| |
| |||||||
Log-Analyse und Auswertung: Moskau - Plötzlich langsame Internetverbindung trotz gutem NetzwerkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2012, 03:28
| #1 |
 |  Moskau - Plötzlich langsame Internetverbindung trotz gutem Netzwerk Hallo liebe Helfer von trojaner-board.de! Ich bin leider ein völliger Laie und benötige bitte Eure HILFE! Ich bin durch Recherche über Google auf Eurer Seite gelandet und diese war die bei weitem Hilfreichste! Also...ich bin zur Zeit in Moskau und habe mit Freunden ein Appartment mit einem tadellos stabilen und gesicherten Drahtlosnetzwerk gemietet. Die ersten zwei Wochen hat es superschnell funktioniert. Dummerweise war ich gestern mit meinem Laptop unterwegs und habe mich irgendwo in der Stadt in einem ungesicherten Netzwerk eingeloggt  , um schnell etwas im Netz zu recherchieren. Als ich abends wieder im Appartment war und meine Mails checken wollte, ging plötzlich nichts mehr oder nur sehr langsam  .Folgendes habe ich gemacht bis ich trojaner-board.de gefunden habe: - Malwarebytes heruntergeladen und einen Scan durchgeführt, 1 infizierte Datei gefunden und gelöscht - Hijackthis heruntergeladen und Logifle erstellt -Danach habe die Schritte in der Anleitung befolgt und die gewünschten Logfiles erstellt, welche ich in diesem Thread gepostet habe. Leider kann ich meinen Laptop auch nicht neu aufsetzten, da die Windows Version zuhause am Schreibtisch liegt...  Ich bitte Euch um Hilfe, denn ohne diese sind die zwei weiteren Wochen hier schwer zu überstehen  !!!Vielen Dank und Grüsse aus Moskau, mkid Spassiba OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2012 03:22:45 - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 51,57% Memory free 7,35 Gb Paging File | 5,35 Gb Available in Paging File | 72,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,17 Gb Total Space | 16,65 Gb Free Space | 14,98% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.08 03:07:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.29 15:20:03 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe PRC - [2012.05.29 15:20:03 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.11.08 18:35:51 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.23 15:18:45 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.11.24 18:23:19 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2010.06.03 14:23:06 | 000,332,024 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.03.26 11:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE PRC - [2010.03.26 11:09:30 | 000,129,712 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FIH32.EXE PRC - [2010.03.26 11:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSM32.EXE PRC - [2010.03.26 11:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE PRC - [2010.03.26 11:09:20 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE PRC - [2010.03.26 11:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.02.23 22:52:04 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.02.23 22:52:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.03.26 11:07:48 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\strres.eng MOD - [2010.03.26 11:07:38 | 000,551,600 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\gres.dll MOD - [2010.03.26 11:07:30 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng MOD - [2010.03.26 11:07:28 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng MOD - [2010.03.26 11:07:18 | 000,441,008 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\about.dll MOD - [2010.03.26 11:07:18 | 000,088,752 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.07 02:08:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.04 03:39:44 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.23 15:18:45 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.03 14:23:06 | 000,332,024 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony) Qualcomm Gobi 2000 Download Service (Sony) SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.03.26 11:09:30 | 000,166,576 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker) SRV - [2010.03.26 11:09:22 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE -- (FSMA) SRV - [2010.03.26 11:08:14 | 000,844,464 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2010.03.26 11:06:54 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.03.05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.23 22:52:04 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.02.23 22:52:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.09 14:14:57 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.17 22:47:57 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.17 22:47:57 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.24 18:23:19 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.07.12 22:14:50 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.06.22 05:19:30 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.06.18 22:12:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.06.18 22:11:36 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.06.18 22:10:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.18 22:10:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.18 22:10:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.18 22:10:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.18 22:09:47 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.03 11:17:50 | 000,442,368 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k) Gobi 2000 USB-NDIS miniport(05C6-9225) DRV:64bit: - [2010.06.03 11:17:50 | 000,230,784 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225) DRV:64bit: - [2010.06.03 11:17:50 | 000,137,800 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcombussny.sys -- (qcombussny) Gobi 2000 USB Composite Device Driver(05C6-9225) DRV:64bit: - [2010.06.03 11:17:48 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfiltersny2k.sys -- (qcfiltersny2k) DRV:64bit: - [2010.05.31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.03.26 11:08:14 | 000,092,240 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW) DRV:64bit: - [2010.03.26 11:08:00 | 000,044,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES) DRV:64bit: - [2010.03.08 22:10:27 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.08.08 13:10:24 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.05.29 15:20:54 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2011.08.17 13:28:13 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts) DRV - [2010.03.26 11:08:54 | 000,058,000 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2010.03.26 11:07:00 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{97C8F1DE-0674-4B6F-BA20-04F06351AFB9}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{A425F077-B8D8-4D08-8896-A8504C932785}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{B5B2FDA9-0841-4E6C-85FA-2B97939DB4D9}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpeg1k3n.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012.06.05 03:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.25 16:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.25 16:40:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: SOE Web Installer (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpeg1k3n.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84F4BCFB-AEA8-44A2-9C23-E3E411522322}: DhcpNameServer = 10.74.83.22 193.254.160.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F18B5AA3-431F-4C7C-A77D-03DFF517ED84}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3971a39a-5266-11e0-aa70-c0cb38d528be}\Shell - "" = AutoRun O33 - MountPoints2\{3971a39a-5266-11e0-aa70-c0cb38d528be}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{3971a3a3-5266-11e0-aa70-c0cb38d528be}\Shell - "" = AutoRun O33 - MountPoints2\{3971a3a3-5266-11e0-aa70-c0cb38d528be}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{46aa9316-5337-11e0-9e2f-002710567124}\Shell - "" = AutoRun O33 - MountPoints2\{46aa9316-5337-11e0-9e2f-002710567124}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{46aa931c-5337-11e0-9e2f-002710567124}\Shell - "" = AutoRun O33 - MountPoints2\{46aa931c-5337-11e0-9e2f-002710567124}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{5639009a-54ae-11e0-9846-0024bed78117}\Shell - "" = AutoRun O33 - MountPoints2\{5639009a-54ae-11e0-9846-0024bed78117}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{563900a1-54ae-11e0-9846-0024bed78117}\Shell - "" = AutoRun O33 - MountPoints2\{563900a1-54ae-11e0-9846-0024bed78117}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{57a5257c-6daf-11e0-a0d0-002710567124}\Shell - "" = AutoRun O33 - MountPoints2\{57a5257c-6daf-11e0-a0d0-002710567124}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{90d04c30-5318-11e0-a964-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{90d04c30-5318-11e0-a964-00a0c6000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{90d04c32-5318-11e0-a964-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{90d04c32-5318-11e0-a964-00a0c6000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{90d04c3c-5318-11e0-a964-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{90d04c3c-5318-11e0-a964-00a0c6000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.08 03:04:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.08 01:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.08 01:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.08 01:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.08 01:27:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.08 01:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.06 23:55:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2012.06.06 23:55:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2012.06.05 05:14:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Dienstaufzeichnung [2012.05.29 15:41:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Equilab [2012.05.29 15:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com [2012.05.29 15:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStrategy.com [2012.05.29 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2012.05.28 02:53:12 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes [2012.05.27 15:15:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker [2012.05.27 15:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker [2012.05.27 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PacificPoker [2012.05.27 15:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker [2012.05.10 01:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.09 14:51:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ANNO 2070 [2012.05.09 14:25:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ubisoft Game Launcher [2012.05.09 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.08 03:18:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.08 03:07:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.08 02:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.08 02:13:57 | 000,010,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 02:13:57 | 000,010,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 02:12:12 | 001,643,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.08 02:12:12 | 000,707,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.08 02:12:12 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.08 02:12:12 | 000,152,616 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.08 02:12:12 | 000,125,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.08 02:09:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.08 02:06:17 | 2961,543,168 | -HS- | M] () -- C:\hiberfil.sys [2012.06.08 01:27:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.07 05:05:03 | 000,008,989 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.06.04 19:17:16 | 000,003,057 | ---- | M] () -- C:\Users\***\Desktop\TableNinja.lnk [2012.05.29 15:41:37 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk [2012.05.27 15:15:30 | 000,002,033 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk [2012.05.27 15:15:30 | 000,002,015 | ---- | M] () -- C:\Users\***\Desktop\888poker.lnk [2012.05.14 11:37:51 | 000,421,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 14:14:57 | 000,055,960 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.08 03:18:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.08 01:27:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.07 00:33:18 | 000,008,989 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.05.29 15:41:37 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk [2012.05.27 15:15:30 | 000,002,033 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk [2012.05.27 15:15:30 | 000,002,015 | ---- | C] () -- C:\Users\***\Desktop\888poker.lnk [2012.05.09 14:14:57 | 000,055,960 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys [2011.02.16 16:33:28 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll [2011.02.16 16:33:28 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll [2011.02.16 16:33:28 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll [2011.02.16 16:33:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe [2011.02.16 16:33:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini [2011.02.10 20:42:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.02.09 19:36:37 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2011.01.25 16:37:29 | 000,241,251 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.01.25 16:37:29 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2011.01.20 14:34:52 | 000,000,045 | ---- | C] () -- C:\Users\***\AppData\Local\machpro.dat [2011.01.19 00:06:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2010.11.24 20:39:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.24 16:30:12 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2010.11.24 16:30:12 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2010.11.24 16:30:11 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.24 16:30:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2010.11.24 16:30:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5250DN.DAT [2010.11.24 16:30:09 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5250DN.INI [2010.11.24 16:12:43 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.11.24 16:12:37 | 001,621,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.07.19 23:12:54 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.07.19 23:12:54 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.07.19 23:12:54 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.07.19 23:12:52 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.07.19 23:12:51 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== LOP Check ========== [2011.01.29 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APOX [2010.12.23 17:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.06.16 01:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.02.23 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2010.11.27 23:35:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data [2012.05.03 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HoldemManager [2011.01.18 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local [2011.02.15 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.05.27 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PacificPoker [2011.01.21 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql [2010.11.24 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2011.02.16 16:33:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softinterface, Inc [2011.05.02 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.07.04 08:39:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 3 [2010.11.24 19:38:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.05.08 23:12:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2010.11.24 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2011.08.21 19:38:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.06.2012 03:22:45 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\mkindermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 51,57% Memory free
7,35 Gb Paging File | 5,35 Gb Available in Paging File | 72,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,17 Gb Total Space | 16,65 Gb Free Space | 14,98% Space Free | Partition Type: NTFS
Computer Name: M-MKINDERMANN | User Name: mkindermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01366131-E05C-4524-A8C3-F5A06D055FEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{060465CE-AD11-4909-B30B-5052F46B7CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{137686E7-0DA0-49A1-8FC5-BAB70C22DEC0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1DFD493B-A4AC-482A-9D5D-C3025DDA8D04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27D9753C-3AFA-43D4-BD2D-6B7B0B211A86}" = rport=138 | protocol=17 | dir=out | app=system |
"{337181A0-87FF-4244-8620-5F9BF5B72122}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36BBAF84-9608-4D42-8529-0D1B8243FC4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D991F3F-153E-40AC-9D85-46F3D548E83B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{407D6CD8-FDB6-484A-A1A4-EE907A86B20F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46ED71DD-EAFC-4A8F-BC20-A51110693BB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50C3CAA3-001B-4E47-8B72-3A923663A35D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D96E8EE-26BE-4798-8D61-A3F029377CE7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{67FC233D-65E9-4ADD-AFC8-F96058316679}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6BC61B58-ACB3-45DC-9131-636EE5EEF113}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73ABAA50-2F52-4D26-9FEF-6F17C3B50E92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A197961-4AF1-46D8-B636-D9B4433CAA58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90D7530A-580C-46A3-915F-2BCF1E27256A}" = rport=137 | protocol=17 | dir=out | app=system |
"{986801D7-3DD0-4331-8982-CBF93973D349}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9CE6C38C-CE3D-4C16-A986-A6AB1B98371F}" = lport=445 | protocol=6 | dir=in | app=system |
"{A74C045C-C478-477E-8F57-2969872F0D48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5B886BF-9BF2-42C9-8FB0-4F294E95D0D7}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B8B0F381-6B30-497C-BF3B-2CD70AC09645}" = lport=137 | protocol=17 | dir=in | app=system |
"{C0C946BD-D830-47E4-A323-8C4F5ACFFB05}" = rport=139 | protocol=6 | dir=out | app=system |
"{C31EA885-B23F-4171-89C5-04FCA8151F89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D24104CC-22CA-4D07-B8AD-2351C5B91CA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{D9DF7B21-5422-4268-9CAB-D5DE1FE86057}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E0C9BA77-349C-48DF-BA4E-07C14AEBCC1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2A5E5D3-2634-41ED-B4F6-F7941C6F3410}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E65AA310-5AE3-479F-BA1B-3572A0738AD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E71EC693-1C0D-47BF-8B91-799BAEF864AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1D077A9-DE58-4229-BF7D-F16CA7A8FE27}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5BD92CC-6D57-459E-84A0-68BB2B13F992}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5ECE58F-8DCD-4D19-9014-7932789ADBD1}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010C2D4B-FA69-44F7-B345-99B3CB189714}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{01B83775-5889-41EE-96A7-576F0A3DFFD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0888305E-5D3E-435B-8494-ACEEA8B50AD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{0B70F9A5-F484-4690-9811-FCCA1848A831}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D27FDC6-088D-45EC-BEB4-7E5A541FC3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{1405AB34-4527-4B44-9176-9B402B2E4497}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{162E82FF-44F2-4BAF-BF46-FD6CC76D38FB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{19BB9BF9-65AD-46FE-AD34-1AC735D0505F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1ABEB5EC-C183-41D5-818E-B4017A85D449}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{216D982B-0D67-42E8-B793-26887365AEB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24404D2F-56C5-4C76-8F1F-736BB767CA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{266E78A0-5718-4F12-8966-C613670F03E8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{285C095A-B954-4FF0-A865-7A2ABC1E04C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{28E2386A-F869-4798-8532-131E36C3E97A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2E276FA2-41F8-4A9A-AB49-47891A4FB003}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{31E6FDA9-A5C1-4B51-B40D-FBD22A9B6391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apox\gameclient\apox.exe |
"{3336A068-4855-41DD-AF99-B9E1F3FC0C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{387ACE2D-5E1F-4EE7-8648-2659BF88A886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BEB9A87-B09B-4AD7-AA6E-EE36D7098224}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3F65B798-4B96-481B-ACBE-C8497FD728C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{43DC22EA-13CC-4630-969F-660C40FC2C04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47CD00E1-6D7E-4DA5-BB04-F64D8E87772E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47FDAB16-31F0-4D3E-9AA3-419D1B554100}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5032C929-28A0-4169-BDE2-DC87220DD4CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5C8B8C68-15C7-4E4C-B2E1-74C16EC9DAD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{5C92D360-14E2-4BD4-85D3-69E64602FD2B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{6145DE7A-71B5-48C5-9F32-505539428D4C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79435095-8D56-4A72-9D89-5F790FBB904C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7E08C62A-1038-4F3E-9786-C6B7615824E5}" = protocol=6 | dir=out | app=system |
"{7F3C9AF3-B826-49BA-876C-0C0F187F0661}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{85DDB656-934D-46A7-8B89-36EE7E6B1447}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{88309669-6E6F-41D6-9652-1CF967409370}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{8E1EB09A-DFD3-49A0-8CA9-5981BB0D2417}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8E328BE1-EE96-4210-B5D1-0829AE87F14C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903E5CC6-167A-4D2E-B4C2-CA6D32C201FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{909BE5FB-BF9F-4EBC-87E9-B4A6648837FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{933CAD49-167B-4994-9E21-0B81CC1342CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{968561BA-FCE3-421B-BE60-F02AC7733A50}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{97DFB846-5351-48DD-A857-86E2CBCC5158}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9C56A1D6-0236-4569-8684-817E22BD17FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DB1DEEC-B9A4-40FD-AD00-EBD02BEC0D67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EDD69DD-2D32-4507-A1FD-6092AA06A1FB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A1F84A03-BD22-4A25-A861-C06725CD4671}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A27CAC8D-50A1-4029-95D1-26B7C813D609}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A7B979BA-0326-4C69-9E63-844666799487}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A9B6A8BF-C9F0-40BF-80C6-7A9A13A8058E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{AF8C984F-8CBC-4139-B49E-606FCF45D3CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B64494EB-1A2D-410C-9671-8C30612D96A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B7414E3C-47C7-4594-9CC3-ADEB85D6C6DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA8F1599-A761-4C06-B49D-4E20D8D025C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB59A88F-9F12-443B-8A55-502C080925EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{BC7581F6-2EB8-403F-9F91-CDD136BB762E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C11791EA-1DF9-4954-BA24-D627720BA80C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C340AE1D-F320-4342-BF49-68B58E6D37BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{C5432929-1298-418B-9F15-89DDC69349D2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{CE74DA41-536F-476C-8EC3-C5509DC38DD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CEBB045D-7C4E-4BAA-810D-9BD7D07294D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{CF0A1BF4-61E7-49B0-999C-088BB1C97331}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D1F9DCC5-32B8-4010-A313-DA4CA0368A62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D43429EC-6451-4647-9B6D-3C0A3C9A681A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5417D82-FF24-4A4A-8484-5A02A64B9DD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DB3FF71F-7839-4C6B-BA03-9525929CE8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DFA1C217-1976-4392-B273-92FD040210B9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{E1278B4C-6580-48C6-B91A-19CA8F200F15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E7B4C8D1-FCEC-4F46-AA5B-B6F2800F61A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{EA75ABE9-1919-4E36-B1B2-DAE52D97E6A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{EAE1CAFA-1526-4248-943F-4419B4FE4CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{EB027E93-9DCA-4F1C-A4C3-05BD68CFD721}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{F3A946E4-185C-4CC6-9887-A5E801964CFB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F4816365-8205-49E4-8305-60739330DF8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FBBBF181-37C1-4378-A2E8-4303BAAAE4BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apox\gameclient\apox.exe |
"{FD6BA1C6-6621-496E-9D5E-86B7F4936BA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"TCP Query User{32EE79BB-116C-4CB0-83C4-EDB123CA72E0}C:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"UDP Query User{864C96C8-48A9-47ED-99CA-C1E17AEFD722}C:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F4E59C0-EE31-47EE-BCC3-1A73C3F023BF}" = Qualcomm Gobi 2000 Package for Sony
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2A549146-8CF5-401E-9540-DD469A281AB2}" = Poker Clock 2.2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C1E5A85-85E3-4929-8C29-D5285A9224FF}" = TableNinja
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4728FCB1-5155-41CD-AF34-1E92DDE6556D}" = TableNinja
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C454033-8240-425E-A170-1C648FCB74FD}" = PokerStrategy.com Equilab
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" =
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{AA21FDFE-D12B-4D6B-BB6E-2E41A41DC2FD}" = Brother HL-5250DN
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Convert XLS_is1" = Convert XLS
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"HoldemManager2" = Holdem Manager 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"Notepad++" = Notepad++
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PokerStars.net" = PokerStars.net
"PostgreSQL 8.4" = PostgreSQL 8.4
"Steam App 80000" = APOX
"Steam App 8930" = Sid Meier's Civilization V
"TeamViewer 6" = TeamViewer 6
"Tournament Shark" = Tournament Shark
"TrueCrypt" = TrueCrypt
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2011 20:20:02 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.06.2011 20:41:29 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.06.2011 21:11:41 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.06.2011 18:04:29 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.06.2011 18:30:35 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.06.2011 13:55:21 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.06.2011 05:21:48 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.06.2011 16:39:14 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HMHud.exe, Version: 1.0.0.1, Zeitstempel:
0x4d0577d8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x61482f3c ID des fehlerhaften Prozesses:
0x1bf4 Startzeit der fehlerhaften Anwendung: 0x01cc247e1b169a0e Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\RVG Software\Holdem Manager\HMHud.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 09d13e3c-907d-11e0-89f1-0024bed78117
Error - 06.06.2011 19:19:02 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.06.2011 20:12:28 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 07.06.2012 20:02:15 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:02:15 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:06:30 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description =
Error - 07.06.2012 20:06:30 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description =
Error - 07.06.2012 20:08:13 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde nicht richtig gestartet.
Error - 07.06.2012 20:08:31 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:08:31 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:08:31 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:08:31 | Computer Name = *** | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.06.2012 20:08:48 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1070
< End of report >
|
| Themen zu Moskau - Plötzlich langsame Internetverbindung trotz gutem Netzwerk |
| bho, bonjour, browser, device driver, drahtlos, e-mail, error, feedback, fehler, firefox, flash player, google, helper, hijack, hijackthis, infizierte datei, install.exe, langsam, microsoft office word, netzwerk, office 2007, officejet, plug-in, realtek, registry, richtlinie, scan, searchscopes, security, sehr langsam, senden, shark, software, svchost.exe, usb, version=1.0, windows |
Baum-Darstellung