E08B3-5E27-4CEE-9C3E-90814CF5D63D}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{C010C20C-12A2-4E7A-92BA-CAC082888B28}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{C7D3BB21-9498-4004-81C5-9A7D5A633809}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7894933-AC31-4802-BACA-9EE617916873}" = protocol=58 | dir=in | [email protected],-28545 |
"{D9C40226-6F66-4E21-8931-7967C3538A5D}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{DD02F313-5F51-4FE6-B334-A88D1B2C8E11}" = protocol=17 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{DD68EF71-0E98-46E6-9FC8-9FBF71CA3ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE494ABD-9551-43BE-827D-A84C155FDFB0}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{DE861B23-9040-474A-9155-F74A1101B252}" = protocol=6 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{DEE02FF0-EFD8-45A0-B487-511CBEE35170}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF765545-F123-4DBE-8030-6932E785CB47}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{E17AC1A2-3543-404B-BA76-44365DC09FFA}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{E2019786-C9C0-4046-BBF8-9311EACCAE2E}" = protocol=17 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{E2380AFE-9529-43CA-AA5E-59556FC31DBA}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"{E2BD1FD7-F76E-4AAC-B648-995E7D0C2A08}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{E5573C7C-AA20-4DB1-B414-F493677648E3}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{F1714522-19F4-48AD-9339-B09DB57E63BB}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8462619-D8FC-474B-AE3B-05AD045EB3FE}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{F89C17D6-A70E-43BA-98DF-9B1B1EFCD9DA}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"TCP Query User{25C2C271-3445-4F90-A33A-5BDFB663676E}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{3B44605F-D5A1-4807-B32E-09BA2D3B00C8}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"TCP Query User{5384558F-5AD5-446F-BCCD-D48F824A4DB3}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{7305552F-FAA1-47D2-B104-BB395863D045}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"TCP Query User{90002CB5-0738-482D-A3D0-97A6DEE2FF32}G:\games\vista\starcraft\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"TCP Query User{9043C97D-5F0E-47E9-A79F-61C335C1F4D6}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{93444569-A651-4408-9579-0BCAF562884B}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"TCP Query User{96FF843E-98DE-40D7-9694-4A59F7129202}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{A183DB00-B3C7-4AEF-BB57-A8F11ACE5828}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{A6602194-57F6-4603-8C93-D7C279E8CA0F}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{BCDB0903-81DB-4142-A63B-8B4583BC775A}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"TCP Query User{CD225332-F4AD-4BE8-8D55-0B56B66279FD}G:\games\vista\starcrafteng\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"TCP Query User{CE958C00-AC71-4DBA-A68F-16065C154EE8}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{EB12B6F9-01AA-45BA-B0B9-7384C0413FB9}G:\games\vista\russencs\hl.exe" = protocol=6 | dir=in | app=g:\games\vista\russencs\hl.exe |
"TCP Query User{F62EEC69-CD9D-43B8-A0A8-3AF6AFED21B5}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{F9923728-1B16-4425-A131-052F0CA786F4}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{02BDEDBE-10DA-43B1-A56A-73FE6CE4DC57}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{0350A96B-3808-4411-80FD-9B960FDA2EB5}G:\games\vista\russencs\hl.exe" = protocol=17 | dir=in | app=g:\games\vista\russencs\hl.exe |
"UDP Query User{128A273B-F7AD-4EE9-AA83-4A4CAEED68D5}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"UDP Query User{2B6CB25F-4430-46E5-A750-D5EF0A1F215B}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{46920A0C-CB60-427F-97D0-052CD64863E1}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{4FD0244E-94CE-4A18-B3F4-5DA5839B087D}G:\games\vista\starcrafteng\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"UDP Query User{5650E9F3-1372-4122-8F9C-32BCEAC4E623}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{565FD11A-A8BB-40BF-B6CB-AAB2D635E0B2}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{5A17150F-2890-4F89-A668-D2FFFD6A6AD3}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"UDP Query User{6031DD7E-2D38-4FF9-9BA3-E5DE561CF643}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{825CE9D1-B22B-4E12-9C69-B589B3E55143}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{A265DB6F-66E5-4E21-90C4-FCCF2FD336C5}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{D23220A6-FEB3-49A3-BD2E-4D137CCD1555}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{E80AAA66-9EBB-4FB2-B384-28AEF9DE6449}G:\games\vista\starcraft\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"UDP Query User{FA20537C-F71A-4C13-A3EB-485537F0F592}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"UDP Query User{FE3B5E0E-FE5F-4433-A750-C5D2FBD062C7}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5C820C43-917F-4A1E-A8CB-F699A73F8AB7}" = AxCrypt 1.7.1878.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60C70D2F-28B7-4654-BBFA-C932BAA4A9E6}" = GlobeTrotter Connect
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA2B617F-EE1D-4201-9E3C-E3ECD5DEAC39}" = Topaz Adjust (64-bit)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4435-7533-6274-7601" = Geneious 5.6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"ProInst" = Intel PROSet Wireless
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}" = EXIFeditor
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}" = Topaz Adjust
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8726B95C-F494-4C7B-8773-7A1943D69C4E}" = Bio-Rad CFX Manager 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97937CFF-85CE-4534-A843-1DB5C15CF581}" = ImagingPam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2E30B9-5D7B-46C4-8C04-B1EFA7BBA23E}" = Lucis Pro
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD4A059-C381-4548-B4F1-564F21A64415}" = Bio-Rad iQ5 2.1 Standard Edition
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}" = ASTERICS 3.3.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exif Tag Remover_is1" = Exif Tag Remover 3.01
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImagingPam" = ImagingPam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManpWIN_is1" = ManpWIN version 3.01i
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MyCamera" = Canon Utilities MyCamera
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photomatix Pro_is1" = Photomatix Pro version 2.5.4
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"PTGui" = PTGui Pro 9.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RStudio" = RStudio
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
"ShiftN_is1" = ShiftN 3.3
"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0
"simple2_is1" = Tone Mapping Plug-In 1.2
"SMAC 2.7" = SMAC 2.7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"Tinn-R_is1" = Tinn-R 2.3.7.1
"Totalcmd" = Total Commander (Remove or Repair)
"UFRaw_is1" = UFRaw 0.17
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.13.1.0b
"waterMark V2" = waterMark V2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.54
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.54
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.2.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Z-defragRAM" = Z-defragRAM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.08.2012 12:38:25 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 16.08.2012 05:17:06 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 16.08.2012 12:15:02 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 17.08.2012 06:50:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 17.08.2012 07:06:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 17.08.2012 13:45:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 17.08.2012 15:06:47 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 18.08.2012 06:07:05 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 18.08.2012 06:58:04 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 18.08.2012 06:59:26 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.08.2012 13:45:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2012 06:59:20 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
aswMBR.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 14:09:22
-----------------------------
14:09:22.647 OS Version: Windows x64 6.0.6002 Service Pack 2
14:09:22.647 Number of processors: 2 586 0x1706
14:09:22.647 ComputerName: DANIEL-PC UserName: Daniel
14:09:23.583 Initialize success
14:09:57.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:57.829 Disk 0 Vendor: WDC_WD10JPVT-16A1YT0 01.01A01 Size: 953869MB BusType: 3
14:09:57.845 Disk 0 MBR read successfully
14:09:57.845 Disk 0 MBR scan
14:09:57.845 Disk 0 Windows VISTA default MBR code
14:09:57.845 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60200 MB offset 2048
14:09:57.876 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 123291648
14:09:57.876 Disk 0 Partition - 00 0F Extended LBA 230043 MB offset 154011648
14:09:57.892 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 648623 MB offset 625139712
14:09:57.923 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 50000 MB offset 154013696
14:09:57.923 Disk 0 Partition - 00 05 Extended 180042 MB offset 256413696
14:09:57.939 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 70000 MB offset 256415744
14:09:57.954 Disk 0 Partition - 00 05 Extended 110041 MB offset 502177792
14:09:57.970 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 110040 MB offset 399777792
14:09:58.032 Disk 0 scanning C:\Windows\system32\drivers
14:10:12.915 Service scanning
14:10:45.285 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:10:57.515 Modules scanning
14:10:57.515 Disk 0 trace - called modules:
14:10:57.515 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80047022c0]<<spuc.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:10:57.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005515790]
14:10:57.531 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052ee940]
14:10:57.531 \Driver\atapi[0xfffffa80052a2e70] -> IRP_MJ_CREATE -> 0xfffffa80047022c0
14:10:57.531 Scan finished successfully
14:11:51.423 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
14:11:51.423 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
mbam-log-2012-08-18 (13-29-57).txt
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.13.04
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [administrator]
18.08.2012 13:29:57
mbam-log-2012-08-18 (13-29-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219934
Time elapsed: 2 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Sign In
Create Account
