| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Games minimieren sich in TaskleisteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2012, 11:13
| #1 |
| |  Games minimieren sich in Taskleiste hallo an alle ich habe das problem das sich viele meiner Games (BF3 crysis, crysis2) bei mir immer nach ein paar min in die taskleiste minimiert und nur durch den task manager geschlossen werden kann. ich habe so absolut ka woran dies liegen kann es laufen keine hintergrundprogramme (nur standart windows tasks) virenprogramm (nod32) schon deaktiviert und auch wenn es deinstalliert ist kein erfolg spiel ist von steam bzw. Origin also auch neueste patches drauf (schon neu installiert) mein system asus p67 extrem6 nvidia 660gtx ti amp edition intel 2550k 16Gb arbeitsspeicher habt ihr ideen was ich noch versuchen kann? Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 28.11.2012 11:06:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KgB\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,04% Memory free 31,96 Gb Paging File | 29,50 Gb Available in Paging File | 92,28% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,47 Gb Total Space | 199,99 Gb Free Space | 89,49% Space Free | Partition Type: NTFS Drive D: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 761,86 Gb Free Space | 81,79% Space Free | Partition Type: NTFS Computer Name: KGB-GAMING | User Name: KgB | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.28 11:05:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KgB\Desktop\OTL.exe PRC - [2012.11.28 10:37:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.11.28 10:17:12 | 000,541,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.11.27 22:29:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.27 20:54:51 | 003,389,080 | ---- | M] (Electronic Arts) -- E:\Games\Origin\Origin.exe PRC - [2012.11.22 14:22:41 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.11.22 12:39:15 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\Games\Steam\Steam.exe PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.18 17:26:30 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.18 05:49:34 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.17 00:11:06 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.07.24 01:33:52 | 000,485,176 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDWebCam.exe PRC - [2012.07.24 01:33:28 | 000,835,896 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe PRC - [2012.07.24 01:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2012.04.26 13:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 10:17:21 | 000,835,072 | ---- | M] () -- E:\Games\Steam\sdl.dll MOD - [2012.11.28 10:17:11 | 020,319,568 | ---- | M] () -- E:\Games\Steam\bin\libcef.dll MOD - [2012.11.28 10:17:08 | 000,965,616 | ---- | M] () -- E:\Games\Steam\bin\chromehtml.dll MOD - [2012.11.28 10:17:07 | 001,099,616 | ---- | M] () -- E:\Games\Steam\bin\avcodec-53.dll MOD - [2012.11.28 10:17:07 | 000,190,816 | ---- | M] () -- E:\Games\Steam\bin\avformat-53.dll MOD - [2012.11.28 10:17:07 | 000,123,232 | ---- | M] () -- E:\Games\Steam\bin\avutil-51.dll MOD - [2012.11.22 14:22:41 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.17 00:10:49 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2012.11.17 00:10:48 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.11.17 00:10:44 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.05.07 17:55:40 | 000,002,560 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.28 10:37:12 | 000,280,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.11.28 10:17:12 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.11.27 22:29:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.22 14:22:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.18 17:26:30 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.18 05:49:34 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.22 12:22:50 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 13:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 13:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.01 04:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 19:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 4B 4B AB A0 C8 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.11.24 18:17:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 12:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.22 12:35:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.11.24 18:17:31 | 000,000,000 | ---D | M] [2012.11.22 12:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KgB\AppData\Roaming\mozilla\Extensions [2012.11.22 12:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKCU..\Run: [Steam] E:\Games\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECBC8026-61D8-4B7A-A11D-6CDDCDE1BBAA}: DhcpNameServer = 212.186.211.21 195.34.133.21 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{3ba2dbc9-3490-11e2-9428-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3ba2dbc9-3490-11e2-9428-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009.07.15 20:39:51 | 000,106,760 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 11:05:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KgB\Desktop\OTL.exe [2012.11.28 00:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver [2012.11.28 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.11.27 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Malwarebytes [2012.11.27 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\PunkBuster [2012.11.27 23:11:10 | 000,000,000 | ---D | C] -- C:\Users\KgB\Documents\Battlefield 3 [2012.11.27 23:10:49 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\ESN [2012.11.27 23:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.11.27 23:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.11.27 22:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.11.27 22:29:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.11.27 20:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.11.27 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Origin [2012.11.27 20:55:02 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Origin [2012.11.27 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.11.27 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.11.27 14:47:02 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Adobe [2012.11.27 14:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.27 14:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.27 14:43:04 | 000,237,568 | ---- | C] (www.CompulsiveCode.com) -- C:\Users\KgB\Desktop\JPEGtoPDF37.exe [2012.11.27 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\KgB\Documents\Zeta Producer 11 [2012.11.27 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zeta Producer 11 [2012.11.27 14:36:03 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Zeta Producer 11 [2012.11.27 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Geckofx [2012.11.27 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Firefly Studios [2012.11.27 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\KgB\Documents\Stronghold Kingdoms [2012.11.26 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.11.26 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.11.25 12:40:51 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.25 12:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.25 12:40:50 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Notepad++ [2012.11.25 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2012.11.24 18:20:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\KgB\Desktop\HijackThis.exe [2012.11.24 18:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2012.11.24 18:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012.11.24 18:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.24 17:17:18 | 000,000,000 | RH-D | C] -- C:\Users\KgB\AppData\Roaming\SecuROM [2012.11.24 17:17:15 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\GameSpy [2012.11.24 17:17:14 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\ApplicationHistory [2012.11.24 17:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy [2012.11.24 17:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy [2012.11.24 17:16:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012.11.22 15:09:31 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\FileZilla [2012.11.22 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.11.22 15:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012.11.22 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Macromedia [2012.11.22 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\KgB\Documents\My Games [2012.11.22 14:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2012.11.22 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.11.22 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.22 13:52:58 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\SKIDROW [2012.11.22 13:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.11.22 13:20:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.11.22 13:16:34 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.11.22 13:16:31 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.11.22 13:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.11.22 13:06:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.11.22 13:06:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.11.22 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\FalNET [2012.11.22 13:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FalNET G19 Display Manager [2012.11.22 13:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FalNET G19 Display Manager [2012.11.22 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Logitech [2012.11.22 12:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.11.22 12:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2012.11.22 12:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.11.22 12:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.11.22 12:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.11.22 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Thunderbird [2012.11.22 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Thunderbird [2012.11.22 12:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.11.22 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\NVIDIA [2012.11.22 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\logs [2012.11.22 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\.techniclauncher [2012.11.22 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Logitech [2012.11.22 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Logishrd [2012.11.22 12:26:40 | 000,059,392 | ---- | C] (Technic) -- C:\Users\KgB\Desktop\TechnicLauncher.exe [2012.11.22 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\TS3Client [2012.11.22 12:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012.11.22 12:22:50 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.11.22 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\DAEMON Tools Pro [2012.11.22 12:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012.11.22 12:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012.11.22 12:19:36 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\WinRAR [2012.11.22 12:19:36 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.22 12:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.22 12:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.11.22 12:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.11.22 12:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.11.22 12:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012.11.22 12:03:25 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.22 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Mozilla [2012.11.22 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Mozilla [2012.11.22 12:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.22 12:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.22 12:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.22 12:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2012.11.22 11:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.22 11:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.22 11:56:17 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.22 11:56:17 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.22 11:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.22 11:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.22 11:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.22 11:55:44 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.11.22 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Macromedia [2012.11.22 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Adobe [2012.11.22 11:54:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.11.22 11:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.11.22 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Intel Corporation [2012.11.22 11:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.11.22 11:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.11.22 11:46:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.11.22 11:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.11.22 11:46:14 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.11.22 11:46:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.11.22 11:46:14 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.11.22 11:46:14 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.11.22 11:46:14 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.11.22 11:46:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.11.22 11:46:14 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.11.22 11:46:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.11.22 11:46:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.11.22 11:46:14 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.11.22 11:46:14 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.11.22 11:46:13 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.11.22 11:46:13 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.11.22 11:46:13 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.11.22 11:46:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.11.22 11:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.11.22 11:45:32 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.22 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell [2012.11.22 11:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell [2012.11.22 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\InstallShield [2012.11.22 11:43:19 | 000,344,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.11.22 11:43:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.22 11:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.22 11:41:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.11.22 11:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.11.22 11:41:08 | 000,000,000 | ---D | C] -- C:\Intel [2012.11.22 11:38:31 | 000,000,000 | R--D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.22 11:38:31 | 000,000,000 | R--D | C] -- C:\Users\KgB\Searches [2012.11.22 11:38:31 | 000,000,000 | R--D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.22 11:38:25 | 000,000,000 | R--D | C] -- C:\Users\KgB\Contacts [2012.11.22 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Identities [2012.11.22 11:38:24 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\VirtualStore [2012.11.22 11:38:22 | 000,000,000 | --SD | C] -- C:\Users\KgB\AppData\Roaming\Microsoft [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Videos [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Saved Games [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Pictures [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Music [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Links [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Favorites [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Downloads [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Documents [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\Desktop [2012.11.22 11:38:22 | 000,000,000 | R--D | C] -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Vorlagen [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\AppData\Local\Verlauf [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\AppData\Local\Temporary Internet Files [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Startmenü [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\SendTo [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Recent [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Netzwerkumgebung [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Lokale Einstellungen [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Documents\Eigene Videos [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Documents\Eigene Musik [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Eigene Dateien [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Documents\Eigene Bilder [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Druckumgebung [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Cookies [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\AppData\Local\Anwendungsdaten [2012.11.22 11:38:22 | 000,000,000 | -HSD | C] -- C:\Users\KgB\Anwendungsdaten [2012.11.22 11:38:22 | 000,000,000 | -H-D | C] -- C:\Users\KgB\AppData [2012.11.22 11:38:22 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Temp [2012.11.22 11:38:22 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Local\Microsoft [2012.11.22 11:38:22 | 000,000,000 | ---D | C] -- C:\Users\KgB\AppData\Roaming\Media Center Programs [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.22 11:38:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.22 11:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.22 11:34:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.22 11:34:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.22 11:34:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.11.22 11:14:16 | 000,000,000 | ---D | C] -- C:\JDownloader ========== Files - Modified Within 30 Days ========== [2012.11.28 11:05:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KgB\Desktop\OTL.exe [2012.11.28 11:04:57 | 000,050,477 | ---- | M] () -- C:\Users\KgB\Desktop\Defogger.exe [2012.11.28 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 10:40:31 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 10:40:31 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 10:39:13 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.28 10:39:13 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.28 10:39:13 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.28 10:39:13 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.28 10:39:13 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 10:37:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.11.28 10:37:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.28 10:33:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 00:04:07 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.11.27 22:29:47 | 000,000,650 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.11.27 22:29:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.27 20:51:27 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.11.27 18:25:01 | 000,006,535 | ---- | M] () -- C:\Users\KgB\Desktop\tekkit customizer.yml [2012.11.27 15:29:47 | 001,737,318 | ---- | M] () -- C:\Users\KgB\Desktop\2012-11-27_15.29.47.png [2012.11.27 14:46:59 | 002,335,695 | ---- | M] () -- C:\Users\KgB\Desktop\urlaubsantrag.PDF [2012.11.27 14:43:04 | 000,237,568 | ---- | M] (www.CompulsiveCode.com) -- C:\Users\KgB\Desktop\JPEGtoPDF37.exe [2012.11.27 14:36:17 | 000,001,249 | ---- | M] () -- C:\Users\KgB\Desktop\Zeta Producer 11.lnk [2012.11.27 10:40:23 | 000,000,600 | ---- | M] () -- C:\Users\KgB\AppData\Local\PUTTY.RND [2012.11.24 18:34:41 | 000,270,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.24 18:20:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\KgB\Desktop\HijackThis.exe [2012.11.24 17:17:14 | 000,000,091 | ---- | M] () -- C:\Users\KgB\AppData\Local\fusioncache.dat [2012.11.24 17:16:45 | 001,553,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.24 17:15:53 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.22 21:12:34 | 000,000,017 | ---- | M] () -- C:\Users\KgB\AppData\Local\resmon.resmoncfg [2012.11.22 12:27:39 | 000,583,306 | ---- | M] () -- C:\Users\KgB\AppData\Roaming\technic-launcher.jar [2012.11.22 12:26:40 | 000,059,392 | ---- | M] (Technic) -- C:\Users\KgB\Desktop\TechnicLauncher.exe [2012.11.22 12:22:50 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.11.22 12:14:50 | 000,000,985 | ---- | M] () -- C:\Users\KgB\Desktop\JDownloader - Verknüpfung.lnk [2012.11.22 12:13:20 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.22 12:13:20 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.22 12:11:35 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.11.22 12:01:43 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.22 11:37:20 | 000,053,911 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.22 11:37:20 | 000,053,911 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.11.22 11:35:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.18 17:26:30 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.18 14:09:47 | 003,603,786 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2012.11.28 11:04:57 | 000,050,477 | ---- | C] () -- C:\Users\KgB\Desktop\Defogger.exe [2012.11.27 23:11:17 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.11.27 22:29:47 | 000,000,650 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.11.27 20:51:27 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.11.27 18:25:00 | 000,006,535 | ---- | C] () -- C:\Users\KgB\Desktop\tekkit customizer.yml [2012.11.27 15:29:47 | 001,737,318 | ---- | C] () -- C:\Users\KgB\Desktop\2012-11-27_15.29.47.png [2012.11.27 14:46:59 | 002,335,695 | ---- | C] () -- C:\Users\KgB\Desktop\urlaubsantrag.PDF [2012.11.27 14:44:23 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.27 14:36:17 | 000,001,257 | ---- | C] () -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zeta Producer 11.lnk [2012.11.27 14:36:17 | 000,001,249 | ---- | C] () -- C:\Users\KgB\Desktop\Zeta Producer 11.lnk [2012.11.25 13:43:36 | 000,000,600 | ---- | C] () -- C:\Users\KgB\AppData\Local\PUTTY.RND [2012.11.24 17:17:14 | 000,000,091 | ---- | C] () -- C:\Users\KgB\AppData\Local\fusioncache.dat [2012.11.24 17:16:44 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.24 17:15:54 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.24 17:15:54 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.11.24 17:15:53 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.24 17:15:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.22 21:12:34 | 000,000,017 | ---- | C] () -- C:\Users\KgB\AppData\Local\resmon.resmoncfg [2012.11.22 13:16:48 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2012.11.22 13:16:44 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.11.22 13:16:29 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.11.22 13:16:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.11.22 13:16:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.11.22 13:16:25 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.11.22 13:16:25 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.11.22 12:35:02 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.11.22 12:27:37 | 000,583,306 | ---- | C] () -- C:\Users\KgB\AppData\Roaming\technic-launcher.jar [2012.11.22 12:23:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.22 12:14:49 | 000,000,985 | ---- | C] () -- C:\Users\KgB\Desktop\JDownloader - Verknüpfung.lnk [2012.11.22 12:13:20 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.22 12:13:20 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.22 12:11:35 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.11.22 12:09:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.22 12:01:43 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.22 12:01:43 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.22 11:56:23 | 003,603,786 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.11.22 11:56:07 | 000,014,446 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.22 11:54:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 11:43:19 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2012.11.22 11:38:32 | 000,001,405 | ---- | C] () -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.22 11:38:31 | 000,001,439 | ---- | C] () -- C:\Users\KgB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.22 11:37:15 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.11.22 11:37:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.11.22 11:35:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.28 00:47:49 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\.techniclauncher [2012.11.22 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\DAEMON Tools Pro [2012.11.27 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\FileZilla [2012.11.27 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\Firefly Studios [2012.11.28 00:47:47 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\logs [2012.11.25 12:40:58 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\Notepad++ [2012.11.27 20:58:00 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\Origin [2012.11.22 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\Thunderbird [2012.11.27 23:41:13 | 000,000,000 | ---D | M] -- C:\Users\KgB\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.11.2012 11:06:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KgB\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,04% Memory free
31,96 Gb Paging File | 29,50 Gb Available in Paging File | 92,28% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 199,99 Gb Free Space | 89,49% Space Free | Partition Type: NTFS
Drive D: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 761,86 Gb Free Space | 81,79% Space Free | Partition Type: NTFS
Computer Name: KGB-GAMING | User Name: KgB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DCDE8F-4083-4BDF-B59D-D18E77895D4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{02877074-7703-4112-93DC-ECE184E2E168}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BA812FC-8DF5-4328-A2BE-CD1028C5A182}" = lport=445 | protocol=6 | dir=in | app=system |
"{0DBBF137-F512-4D37-89AF-C8F7429D2E6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14D2A1EC-B8C7-4D51-B92F-A8AB3C10594C}" = lport=138 | protocol=17 | dir=in | app=system |
"{20FF43DF-B863-4862-B4E7-85889D8501ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{243653C2-2FFE-4ECE-938C-2430F40B22A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{33865C42-C2CF-4A8B-B7CC-F2F8757B34DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5022A41C-3F88-493A-9A6A-B3250F92BE12}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D4CF7F1-4393-400B-860B-5086E73EA0C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E867258-C6D0-47E0-A2C5-EBF98247B2CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{6273BE2A-01D2-429F-9D83-B4DD604F3A84}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7F2D9933-1DBB-4C7D-840E-92B2CDC298D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3F236D1-1781-44A8-8FDB-901004B75158}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6BCBE0C-089B-4AA6-96EC-75206AB9F04B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0D1F95E-40BB-4AAE-AC23-AE2E000D7051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B2804EBA-E158-4DE4-8D3D-EF3474EB2AAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C28CF40F-B312-4A10-8EB4-1556F2CC4201}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7CCFF65-9C81-4872-8FE9-451214CD7FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9023FD9-AC2F-43CB-A472-5F2A93F92731}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E92AB342-5852-4C2B-B9F4-8454FAACD5B2}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DCB16C0-1ACA-4CE2-9946-7AC90317F033}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crysis\bin32\crysis.exe |
"{17D5358B-7404-47BD-A519-46A68920AC45}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crysis\bin32\crysis.exe |
"{18624147-4AAD-445E-9D9B-6E7DAFE49751}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{1F4D6ED6-FF0B-4983-9E49-A77023A9578C}" = protocol=6 | dir=out | app=system |
"{202A89BB-1427-49B4-BFA5-A38E104D8234}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe |
"{2A1DCF72-2BE2-477E-A301-C8B781D28CBC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{2EF8F4E8-7E65-489F-8BA0-74694DBBC3F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2F49919F-4E98-45E9-8817-96C51CA4B23B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{383AFA96-0F5E-4B9B-A981-428862A45E42}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{41ABAD0C-D16B-4A21-897E-B96D5E9B167D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FDDE5E2-6111-4E85-9EED-331910605741}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{54DFBFB7-7EF2-47DA-B43A-FBC6404C683C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55CD9D07-93CB-41E3-B709-B76B38A3CA54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55EB360B-9EE7-434B-A03D-73C78A36FCAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D052AF3-037A-498A-BF17-C1363250B562}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BD04C2A-E63B-4561-9C7E-648AE3861DC9}" = protocol=17 | dir=in | app=e:\games\battlefield 3\bf3.exe |
"{6E85E0C6-9026-4C18-89E9-074942466825}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{737CB1C2-355A-4224-9482-5549C4F4A9AE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{7DBB2336-89A1-44BE-B1A9-28B869F9B645}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\rage\rage.exe |
"{8273A591-273F-4CE0-8DB1-ECB7D1887090}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8287B63F-762E-480F-AD88-74A4671E9D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9615D623-A8EC-47F2-86C9-71016E52AA9A}" = protocol=6 | dir=in | app=e:\games\battlefield 3\bf3.exe |
"{96BC29BB-382E-4B21-A6FF-9C2D6B83333B}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe |
"{98C672F1-E187-47E1-82EA-7E19E7920601}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9966E907-026D-4C59-8DB1-B9FEB04F8E28}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{9A5B7BD7-4DE5-4DBB-97F0-E934EC243EB7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9EC515F4-8267-45DE-8BDF-1117646E2E8A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{9F1F8BA9-94CD-4DDD-AC5E-BA93EB78B6CE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{A2D52225-A028-4F38-B31C-EA5FCD52454F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A97B3692-0F2D-4055-BE1A-D4791C655AB5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{B0B291E9-048C-455F-8617-FF048F94A033}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{B50D206F-2D9A-42FE-9544-D6CB5C2602E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB79185B-52E9-421E-B689-5721077FA9A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C09D8B96-829B-443F-8B59-85BC9755EAAC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\primal_carnage\binaries\win32\primalcarnagegame.exe |
"{C38C69F7-36C6-484C-95AA-256BBCCAA0DF}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{C5E20459-A615-4FD5-943E-283077E9D5AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC88CA6B-6D35-4FDF-B12D-EFAAD677CACC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD4EE58D-DE5F-4990-9A9C-33ACC2E2C137}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{CD6F14C5-9AE1-4CB9-A5FE-A5573994CBBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE9A7AA1-577C-4C86-9D2F-29893FFE6035}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1DDB83E-D584-4673-BC4D-512287FBED1F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3944232-ED92-4534-992B-6A29CE521010}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\primal_carnage\binaries\win32\primalcarnagegame.exe |
"{D568A364-E332-4701-AEA1-094A7BE2DEF4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DDA84933-61EF-4A65-90C0-CB9980BBB1BD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{E3E79963-096D-4337-840F-F69F711A294B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\rage\rage.exe |
"{EBD51D19-4736-4DA1-81B3-00166D59D251}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{F6DB76A7-DCB7-4AF7-AC47-DD5D9BDEB6E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA327B86-C2B3-4A01-B629-BB48032ECC5E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{FAA555F6-75B9-4B55-A6DD-F8F2957F6F16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FE4DF79F-C00C-4302-9A07-25932448939C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FF3161ED-5D1F-47E4-8DB3-5433DAEFFC21}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"TCP Query User{0D506D3C-8B4C-468F-B66B-F223C9CAF8C4}C:\program files\teamspeak 3 client\ts3client_win64.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe |
"TCP Query User{FC0FD9A3-0767-48E2-8BB1-E34E78CBDF06}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{081B46FE-D046-429A-A25F-C603CB521E00}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F60A689A-12F0-4093-80DB-E49F71E46C12}C:\program files\teamspeak 3 client\ts3client_win64.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9641237-252F-467E-88FB-5CAB9E42583E}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Pro" = DAEMON Tools Pro
"ESN Sonar-0.70.4" = ESN Sonar
"FalNET G19 Display Manager_is1" = FalNET G19 Display Manager
"FileZilla Client" = FileZilla Client 3.6.0.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 47410" = Stronghold Kingdoms
"Steam App 9200" = RAGE
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ZetaProducer11" = Zeta Producer 11 11.0.4 (nur entfernen)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.11.2012 09:06:41 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HMA.exe, Version: 1.0.433.1, Zeitstempel:
0x50a66a1c Name des fehlerhaften Moduls: HMA.exe, Version: 1.0.433.1, Zeitstempel:
0x50a66a1c Ausnahmecode: 0x80000003 Fehleroffset: 0x0068c18e ID des fehlerhaften Prozesses:
0x124c Startzeit der fehlerhaften Anwendung: 0x01cdc8b04b05eb11 Pfad der fehlerhaften
Anwendung: E:\Games\Hitman Absolution\HMA.exe Pfad des fehlerhaften Moduls: E:\Games\Hitman
Absolution\HMA.exe Berichtskennung: 746c33ff-34a5-11e2-9176-002522bf10dd
Error - 24.11.2012 14:50:16 | Computer Name = KgB-Gaming | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Games\Steam\SteamApps\common\Crysis\Bin64\Editor.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.11.2012 14:50:32 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis64.exe, Version: 1.1.1.6156,
Zeitstempel: 0x47d6d9cf Name des fehlerhaften Moduls: CrySystem.dll, Version: 1.1.1.6156,
Zeitstempel: 0x47d6e0a0 Ausnahmecode: 0xc000008f Fehleroffset: 0x0000000000085bdc
ID
des fehlerhaften Prozesses: 0x1414 Startzeit der fehlerhaften Anwendung: 0x01cdca74928d97b4
Pfad
der fehlerhaften Anwendung: E:\Games\Steam\SteamApps\common\Crysis\Bin64\Crysis64.exe
Pfad
des fehlerhaften Moduls: E:\Games\Steam\SteamApps\common\Crysis\Bin64\CrySystem.dll
Berichtskennung:
d24684aa-3667-11e2-959b-002522bf10dd
Error - 24.11.2012 14:55:27 | Computer Name = KgB-Gaming | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Games\Steam\SteamApps\common\Crysis\Bin32\Editor.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.11.2012 15:03:18 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crysis.exe, Version: 1.1.1.6156,
Zeitstempel: 0x47d6d167 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
Zeitstempel: 0x50327672 Ausnahmecode: 0x0000087a Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x139c Startzeit der fehlerhaften Anwendung: 0x01cdca75df946869 Pfad der
fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\Crysis\bin32\crysis.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 9b34fb73-3669-11e2-959b-002522bf10dd
Error - 25.11.2012 08:18:32 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 17.0.0.4706,
Zeitstempel: 0x50ab1e3d Name des fehlerhaften Moduls: mozalloc.dll, Version: 17.0.0.4706,
Zeitstempel: 0x50ab07fc Ausnahmecode: 0x80000003 Fehleroffset: 0x00001988 ID des fehlerhaften
Prozesses: 0xba0 Startzeit der fehlerhaften Anwendung: 0x01cdcaf98f1630e3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung:
3a0b1373-36fa-11e2-a4a3-002522bf10dd
Error - 25.11.2012 08:46:24 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crysis.exe, Version: 1.1.1.6156,
Zeitstempel: 0x47d6d167 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.697,
Zeitstempel: 0x506b3163 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006200bc ID des fehlerhaften
Prozesses: 0x1550 Startzeit der fehlerhaften Anwendung: 0x01cdcb0a8bf4a242 Pfad der
fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\Crysis\bin32\crysis.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvwgf2um.dll Berichtskennung: 1ea2473d-36fe-11e2-a4a3-002522bf10dd
Error - 25.11.2012 10:35:55 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crysis.exe, Version: 1.1.1.6156,
Zeitstempel: 0x47d6d167 Name des fehlerhaften Moduls: CryRenderD3D9.dll, Version:
1.1.1.6156, Zeitstempel: 0x47d6d53b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00021c4b
ID
des fehlerhaften Prozesses: 0x1be0 Startzeit der fehlerhaften Anwendung: 0x01cdcb19ab892209
Pfad
der fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\Crysis\bin32\crysis.exe
Pfad
des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\Crysis\bin32\CryRenderD3D9.dll
Berichtskennung:
6adeb4a9-370d-11e2-a4a3-002522bf10dd
Error - 25.11.2012 13:11:30 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c9f1 Ausnahmecode: 0xc000041d Fehleroffset: 0x00000000000196c8
ID
des fehlerhaften Prozesses: 0x700 Startzeit der fehlerhaften Anwendung: 0x01cdcaf8b48d007c
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\USER32.dll Berichtskennung: 27589f0a-3723-11e2-a4a3-002522bf10dd
Error - 27.11.2012 19:48:59 | Computer Name = KgB-Gaming | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_NvUpdt.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc9e0 Name des fehlerhaften Moduls: msvcrt.dll,
Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f Ausnahmecode: 0x40000015 Fehleroffset:
0x000000000002a84e ID des fehlerhaften Prozesses: 0x1350 Startzeit der fehlerhaften
Anwendung: 0x01cdccf9c0b0c0da Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 035084f1-38ed-11e2-83e4-002522bf10dd
[ System Events ]
Error - 26.11.2012 16:49:06 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 26.11.2012 16:51:11 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 27.11.2012 05:20:14 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 27.11.2012 18:42:43 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 27.11.2012 18:47:31 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 27.11.2012 19:50:59 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 28.11.2012 05:17:16 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 28.11.2012 05:17:23 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 28.11.2012 05:17:23 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.11.2012 05:33:59 | Computer Name = KgB-Gaming | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
< End of report >
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:11:57, on 28.11.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: E:\Games\Steam\Steam.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\KgB\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKCU\..\Run: [Steam] "E:\Games\Steam\Steam.exe" -silent O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5743 bytes |
|
| Themen zu Games minimieren sich in Taskleiste |
| antivirus, autorun, bho, entfernen, error, eset nod32, firefox, flash player, format, helper, hijack, install.exe, installation, launch, logfile, mozilla, nvidia update, object, origin, plug-in, problem, realtek, registry, rundll, scan, security, software, svchost.exe, teamspeak, windows, windows xp |
Linear-Darstellung
