| |
| |||||||
Log-Analyse und Auswertung: Zufällige Werbepopups beim SurfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2013, 14:37
| #1 |
| |  Zufällige Werbepopups beim Surfen Hallo, ich bekomme während dem Surfen im Internet immer wieder zufällige Werbepopups. Dabei hab ich keine zeitliche Regelmäßigkeit feststellen können und auch sonst keine Abhängigkeit davon, was ich mach. Die Popups erscheinen jedoch ausschließlich wenn ich tatsächlich surfe. Ist der Browser geschlossen kommen keine Popups und soweit ich feststellen konnte auch nicht, wenn ich z.B. 20 Minuten lang einfach Google geöffnet habe. Mein verwendeter Browser ist Chrome. Versucht das Problem selbst zu beheben hab ich schon mit folgendem: Malewarebites AntiMaleware, Spybot S&D, Avira AntiVir, Super AntiSpyware. Hier die Logfiles, die beim ersten Post mit dabei sein sollen: OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2013 14:07:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\salva\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421)Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,90 Gb Total Physical Memory | 13,89 Gb Available Physical Memory | 87,35% Memory free 31,79 Gb Paging File | 29,68 Gb Available in Paging File | 93,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,03 Gb Total Space | 15,11 Gb Free Space | 14,12% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 15,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive E: | 341,80 Gb Total Space | 165,17 Gb Free Space | 48,32% Space Free | Partition Type: NTFS Drive F: | 1,92 Gb Total Space | 0,76 Gb Free Space | 39,39% Space Free | Partition Type: FAT32 Drive G: | 570,18 Gb Total Space | 330,26 Gb Free Space | 57,92% Space Free | Partition Type: NTFS Computer Name: SALVA-PC | User Name: salva | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 14:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe PRC - [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.12 15:47:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 15:47:01 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 15:47:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.29 16:22:54 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2013.01.23 02:03:02 | 028,792,168 | ---- | M] (Dropbox, Inc.) -- C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.24 01:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.05.20 09:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility) SRV - [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.12 15:47:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 15:47:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.11 00:35:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.20 22:42:38 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.16 12:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.23 19:05:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.10.23 19:05:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.08.29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.27 13:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2010.05.20 09:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.14 14:01:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.11 17:25:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:25:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.26 23:39:30 | 000,123,904 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum) DRV:64bit: - [2012.09.26 23:39:22 | 000,037,504 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.12 10:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.01.13 11:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.10.10 18:37:05 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2011.09.21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.31 02:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012.12.16 12:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 62 A7 04 86 A9 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.unibw.de;*.unibw-muenchen.de;192.168.0.1;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webproxy.unibw.de:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:52:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:04:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.08 13:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\Extensions [2013.01.14 21:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\Firefox\Profiles\glqkxofe.default\extensions [2013.01.14 21:23:26 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\firefox\profiles\glqkxofe.default\extensions\groovesharkUnlocker@overlord1337.xpi ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - Extension: Turn Off the Lights = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\ CHR - Extension: Tabs Join = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\binjiceocgbfooocmheaenmmcominbpe\2.1_1\ CHR - Extension: JoinTabs = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjmimocndihpmdoelbiilpkkfkppikap\1.4.15_0\ CHR - Extension: YouTube = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\ CHR - Extension: Adblock Plus = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Better Battlelog (BBLog) = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.3.0_0\ CHR - Extension: ProxMate - unblock the Internet! = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.7_0\ CHR - Extension: Little Alchemy = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\ CHR - Extension: Print = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj\1.1_0\ CHR - Extension: Ti\u00EBsto = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Better History = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0\ CHR - Extension: Battlefield Play4Free = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\ CHR - Extension: Hover Zoom = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbimoafigmfpaiobngkbobhpmjeeppfh\4.11.1_0\ CHR - Extension: Google Mail = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2013.02.13 22:58:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SDTray] D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] G:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DB74808-801F-46B5-B241-238D950B74EE}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.24 10:32:30 | 000,000,110 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 14:04:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe [2013.02.13 23:13:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.13 22:59:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.13 22:55:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.13 22:55:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.13 22:55:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.13 22:55:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.13 22:55:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.13 22:40:25 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\salva\Desktop\ComboFix.exe [2013.02.13 22:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.13 16:02:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\salva\Desktop\HijackThis.exe [2013.02.13 07:41:44 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Malwarebytes [2013.02.13 07:41:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.13 07:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.13 07:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 16:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.02.04 21:20:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.04 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\salva\Desktop\tp [2013.01.29 16:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.01.28 13:38:35 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.01.27 20:50:02 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Local\HP [2013.01.25 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.01.25 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Dropbox [2013.01.24 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\HandBrake [2013.01.24 16:23:12 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.24 16:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.24 16:15:34 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Broad Intelligence [2013.01.24 13:40:11 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\avidemux [2013.01.22 08:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 14:07:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 14:07:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 14:07:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 14:07:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 14:07:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 14:06:11 | 000,365,568 | ---- | M] () -- C:\Users\salva\Desktop\gmer_2.0.18454.exe [2013.02.14 14:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe [2013.02.14 14:03:30 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:03:30 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:01:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.14 14:01:29 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.14 14:01:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.14 14:01:19 | 000,441,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 14:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 14:01:10 | 4212,432,894 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 14:00:34 | 000,000,020 | ---- | M] () -- C:\Users\salva\defogger_reenable [2013.02.14 14:00:17 | 000,050,477 | ---- | M] () -- C:\Users\salva\Desktop\Defogger.exe [2013.02.14 13:47:14 | 000,001,049 | ---- | M] () -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.14 13:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 13:27:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 23:16:52 | 000,001,670 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.02.13 22:58:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.13 22:40:31 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\salva\Desktop\ComboFix.exe [2013.02.13 20:55:00 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.13 20:55:00 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.13 16:02:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\salva\Desktop\HijackThis.exe [2013.02.13 14:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.12 19:28:43 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.11 20:57:51 | 000,048,434 | ---- | M] () -- C:\Users\salva\Desktop\Schriftliche Ausarbeitung Kubakrise.pdf [2013.01.27 20:55:32 | 002,394,361 | ---- | M] () -- C:\Users\salva\Desktop\einkommenssteuer.pdf [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.14 14:06:09 | 000,365,568 | ---- | C] () -- C:\Users\salva\Desktop\gmer_2.0.18454.exe [2013.02.14 14:00:34 | 000,000,020 | ---- | C] () -- C:\Users\salva\defogger_reenable [2013.02.14 14:00:15 | 000,050,477 | ---- | C] () -- C:\Users\salva\Desktop\Defogger.exe [2013.02.14 13:47:14 | 000,001,049 | ---- | C] () -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.13 22:55:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.13 22:55:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.13 22:55:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.13 22:55:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.13 22:55:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.11 20:57:50 | 000,048,434 | ---- | C] () -- C:\Users\salva\Desktop\Schriftliche Ausarbeitung Kubakrise.pdf [2013.01.27 20:55:32 | 002,394,361 | ---- | C] () -- C:\Users\salva\Desktop\einkommenssteuer.pdf [2013.01.11 23:27:14 | 001,268,228 | ---- | C] () -- C:\Users\salva\2013January11 03-56-16.jpg [2013.01.11 18:28:14 | 000,001,670 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.01.07 13:45:12 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2013.01.07 13:45:11 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll [2013.01.07 13:45:11 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll [2013.01.07 13:45:11 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll [2013.01.07 13:45:11 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll [2013.01.07 13:45:11 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll [2013.01.07 13:45:11 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll [2013.01.07 13:45:11 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll [2013.01.07 13:45:11 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll [2013.01.07 13:45:11 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll [2013.01.07 13:45:11 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll [2013.01.07 13:45:11 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll [2013.01.07 13:45:11 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll [2013.01.07 13:45:11 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll [2013.01.07 13:45:11 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll [2013.01.07 13:45:11 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll [2013.01.07 13:45:11 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.10 13:25:29 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll [2012.10.27 16:37:20 | 000,028,102 | ---- | C] () -- C:\Users\salva\AppData\Roaming\OFMissionEditorConfig.xml [2012.10.26 09:28:30 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.18 13:46:40 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.10.08 15:31:46 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.08 15:31:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.08 12:39:04 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012.10.08 12:39:04 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012.10.08 12:39:04 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012.10.08 12:39:03 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.10.08 12:39:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.10.08 12:38:42 | 000,000,003 | ---- | C] () -- C:\Users\salva\AppData\Local\user_data.ini [2012.10.08 12:30:24 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.10.08 12:30:24 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.03.31 07:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.07 00:18:41 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\.minecraft [2013.01.25 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\avidemux [2013.01.24 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Broad Intelligence [2012.11.15 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\DAEMON Tools Lite [2013.02.14 14:01:38 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Dropbox [2012.11.23 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Fatshark [2012.10.16 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Foxit Software [2012.11.21 11:12:53 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Garmin [2013.01.07 00:27:47 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\GetRightToGo [2013.01.25 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\HandBrake [2012.10.08 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Leadertech [2012.10.08 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\LolClient [2012.10.09 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\OpenOffice.org [2012.12.04 20:18:21 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Origin [2012.12.10 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\PlayClaw4 [2012.10.14 11:12:11 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\runic games [2012.10.13 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SPORE [2012.10.10 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SteelSeries [2012.10.15 10:49:26 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\The Creative Assembly [2012.10.08 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Thunderbird [2013.01.07 12:06:39 | 000,000,000 | -HSD | M] -- C:\Users\salva\AppData\Roaming\wyUpdate AU ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 14:07:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\salva\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,90 Gb Total Physical Memory | 13,89 Gb Available Physical Memory | 87,35% Memory free
31,79 Gb Paging File | 29,68 Gb Available in Paging File | 93,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 15,11 Gb Free Space | 14,12% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 15,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive E: | 341,80 Gb Total Space | 165,17 Gb Free Space | 48,32% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 0,76 Gb Free Space | 39,39% Space Free | Partition Type: FAT32
Drive G: | 570,18 Gb Total Space | 330,26 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Computer Name: SALVA-PC | User Name: salva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025699DD-7127-47B7-BC1A-E5666A3D4CDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{105C7223-A2D1-45E0-94D9-785A169F90F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BA64051-EB86-4A63-9D63-4071FA8BFF91}" = lport=137 | protocol=17 | dir=in | app=system |
"{22F6BBD4-496C-4FB0-AEFB-A6FCEFD62C75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C6834B4-B94D-43AD-B885-69A45DD05BFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D8788E3-C36F-408E-82FA-09F629E2689E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44A94FFE-67C7-44DB-B926-D46C5A4B805D}" = rport=445 | protocol=6 | dir=out | app=system |
"{542DDBE0-29C2-4697-9B6A-4D5B1E80F12B}" = rport=139 | protocol=6 | dir=out | app=system |
"{650800A6-52BD-4A81-8D03-A7E033A8BFF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B6FA32F-471E-464F-998D-FB2D97B607D2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72335073-D883-4F4A-8E07-1158B9537D09}" = lport=58240 | protocol=17 | dir=in | name=pando media booster |
"{7326BCE5-A1C6-454B-A89E-82F6EB9978D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{761597DF-BBE4-4341-A402-D97B375FE5A8}" = lport=58240 | protocol=6 | dir=in | name=pando media booster |
"{79B81DE9-455E-4053-A8CB-FA375C2E8586}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8394120B-720F-40E9-A728-FB3CD423CA39}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\outlook.exe |
"{8A5CD620-761F-4D98-865A-81993F711E7E}" = lport=138 | protocol=17 | dir=in | app=system |
"{95A0A9AA-EBCF-47A3-8BB6-8A000751CBCA}" = rport=138 | protocol=17 | dir=out | app=system |
"{98834B4A-B115-427E-A1CB-D2DE66ACC0F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A17F608A-7C0C-4E6F-8040-2D28D4500CA7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A926E4F1-C8D8-4C12-9828-0D585D4B86DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7FE53EB-2985-4CE2-BFE9-4372BF86135B}" = lport=58240 | protocol=6 | dir=in | name=pando media booster |
"{B9F03E3F-61D8-45F1-9B89-5AA3C49E2A5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC08A82A-27F4-49BC-9E5B-156999D47C07}" = lport=58240 | protocol=17 | dir=in | name=pando media booster |
"{F10C5F96-D33E-457A-85C2-61698D1A9AB5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6DD7AF2-EBDF-49AD-9045-05E7A3C86046}" = lport=445 | protocol=6 | dir=in | app=system |
"{FEF34721-D9EA-4017-A9B2-AF5105CDA7F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514E198-9105-44DD-BA1F-46D4541B5DB2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{07EDB2B8-42E4-4001-BD71-C7D309A459F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08404A68-E3A0-4722-9180-215F4363BCD0}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{08CC9CB3-DA0E-4108-B9DC-FB9BE3B3B90E}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{08DD6342-7B54-48F9-BB19-FBC64A05D5ED}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{0A5CDE34-208B-459D-9CEF-33D60BF83BB5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{0AEBF8DD-EEAE-4BCA-8FD5-5B13681B4714}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{0D670E94-C53E-4C42-B740-6EE24956D01A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{0DA2063D-3843-4927-BAFF-AE31235630F9}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{10BC626B-826F-4BDC-AD00-15C9D00E40E8}" = dir=out | app=%programfiles% (x86)\origin games\battlefield 3\bf3.exe |
"{13864A3C-A347-4A9F-B79F-91C43F5C5694}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{144F1BB8-7BDA-4A39-954F-5C2A7F28EFA9}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"{14531BF7-FD5B-4DCC-909D-9E5BBABEFB33}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{14B9B6D4-0708-46C1-980D-CC38293F0925}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1D39DD5D-EF81-48C0-B6AF-3A703571A4D9}" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii.exe |
"{1DC6A13D-4D1E-4B76-9431-4DC08B2AAE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FF7A4E7-2A8E-44D6-9E48-9C12574B53C2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\of orcs and men\oforcsandmen_steam.exe |
"{2123F218-4863-4F0C-8C89-282A4A8B6D92}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{27B59E3D-4E30-4049-89EC-B03347C308FC}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe |
"{2866DD5A-0D9D-41F9-B8A7-3028787888D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29DF5CB5-E085-4538-B03C-C822970FFFFF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2AAF81F4-F2C7-4234-AE28-1E36CC6D2979}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{2F360678-4D58-402D-990C-6632019AEF34}" = dir=out | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{31202BCC-64AD-468F-A3A8-3DF6678773C3}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{3231CF4D-B0AE-47A2-B21D-977CA154C9D9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{329B3F6E-1F71-447E-BAE4-25556AF1C015}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{3300A85E-C383-45FE-AF9C-180742CF63AD}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{371DBFFC-3ECB-46BD-B5E1-A8AB2F66063B}" = protocol=6 | dir=in | app=g:\program files (x86)\diablo iii\diablo iii.exe |
"{37B02BA2-7959-401C-BEB8-A4C3970107E4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{37C82F30-6472-47EB-A61A-C6816AA00FEB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"{395ED227-9EF2-4C2C-8F57-568A806C1F5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39CC10B5-2D7C-4973-836F-B118075471C4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{39DD72E5-5A68-4C38-9D5F-684F47985F1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A338F38-4881-4CCE-B891-6BE99FA5C9A7}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{3A544CDF-03D7-4DE0-8EC3-397941F3B5DA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{4B4A4ACB-3006-4A25-958C-53727BE3AEFA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{4C13BF53-EF9B-4AAD-9B86-1F40C60BB49A}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{4C1504E3-1380-4672-8807-78F19632153B}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6mp.exe |
"{4C7AC607-084E-4E18-9550-9FA068C578C1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{50C7034E-D6D3-4797-88D9-CFC1E4658177}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{54A5ACB2-1808-4850-90AB-85C3E7A66B42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54F22F20-3BB4-4641-87EA-09379E53FEEC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{56E4F97E-9AC2-4319-BFC7-DB9D8818B1CE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{56F235A3-C884-47C3-896B-F3FE9989D605}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{58233B91-7A62-4F6E-8650-DA23D5826ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{582B38DE-F86C-421A-90C5-51E3AA6B5E43}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5A11DFCD-B5E9-4986-873C-493789F9DBEA}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{5C34AF5C-FA88-437F-891E-CB988A015D6A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{5FF4BDE4-EFCE-4883-A6B6-E5E709473D5A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{607B4795-AA13-48D8-9A5F-7596A8A0F175}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6zm.exe |
"{613311B6-8AEB-43A9-BAB6-1DD35758B7C6}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6AE08646-A65C-46D6-A001-AB6645926A2A}" = protocol=17 | dir=in | app=c:\users\salva\appdata\roaming\dropbox\bin\dropbox.exe |
"{6E49BB02-78FE-4B16-9165-C4D02A1FC6D4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{703765A6-8F98-47C4-A804-73C1A6C18D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7051A97E-1679-4B59-A38F-926F59811BE0}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{709906CC-78F7-4A2D-9EDE-FCFBBD161D7A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{719EDCEF-7B9B-42D7-BE28-16F93C73C53B}" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii.exe |
"{73CFBA2E-37BE-4F7C-BDAA-F8AA62B033B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77DA6FFD-4C8A-4818-8348-EB89D22978C1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{7ECF6E81-FA14-4901-8792-762DB84B2FDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F059895-C427-450B-9062-FFB2CEC095A0}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{855437D2-1A16-4124-8697-D8EE1AE495F4}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{85EC5F97-4E81-409F-9C23-260662851C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8F7EDECE-C059-47EA-A495-C34FD47853A5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{906951B5-82A4-4CAB-9972-628A5C63E3BB}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{94613BC2-D44B-4FA5-896C-7AA7C8FCA8CB}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"{94EBDAA1-82D2-461F-8134-E1120B5C8B34}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{952AE26E-5C4B-48F6-B902-588E395F3C48}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{976AB639-795B-48F5-B196-D597AA84DF91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B2AC795-8EFA-4833-AB7F-36A992FA7414}" = protocol=6 | dir=out | app=system |
"{9B77BA48-2BCC-4F6B-BA0C-F13021BE43F1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{9B95E016-CC16-4ECD-B4C9-8DACBB32C366}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9C583ECC-EE9B-49FC-AC5B-B2BAE8D529A4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{9D667017-3B2B-4092-A252-2CAD5F10E3B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E62C6F0-97F1-4620-92B5-88C51737FCBB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{A0FB9C2B-6120-41AC-A265-4A66D0B7DB19}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{A3FB4451-BB16-491A-AC7E-325BD1D92610}" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A410BCFE-69C7-431D-9D94-08C465304210}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A5BDDC38-6C24-46DE-8366-95C8D46A1D86}" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A6B5D5C5-E53F-4798-A1CD-26E8D72C03B1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{A9ED1C5A-AE2A-4A49-92C6-CDA3C20382EA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"{AA639950-E51C-472D-A6ED-93967C6304A7}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{AD01AAE3-0C6E-4405-AAD9-BC6531FB289B}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{AE3FE3B3-0A77-4253-AC61-79951B54F90D}" = protocol=17 | dir=in | app=g:\program files (x86)\diablo iii\diablo iii.exe |
"{AECDB3EF-FFFA-43BB-B7D0-FF42C9B92946}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{B23E6361-3370-48EA-B430-3D36B9826848}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{B23EA7D5-A98D-4172-BBFA-FAFAB3E8AA1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B26B6B91-E3B8-448E-A6FC-67B8A6E3AD5E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{B5429C4C-A9BB-41CA-AFD1-3E8098B13E7C}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe |
"{BAAB78DC-506A-4D25-ADE2-38CD89185B80}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BB1F1EDB-818D-4313-B1EE-84A5DE4EA8F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BE426AC4-8351-40B7-94CB-102D65135AB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C05CEA60-05A8-454D-B437-707F3CA393CF}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{C39C86A9-46B0-4528-8587-54450CE92246}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{C7259EA5-DA16-4FEF-8B5E-7F75BD8F5697}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{CB3C9BC6-D5F0-4515-9813-DD2DB6BD2C03}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{CC25D40E-DFDA-4C7A-A761-3CDD4509390A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{CDFB8A1B-9ABC-42F0-A91C-F73A207A24A1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{CE50AA32-0CA5-4A6D-9C2C-81E128D9C0A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D26C64EC-6B00-48D9-A883-678C908E310F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{D3A502EC-989A-4439-A17E-9ADF73B55948}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D3E1A600-3C3C-40A4-965F-27FCE1EC3468}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D50C017F-7371-4911-9A69-1BB9447BAB1C}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{D6A23DE6-B97D-4A96-A996-1C1B43D08D3F}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D880E176-BFE1-41F1-B078-F5762F3B3D87}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{D90B4DD9-508F-4569-A144-D64FB739DD85}" = protocol=6 | dir=in | app=c:\users\salva\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0034507-3D88-4ACB-AA52-C897B399D5C9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E161C15B-3EB3-437A-B8BC-C0B2358BE996}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2803F2B-838C-45FA-8687-38F614A0D549}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E31A2119-7AAE-409D-A890-DF8F5BCF9CA1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E838EB73-A442-410B-8696-FA54FE4D689D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9EB9315-F21F-4DEF-81AE-4DC04799810F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{EA542E00-85D2-4826-8AE1-F6F3E62064E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EEC78377-7DC0-48E1-83F3-89CAD548D38D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{F0813EE2-A165-482A-B4F3-92D312B1FA4E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{F10960FE-F9C9-4C3E-9075-475EEC733653}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F2AC3002-188E-4E8E-A503-C76375A20185}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"{F5E64F1A-E339-4433-950D-A3025184F2DD}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\of orcs and men\oforcsandmen_steam.exe |
"{F68ACAEC-CF69-4A36-B9D1-C42F9A712FD8}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{F8A513CC-0B7A-4630-ACE7-FB592B37A230}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC38473D-ECC5-49B0-BDC6-E6C649D397ED}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"TCP Query User{199B509F-720C-47AC-813C-46D1A8F3C86A}G:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"TCP Query User{301E2067-62AC-48B6-8AA6-F552E69708DB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{31233CFA-C19C-466F-BCB8-05BFB24DB561}G:\program files (x86)\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=g:\program files (x86)\battlefield play4free\bfp4f.exe |
"TCP Query User{495D4D4F-A449-4FA5-89F2-C4691A306EC2}E:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=e:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe |
"TCP Query User{5B5CFF64-1B27-414E-A1A2-8A3F28E72356}G:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{6B0C6A10-650D-4DD5-8708-00730DCFB59E}G:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=g:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{6F895829-92AF-4936-8402-0C6539C77115}G:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe |
"TCP Query User{9926684D-4501-41FA-9ECB-4D9FCC110AD9}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{9AA9C424-3BEA-42E0-87CF-4BBC7D988A22}G:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{9E06B315-F23D-44F4-B44A-33C3C92E2B3E}G:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{DF4B32A0-9278-4DBC-BF72-AFFF751A9C96}D:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{008AAD70-9013-4C59-9F75-D06C67885381}G:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{2FCFFA3F-40AD-4810-BCE9-B38F245A5433}G:\program files (x86)\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=g:\program files (x86)\battlefield play4free\bfp4f.exe |
"UDP Query User{3B0567F1-5C06-4544-AC92-1DA31110542C}G:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{3E3A12CF-E925-4D2F-A0EE-D06401567FE9}D:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3ECBC2C7-C301-45B4-8101-AE427DA5C9DC}G:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"UDP Query User{6121C001-60D9-4362-97FA-45DB00065CA6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7F623DDC-50D8-4EAF-8E4C-85C41A5BC1E3}G:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{900AB33D-8A93-4032-BB12-4D8F89C7FC9D}G:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=g:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{A225581C-A088-4D56-BA40-9F7ED170F62E}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{C853B88F-A0A4-42FE-BFAE-18A7AF2338A8}E:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=e:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe |
"UDP Query User{D151552B-D107-4C81-820C-1C3418971980}G:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Lazarus_is1" = Lazarus 1.0.2
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SteelSeries Engine" = SteelSeries Engine
"UDK-7fea3f8c-9746-467c-b8a2-efcfef3a4425" = My Game Long Name
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.5.6366
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}" = HP LaserJet 100 color MFP M175
"{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A5949B71-46FB-43F3-8852-4E74D9FC7564}" = hpbM175DSService
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C3529014-BB16-4933-83FE-9BC9D79619F5}" = HP LJ100 M175 HP Scan
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9C72E0-61E9-4FB6-9D9D-69A9D974106C}_is1" = Assassin's Creed III version v1.01
"«Endless Space - Emperor Special Edition»_is1" = «Endless Space - Emperor Special Edition» 1.0.29
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aika Online: Epic III" = Aika Online: Epic III
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darksiders II_is1" = Darksiders II
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PlayClaw 4_is1" = PlayClaw 4
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"RGF HotSpot_is1" = RGF HotSpot version 0.6b
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 113200" = The Binding of Isaac
"Steam App 113400" = APB Reloaded
"Steam App 1250" = Killing Floor
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203730" = Q.U.B.E.
"Steam App 204360" = Castle Crashers
"Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
"Steam App 216910" = Of Orcs And Men
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 34030" = Napoleon: Total War
"Steam App 40800" = Super Meat Boy
"Steam App 42160" = War of the Roses
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 93200" = Revenge of the Titans
"SysInfo" = Creative Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 18:04:23 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 13.02.2013 18:04:26 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 13.02.2013 18:13:06 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 13.02.2013 18:13:09 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 04:45:46 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 04:45:49 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 04:46:38 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 04:46:41 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 09:01:20 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 09:01:22 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
[ Spybot - Search and Destroy Events ]
Error - 12.02.2013 19:01:49 | Computer Name = salva-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.02.2013 03:42:54 | Computer Name = salva-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2792100)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 9 unter
Windows 7 für x64-basierte Systeme (KB2797052)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2790113)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2790655)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2792100)
Error - 14.02.2013 08:48:33 | Computer Name = salva-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 14.02.2013 09:01:20 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "AMD External Events Utility .NET." wurde mit folgendem
Fehler beendet: %%2
Error - 14.02.2013 09:01:27 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 09:03:28 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 14.02.2013 09:03:28 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Sollte der GMER auch noch benötigt werden, kann ich den auch noch im nächsten Post mit reinschreiben, der war jetzt zu lang für diesen Post! Ich hoff ich hab soweit noch nicht allzu viel falsch gemacht und mir kann noch geholfen werden... mfg salva92 Geändert von salva92 (14.02.2013 um 15:36 Uhr) Grund: QUOTE durch CODE ersetzt |
| Themen zu Zufällige Werbepopups beim Surfen |
| 0x80041003, adblock, antivir, application/pdf:, audiograbber, avira, battle.net, bho, black, browser, error, firefox, flash player, google, helper, hewlett packard, hijack, homepage, hotspot, iexplore.exe, install.exe, jdownloader, launch, mozilla, nodrives, nvidia update, object, pando media booster, plug-in, problem, realtek, registry, scan, security, senden, software, super, svchost.exe, teamspeak, usb, windows |
Baum-Darstellung