| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: weisser Bildschirm beim starten von Windows 7 (64 bit)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.02.2013, 18:44
| #16 | |
| /// TB-Ausbilder   |  weisser Bildschirm beim starten von Windows 7 (64 bit)Zitat:
Versuch bitte mal noch, den Akku des Laptops zu entfernen und auch das Stromkabel auszuziehen und den Rechner dann normal über den Einschaltknopf zu starten (das wird natürlich nicht gehen..). Danach wieder den Strom anschliessen und erneut starten. Ist der Bildschirm dann immer noch von Beginn weg weiss und du kommst nicht mal ins Bootmenü rein?
__________________ cheers, Leo |
|
25.02.2013, 19:14
| #17 |
 | weisser Bildschirm beim starten von Windows 7 (64 bit) der Bildschirm ist wie leider gewohnt weiss und ich komme auch nicht ins Bootmenü.
__________________Was mir schon mal vorher aufgefallen ist, wenn ich die Enter-Taste drücke währendessen der PC hochfährt und der Bildschirm weiss ist wird der Bildschirm für ein paar Sekunden schwarz, wechselt dann aber wieder zu weiss. Auszug aus dem Handbuch (Online) So rufen Sie Setup Utility auf: 1. Schalten Sie den Computer ein, oder starten Sie ihn neu. Drücken Sie die esc-Taste, wenn die Meldung „Press the ESC key for Startup Menu“ (Zum Aufrufen des Startup-Menüs ESC-Taste drücken) unten im Bildschirm angezeigt wird. 2. Drücken Sie f10, um Setup Utility zu öffnen hab ich auch versucht leider vergebens. |
|
26.02.2013, 10:16
| #18 |
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo,
__________________das ist jetzt ein verzwickter Fall hier.. Nimm mir die Frage nicht übel, aber du hast jeweils immer genau das gemacht, was ich dir geschrieben habe und nicht nur so ungefähr? (auf die Details kommt es an..) Wenn ja, dann sollten wir noch ganz sicher stellen, dass der Rechner jeweils wirklich neu startet und nicht aus irgendeinem Ruhezustand kommt:
__________________ |
|
26.02.2013, 12:21
| #19 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Leo, ja, ich folgte immer genau deinen Anweisungen. Den Akku habe ich nach dem Kauf rausgenommen, da soweit ich weiss man den Akku entfernen sollte wenn man ständig so wie ich mit dem Stromnetzteil arbeite. Das ist doch korrekt, oder? Ich werde jetzt mal meinen Freund anrufen und ihn mal fragen wie ich dort ins Bootmenü komme. Telefonisch kann ich da vielleicht besser agieren um uns den weiteren Einstieg doch noch zu ermöglichen. Ich melde mich im Anschluss wieder, ok. Viele Grüsse Heiko |
|
26.02.2013, 12:33
| #20 |
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Heiko, ja versuch das mal. Sonst würd ich wirklich auch mal einen Hardwaredefekt in Betracht ziehen und abklären.
__________________ cheers, Leo |
|
26.02.2013, 13:40
| #21 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Ich habe gerade mit ihm telefoniert und wir haben es über die F2-Taste versucht. Ging auch nicht. Er meint wenn nach dem Start der Betriebstaste sofort ein weisser Bildschirm erscheint handelt es sich höchstwahrscheinlich um ein Hardwareproblem da auf jedenfall vorher ein Anzeigen (oben links) des Bios kommen muß. Bis zu diesem Zeitpunkt können dort keine Viren oder sonstiges sein, so er. (Wenn ich das so richtig formuliert habe). Ich werde demnächst eine Heimreise antreten und wir werden es mal mit einem externen Monitor versuchen, war auch sein Vorschlag. Wenn du willst halte ich dich auf jedenfall auf dem laufenden. Eine sehr wichtige Frage hätte ich noch. Wie kann ich mich nebst Kaspersky Internet Security 2012 besser vor solchen Angriffen schützen in Puncto Software? Ich habe jetzt Malwarebytes installiert und es läuft parallel mit. Reicht das? Ich danke dir sehr Leo für dein Bemühen!!! Schön das es Euch gibt, macht bitte weiter so!  Viele Grüsse Heiko |
|
26.02.2013, 14:19
| #22 | |||
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Heiko, Zitat:
Die zeitliche Korrelation mit dem Besuch der Malwareschleuder kinox.to hat mich ein wenig verwirrt. Zitat:
Wichtiger ist, dass dein System und die Software immer up-to-date sind (Plugin-Check) und dass du dich einigermassen schlau verhältst im Internet (beispielsweise mit alten Java- und Adobe-Plugins auf Seiten wie kinox.to zu surfen, wäre nicht besonders klug  ). Ansonsten bietet auch die beste Sicherheitssoftware keinen nachhaltigen Schutz.Zitat:
__________________ cheers, Leo |
|
26.02.2013, 16:44
| #23 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Ok daran halte ich mich in Zukunft! Danke. Mit dem PC-Check würd es etwa noch ne Woche dauern, vorher komme ich leider nicht dazu. Du hörst dann aber von mir. Viele Grüsse Heiko |
|
26.02.2013, 16:50
| #24 |
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Ok, alles klar. Bis dann.
__________________ cheers, Leo |
|
21.03.2013, 16:01
| #25 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Leo. Ich konnte gestern meinen Laptop vom Mediamarkt abholen. Hatte ihn wie ausgemacht zur Reparatur gebracht. Folgendes.. Reparaturbericht Werkstatt: Das Gerät wurde im Rahmen der Herstellergarantie instand gesetzt. Mainboard gewechselt, LCD Front gewechselt, BIOS Update Soweit so gut. Rechner startet und läuft wie gewohnt. Nur ist mir jetzt aufgefallen das sich die Helligkeit des Bildschirm nicht mehr ändern lässt, was vorher kein Thema war. Er ist viel zu dunkel und wenn ich eine Änderung der Helligkeit über F2-F3 vornehme geht die Anzeige zwar hoch oder eben runter nur ändert sich die Helligkeit nicht. Was kann ich tun? Bitte helf mir. Ich finde es eine Sauerei das sowas nicht vor Rückgabe des Kunden anscheinend getestet wird. Viele Grüsse Heiko Hallo Leo. Alles erledigt, Ursache war der Grafikkartentreiber . Hab alles aktualisiert und jetzt lässt sich die Helligkeit auf Wunsch wie gewohnt per F2/F3 ändern.Aber ich würde trotzdem gern mal über euch einen Malwarecheck machen. In dem ich mal die Daten sende, wie einst von dir angegeben. Oder reicht ein Scann mit Malwarebytes aus? Viele Grüsse Heiko |
|
21.03.2013, 21:43
| #26 | ||
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Heiko, Zitat:
 Zitat:
Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.03.2013, 14:54
| #27 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Leo. anbei die Logs von GMER und OTL. Da bin ja mal gespannt. bis später Heiko Gmer.txt: GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-22 14:13:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 698,64GB
Running: f927wu0t.exe; Driver: C:\Users\Media\AppData\Local\Temp\ugtiypod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074a21a22 2 bytes [A2, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074a21ad0 2 bytes [A2, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074a21b08 2 bytes [A2, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074a21bba 2 bytes [A2, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074a21bda 2 bytes [A2, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4184] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000755b8799 5 bytes JMP 000000016a851000
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4404:1624] 000007feef519688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6c60a3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6c60a3@002298272f20 0xAA 0x07 0xA9 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6c60a3@04180f7b02a0 0x86 0x33 0xDD 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6c60a3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6c60a3@002298272f20 0xAA 0x07 0xA9 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6c60a3@04180f7b02a0 0x86 0x33 0xDD 0xB0 ...
---- EOF - GMER 2.1 ----
OTL txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2013 14:37:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Media\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 72,46% Memory free 15,90 Gb Paging File | 13,50 Gb Available in Paging File | 84,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683,07 Gb Total Space | 396,41 Gb Free Space | 58,03% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 160,55 Gb Free Space | 22,98% Space Free | Partition Type: NTFS Drive E: | 15,27 Gb Total Space | 1,89 Gb Free Space | 12,36% Space Free | Partition Type: NTFS Drive G: | 98,87 Mb Total Space | 88,65 Mb Free Space | 89,66% Space Free | Partition Type: FAT32 Computer Name: MEDIA-HP | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.22 14:35:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe PRC - [2013.03.21 15:43:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe PRC - [2013.02.03 16:45:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.30 22:14:05 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012.01.02 03:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.08.09 07:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.09 07:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe PRC - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2010.12.07 05:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2010.12.07 05:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2010.12.07 05:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.03.21 15:43:04 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\mozjs.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.04.11 06:06:16 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll MOD - [2012.04.11 05:55:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012.04.11 05:55:11 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012.03.14 18:19:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll MOD - [2012.03.14 18:14:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.03.14 18:14:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.03.14 18:14:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.03.14 18:13:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.03.14 18:13:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.03.14 18:13:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012.01.02 03:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011.01.28 00:27:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.22 13:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.11.22 13:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.11.22 13:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.12.16 10:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2011.09.30 21:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.06.02 04:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011.05.27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010.07.29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.03.03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2013.03.21 15:43:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.21 14:40:36 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.03 16:45:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.29 20:31:32 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.30 22:14:05 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.09 07:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.08.09 07:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2010.12.07 05:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 22:14:56 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.06.19 17:27:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.30 23:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.30 20:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.09 07:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.09 07:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.06.10 16:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 16:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.02 04:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.05.27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.05.27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.04.09 00:44:41 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 22:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.08 22:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.07.20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.07.20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.07.14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.08 13:04:24 | 000,044,624 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djavs_x64.sys -- (a8djavs_x64) DRV:64bit: - [2009.10.08 13:04:20 | 000,300,112 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djusb_x64.sys -- (a8djusb_x64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2008.04.10 09:20:30 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2011.10.27 07:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) DRV - [2011.04.20 04:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.04.12 10:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/01/26 19:38:03] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.23.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Media\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Media\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.30 22:14:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.30 22:14:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.30 22:14:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.30 21:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2013.03.21 15:43:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins [2013.03.21 17:07:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2013.03.21 15:43:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins [2013.03.21 17:07:11 | 000,000,000 | ---D | M] [2013.02.02 18:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\Mozilla\Extensions [2013.03.21 17:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\7oyn9x4c.default-1359405826157\extensions [2013.03.21 17:53:36 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\7oyn9x4c.default-1359405826157\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013.02.14 18:40:15 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\7oyn9x4c.default-1359405826157\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\npwebsitelogon.dll CHR - plugin: Wajam (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Media\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Wajam = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Website Logon = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\ CHR - Extension: Google Mail = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2012.02.23 11:44:48 | 000,436,312 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 15040 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1034800027-851193289-1642942954-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CC:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CC:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - CC:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F7662AE-02F9-41C2-A3E9-381798D4E11D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{4340103f-ba1c-11e1-a283-cc52af603160}\Shell - "" = AutoRun O33 - MountPoints2\{4340103f-ba1c-11e1-a283-cc52af603160}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 14:35:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe [2013.03.21 21:14:57 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Malwarebytes [2013.03.21 21:14:42 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.21 21:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.21 21:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.21 21:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.21 17:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.03.21 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.21 17:22:16 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.21 17:22:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.21 17:22:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.21 17:22:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.21 17:22:03 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.21 17:14:23 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.21 17:14:07 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.21 17:14:07 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.21 17:14:07 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.21 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.21 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.21 15:46:45 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll [2013.03.21 15:46:45 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys [2013.03.21 15:46:44 | 001,885,488 | R--- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmn.dll [2013.03.21 15:46:44 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmns.dll [2013.03.21 15:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10 [13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.22 14:35:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe [2013.03.22 14:33:07 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 14:33:07 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 14:24:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.22 14:24:41 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2013.03.22 13:20:01 | 000,377,856 | ---- | M] () -- C:\Users\Media\Desktop\f927wu0t.exe [2013.03.22 13:18:39 | 000,000,168 | ---- | M] () -- C:\Users\Media\defogger_reenable [2013.03.22 13:17:36 | 000,050,477 | ---- | M] () -- C:\Users\Media\Desktop\Defogger.exe [2013.03.22 10:13:56 | 001,500,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.22 10:13:56 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.22 10:13:56 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.22 10:13:56 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.22 10:13:56 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 21:14:42 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.21 20:28:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.21 20:28:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.21 20:24:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.21 19:25:32 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.21 19:23:45 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMedia.job [2013.03.21 17:21:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.21 17:21:57 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.21 17:21:57 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.21 17:21:57 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.21 17:21:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.21 17:21:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.21 17:14:02 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.21 17:14:01 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.21 17:14:01 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.21 17:14:01 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.21 17:14:01 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.21 17:14:01 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.21 17:07:12 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.21 14:50:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 14:40:36 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.21 14:40:36 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 13:19:59 | 000,377,856 | ---- | C] () -- C:\Users\Media\Desktop\f927wu0t.exe [2013.03.22 13:18:39 | 000,000,168 | ---- | C] () -- C:\Users\Media\defogger_reenable [2013.03.22 13:17:35 | 000,050,477 | ---- | C] () -- C:\Users\Media\Desktop\Defogger.exe [2013.03.21 21:14:42 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.21 19:25:32 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.21 19:22:18 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMedia.job [2013.03.21 18:36:22 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2013.03.21 18:36:22 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2013.03.21 17:07:12 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.21 17:07:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.19 13:54:38 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.10.23 02:41:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.10.23 02:41:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.14 20:54:00 | 000,017,408 | ---- | C] () -- C:\Users\Media\AppData\Local\WebpageIcons.db [2012.02.25 15:26:33 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.01 00:20:09 | 000,000,032 | ---- | C] () -- C:\Windows\Start.INI [2011.12.22 19:34:03 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.22 19:34:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.17 21:01:28 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini [2011.11.17 19:46:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.11.16 14:33:44 | 000,000,917 | R--- | C] () -- C:\Windows\twtycfg.ini [2011.08.09 07:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.09 07:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 07:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 06:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.04.09 00:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 00:32:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.09 00:23:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
22.03.2013, 14:57
| #28 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2013 14:37:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Media\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 72,46% Memory free
15,90 Gb Paging File | 13,50 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,07 Gb Total Space | 396,41 Gb Free Space | 58,03% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 160,55 Gb Free Space | 22,98% Space Free | Partition Type: NTFS
Drive E: | 15,27 Gb Total Space | 1,89 Gb Free Space | 12,36% Space Free | Partition Type: NTFS
Drive G: | 98,87 Mb Total Space | 88,65 Mb Free Space | 89,66% Space Free | Partition Type: FAT32
Computer Name: MEDIA-HP | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C97DAC-9A6F-47B5-B136-670A46CF8BD7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{05CC17B2-529E-4DA5-8B4E-6550E1C19182}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E7A9CE2-CE6A-4714-8816-4DED5EC3F22E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2242101D-295D-49A9-BFC4-FF74345DB94C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2401AA18-8396-4315-9D9E-D4D7428CF528}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E62DFF2-2541-46DB-A727-F7A378594211}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4265965E-22D5-4D7F-BCB6-93473B069988}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{49542680-5E52-4E7C-93B2-07135634C849}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{57AD4C9B-8022-4B92-AE76-B2512CDCEFDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73D63512-3E43-4D6B-BB47-4D85FAB70025}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7429E238-C9E8-4442-B834-F0ACECB10E63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74E046B4-BF6A-4392-8138-15C486119B55}" = rport=138 | protocol=17 | dir=out | app=system |
"{79583910-01F1-4CBC-A4BB-DA4A01AD6577}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82F3DB25-8EE2-4ECB-B6F9-2B2A230510C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85D6C696-08E8-4092-B90B-4112EA7DE298}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8A6950E5-A3D1-46C2-9848-89237AAE4EB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F5209F3-F634-40CA-865F-A26B28F07372}" = lport=139 | protocol=6 | dir=in | app=system |
"{91FBACC3-A13E-4B9C-9F9A-FDB0572A8C6D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9FBD217B-C3E2-4309-983C-F25F960E1C68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B4386439-BAE0-4D0E-A20E-02A04ECF0A97}" = lport=138 | protocol=17 | dir=in | app=system |
"{B470957C-2FF3-425F-9EA4-C6668C23D783}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7ACFEE3-AC42-4228-AFAE-863972BA3743}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0888D9C-9EA9-423B-AC1A-478B14010B3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D476D8CA-789B-4356-B719-1627064AA8A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DACC3B52-DB69-467F-A8A1-8E7DD6BA5E00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E9C668F5-EA04-4825-8074-777C1B86EFFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA2B9FA2-D4B6-4431-BDA0-C26F91FA0C70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA87F7FF-E124-46E9-8A77-B704887D751A}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC0F24BE-B54B-4594-8004-B5F132A7DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{F29EC30A-BC5C-4E2F-8D5E-5F6E8780847A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016F9E4E-692F-42B0-B1C0-BEB917CDACA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{02871FAF-9686-4D11-8555-1D3878E68D72}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{02A437C4-956A-4319-95B9-FF8C531386C2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{09562F8F-908D-4EE5-A1C5-A2128241B54E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{0A5139F7-4D25-4A23-AA47-0142BA478D43}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{0AE5B9A3-0AA7-4261-A415-E0713D3C8152}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10DAA55A-45AF-472C-A0D4-E4F2497871AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{17986F22-17FF-4BAD-8130-7D83E57B0A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{17A1A807-7594-4A4B-BC35-63A0779BA712}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{199C2654-4A80-4920-B0EC-522828D6C8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{199D4E71-C095-4A87-80CA-C6D50E557F4D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25C2EFF2-359E-4228-82F2-09D971BC8268}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{2661E1D9-E9DD-438E-A18E-28212F55D0D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2CD0DFB5-E252-4DC2-91B2-640763F676C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2E7902CA-498F-4E18-8BCF-0689E3E8CCA1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{37BA4871-32D3-4FD0-B0D8-DCD539101731}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{39F89DF9-40E2-4DFE-842E-24185D7E2CC1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe |
"{3AF2FDD4-97E2-4FF0-9FA3-1175632F024D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{45DFB8C7-9871-4018-BF44-6729D5D6FD56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46383E1B-3117-4EFF-959D-09FEF71B387D}" = protocol=6 | dir=in | app=c:\program files (x86)\data\cnc4server.exe |
"{4CC021CA-BDF1-4784-9259-2E3CB0C40710}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E50D2FA-6897-41E4-94B1-DA10F8E83BC5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{516173E9-08A0-4F99-86D0-BD5B29033122}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{51C48361-7B41-44E5-A9E7-D487D2B2D404}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe |
"{54424A1C-3B54-4839-A555-A5DA282EF4FA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CF82B26-2C30-4EB5-918F-EA57876F316F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6022E32A-B0BE-4137-A7FB-385A35DF0E42}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mplite.exe |
"{6198B1F3-DB8D-4866-9619-098D9C526C58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6784E592-EDB7-4709-A7B9-96F19E20CBCC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{685FAA30-AB83-407C-B663-5373F5C6F642}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{68C4EF37-7F91-4AFD-BCBC-B08C0E9AD79E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{6AA7A87E-747A-40C3-B8B2-3AA258F52A96}" = protocol=17 | dir=in | app=c:\program files (x86)\data\cnc4server.exe |
"{6B294B48-431C-4951-9DF4-7D65BC802B06}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6CA32550-9C55-4297-9E53-4B2B4143E6A6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FCF7416-DFA0-4A17-AE62-1D2E6AA74D90}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{73108EFA-9EE2-4D47-A24A-7E1F1440988A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{75261D10-AB45-4056-9184-C2C59CD97829}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{75C30663-1F2C-4DB1-8551-294997D003EE}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{774F4380-3461-4F68-A004-A50B4B3E9C12}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{79551919-EA26-4642-BD6C-3C6AD4785734}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{798EA97B-0025-40AF-BC30-AC50D8AD4A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{80A1C676-9581-4E78-8A9F-5E64FDA35515}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{82CB34B5-03AF-4F2E-81DB-AB8F6C503E27}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{846CBFE2-49FA-494F-A506-014772E46682}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{89D6F8A6-7280-4862-8E51-3FB4AEA6F694}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{8FA66BC5-46BE-4114-9395-E61D4B9748F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{9055B57E-6CE0-4547-ADFF-2151E3C9BFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{91ACAFC3-F4A2-4E43-B3DE-F22992778760}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{946EB44B-6F6F-4877-8455-2D1C304DE3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{94E97AEE-FF5F-4730-B67A-B7CB81052648}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{97D61F67-1665-4D76-BFCF-F986088914E5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{9A7346CD-21F3-4411-AB2E-B63019CDBEDE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D8E6DBC-9FA6-4964-85C7-075D6417EA7C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9F1651ED-6706-485B-91B0-FF80943AECC0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{A173C564-4A96-4105-9BA7-C44911C7E54F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A377D481-8ED2-42DE-ACE2-514D06BEAF2A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A643E40C-E726-4E12-A8E6-720561F41B98}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A9B12798-2957-4DA5-8C96-3676C76C2146}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{AAF98331-186A-4E08-B29C-3C56DDFAB093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{AB16FE95-C597-4E72-A39A-A86688D7B1CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{AD59F885-3875-41DF-B03B-F03CA7F8FE6E}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe |
"{AF48BFE8-9472-469B-BDCC-1A8C3383A9F3}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{B1D82DA3-6A77-42FF-97D6-BCE371947B17}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B49F166F-3B7B-41BC-8AA4-C108B2AEC0B3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{B7575DB3-3631-4A03-9394-2DF6623A65B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{B8B0C9F9-6276-4A13-BBA1-F534881FE606}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{B9F79FB3-99B1-4D44-93B0-3C591A5D476F}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{BD33DBDF-1713-476B-89C2-2BC194C7AFE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C12064FC-F301-4F56-9502-6500B79B15B4}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{C3AE240B-BDDA-4127-91EC-0B98B8EE2972}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5FD529B-79F7-46E0-BC45-CFA4E30D0C0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C622EC0A-5891-48C8-B64D-80E2C459A66E}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{C9246207-430A-42E0-A7E4-9A86E38C75FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{CB6AA446-7C99-431E-B48F-15C01A1BC771}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{D0F37156-0221-4663-8657-4583C04832E4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{D138A7D5-9731-449A-83E9-6AC8D9AC5BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\wolfenstein\mp\wolf2mp.exe |
"{D39E2CFC-CF23-4DCD-A245-CC01ACE5B4F9}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{D409A0AA-8A2C-4BA4-A7EB-45FE89B452FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{D9D1A47F-3152-4387-B8B6-5401A796C88B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DCDE3A41-3D80-4AA5-B2BC-B0094002F79B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD6BBC57-3DA0-45D0-94C8-B8D3DF66675F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{DF190F03-CDB4-4E51-AF30-BF6192BC1069}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{E3E7F99B-C232-465E-9E51-F8AFE0940EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E47BEE2B-3D30-4DFC-B5BB-878D4B058EF9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E6EA960D-B0B3-4188-B0C2-44A50A5B6CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{E998DB7D-802B-48EA-AAA4-69A5D8D186AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED61574A-1295-4713-B197-5869F8B85340}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EF12F5D2-6E45-49F0-BD53-878ED6780378}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{F1A7A9A3-397E-4331-BFE2-3C1C4462D6F2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"{F207F773-5830-4940-8F64-E3ED852C9A9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F45A1072-48FB-4FE2-AE8D-53503BB422D0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat |
"{FF2B977E-D8D4-4786-983C-96FDF8930483}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF6458BF-7916-4037-AF20-5095CBDAB910}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"TCP Query User{1596138B-8999-4C58-9065-8B7A7B9EC5D4}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"TCP Query User{17A40FD0-43F9-4A97-AFC7-520199F2215D}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"TCP Query User{3E59616F-AD19-487E-96EA-3E886C969DFC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{48514AE3-F12B-4E13-A3E7-F80B743C6A0E}C:\ubisoft\silent hunter 5\data\browser\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\data\browser\uplaybrowser.exe |
"TCP Query User{56D8FBB2-5C90-457C-A9DF-E9E4FAC12138}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{699E58D4-45E9-4041-8684-E50670390327}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\crack\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\crack\data\cnc4server.exe |
"TCP Query User{75685444-5967-45E5-AB3F-2B024004FF7C}J:\select your cnc4 installation directory\data\cnc4server.exe" = protocol=6 | dir=in | app=j:\select your cnc4 installation directory\data\cnc4server.exe |
"TCP Query User{8C336C12-A2F4-4D15-AE1F-6BBEF171F004}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\cnc4server.exe |
"TCP Query User{976596FB-A101-47B0-B4DC-89E9CBCB78B2}J:\privat\games\c.and.c.4.tiberian.twilight.retail.spire\cactt-tl\cnc4server\cnc4server.exe" = protocol=6 | dir=in | app=j:\privat\games\c.and.c.4.tiberian.twilight.retail.spire\cactt-tl\cnc4server\cnc4server.exe |
"TCP Query User{A7A2D070-A24C-43F2-BEE5-9A220B102380}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\data\cnc4server.exe |
"TCP Query User{B5C9904F-A2A8-495A-9C40-B68BAB5139CD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C18431DB-CC90-4962-A13D-7368DECFE11B}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{C674BA55-262B-467C-911A-0D95185F344C}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{00DADD1E-3473-4532-B60B-8EFF9DBC7F2D}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{2B302DF4-7E48-4BBC-BAE0-0BA611AE0613}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"UDP Query User{2F520836-E331-4F81-9EF9-FD248335F61B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{53C328F2-6024-42BB-B29A-0EEA7CEC712E}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\data\cnc4server.exe |
"UDP Query User{6B650420-00CE-4C52-BF37-BEE399EA3418}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{6B9BA510-07A5-4A0D-B8D0-3AA3D2420E0D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7CA49BA0-5E28-4889-86E4-CEE784B41E23}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"UDP Query User{A08753F1-774A-49F9-B8E1-85DF076A929F}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\data\cnc4server.exe |
"UDP Query User{A24B8B7C-A7CB-42CA-9D90-24A86E2C690D}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{B9166539-EE87-4AFD-9B33-AA1A76DFFA85}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\crack\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\crack\data\cnc4server.exe |
"UDP Query User{CEC18482-74B1-4F91-94DA-E7F2BFF2DA84}J:\select your cnc4 installation directory\data\cnc4server.exe" = protocol=17 | dir=in | app=j:\select your cnc4 installation directory\data\cnc4server.exe |
"UDP Query User{D9C8182F-9A33-49A2-BBA9-00BB2AD845D2}J:\privat\games\c.and.c.4.tiberian.twilight.retail.spire\cactt-tl\cnc4server\cnc4server.exe" = protocol=17 | dir=in | app=j:\privat\games\c.and.c.4.tiberian.twilight.retail.spire\cactt-tl\cnc4server\cnc4server.exe |
"UDP Query User{EB55FDB4-ACCF-4551-81AB-90A21971F578}C:\ubisoft\silent hunter 5\data\browser\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\data\browser\uplaybrowser.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C3266D4-0DA1-415B-951B-7B5B050B16F1}" = Validity WBF DDK
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Mobile IO
"{3623E33A-6E9A-442F-9628-570C28E01EDF}" = HP 3D DriveGuard
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session IO
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFDADCB2-8C17-E480-A8D5-724CEA1F0676}" = AMD Drag and Drop Transcoding
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFD3F5C-DE64-442B-B3B7-37745D92AD6A}" = CNC4 Offline Patch
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{169ADA4A-8079-4CD8-8E20-030B1A54E552}" = CorelDRAW Graphics Suite X6 - DE
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}" = Sound Blaster Play!
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7F97F93E-13F6-495C-AF94-5A20337EADF1}" = CorelDRAW Graphics Suite X5 Activation
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.04
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
"{A71D76FD-DF5A-4380-9D0C-7B3FEB80DE4C}" = HP Documentation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = Catalyst Control Center
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"Assistant" = Assistant 5.05.013
"Audiograbber" = Audiograbber 1.83 SE
"CNC4 Offline Patch_is1" = CNC4 Offline Patch
"DAEMON Tools Lite" = DAEMON Tools Lite
"EADM" = EA Download Manager
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.24.412
"iLivid" = iLivid
"InfraRecorder" = InfraRecorder
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Guitar Rig Mobile IO" = Native Instruments Guitar Rig Mobile IO
"Native Instruments Guitar Rig Session IO" = Native Instruments Guitar Rig Session IO
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Editor 3" = PDF Editor 3
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Searchqu Toolbar" = Searchqu Toolbar
"Tennis Elbow 2011" = Tennis Elbow 2011 1.0
"Uplay" = Uplay
"VLC media player" = VLC media player 1.0.2
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.53
"wmlite2_is1" = Windows Media Lite 2.3.0
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1034800027-851193289-1642942954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"OmertaDemo" = Omerta City of Gangsters Demo
"Tropico 4" = Tropico 4 1.00
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.11.2012 05:46:05 | Computer Name = Media-HP | Source = Schedule | ID = 0
Description =
Error - 12.11.2012 05:47:05 | Computer Name = Media-HP | Source = SignInAssistant | ID = 0
Description =
Error - 12.11.2012 05:47:12 | Computer Name = Media-HP | Source = WcesComm | ID = 2
Description = IPv4-Fehler beim Starten des Diensts für Windows Mobile 2003-Geräteverbindungen.
(Die Daten enthalten den Fehlercode.)
Error - 12.11.2012 05:58:24 | Computer Name = Media-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80080005 Type:
88::UnexpectedError.
Error - 12.11.2012 08:29:44 | Computer Name = Media-HP | Source = SignInAssistant | ID = 0
Description =
Error - 12.11.2012 08:29:54 | Computer Name = Media-HP | Source = SignInAssistant | ID = 0
Description =
Error - 13.11.2012 06:32:58 | Computer Name = Media-HP | Source = Schedule | ID = 0
Description =
Error - 13.11.2012 06:33:52 | Computer Name = Media-HP | Source = WcesComm | ID = 2
Description = IPv4-Fehler beim Starten des Diensts für Windows Mobile 2003-Geräteverbindungen.
(Die Daten enthalten den Fehlercode.)
Error - 13.11.2012 06:33:59 | Computer Name = Media-HP | Source = SignInAssistant | ID = 0
Description =
Error - 13.11.2012 06:45:17 | Computer Name = Media-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80080005 Type:
88::UnexpectedError.
[ Hewlett-Packard Events ]
Error - 08.02.2012 20:10:12 | Computer Name = Media-HP | Source = Hewlett-Packard | ID = 0
Description =
Error - 21.03.2012 06:53:25 | Computer Name = Media-HP | Source = HPSFMsgr.exe | ID = 4000
Description =
Error - 21.03.2013 14:00:52 | Computer Name = Media-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy
angegeben ist. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 8139
Ram
Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 21.03.2013 14:12:35 | Computer Name = Media-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024846hpsa_service.exe bei interop.Scheduler.ITaskFolder.CreateFolder(String
subFolderName, Object sddl) bei HP.SupportAssistant.Service.Scheduler.TaskScheduler.createTask(Boolean
isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
_TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Message: Die
Anforderung wird nicht unterstützt. (Ausnahme von HRESULT: 0x80070032) StackTrace:
bei interop.Scheduler.ITaskFolder.CreateFolder(String subFolderName, Object sddl)
bei HP.SupportAssistant.Service.Scheduler.TaskScheduler.createTask(Boolean isAdmin,
String strName, String strDescription, String strStartTime, Int16 shrDOW, _TASK_TRIGGER_TYPE2
trigType, String strExePath, String strExeArgs) Source: interop.Scheduler Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 8139 Ram Utilization: 30 TargetSite: interop.Scheduler.ITaskFolder CreateFolder(System.String,
System.Object)
[ HP Software Framework Events ]
Error - 24.03.2012 15:41:41 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.03.24 20:41:41.709|0000282C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 24.03.2012 15:44:52 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.03.24 20:44:52.220|000009E0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 24.03.2012 15:44:55 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.03.24 20:44:55.290|00002C5C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 02.04.2012 12:17:26 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.04.02 18:17:26.584|000018AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.04.2012 11:35:16 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.04.10 17:35:16.853|00000DC4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.04.2012 11:56:37 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.04.10 17:56:37.469|00000428|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 14.04.2012 15:00:38 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2012.04.14 21:00:38.976|00001B1C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 21.03.2013 14:01:14 | Computer Name = Media-HP | Source = CaslWmi | ID = 5
Description = 2013.03.21 19:01:14.005|000006A4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ Spybot - Search and Destroy Events ]
Error - 02.02.2013 13:57:40 | Computer Name = Media-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 22.03.2013 09:27:15 | Computer Name = Media-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error - 22.03.2013 09:35:14 | Computer Name = Media-HP | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error - 22.03.2013 09:35:14 | Computer Name = Media-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error - 22.03.2013 09:35:44 | Computer Name = Media-HP | Source = DCOM | ID = 10010
Description =
Error - 22.03.2013 09:35:44 | Computer Name = Media-HP | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error - 22.03.2013 09:35:44 | Computer Name = Media-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error - 22.03.2013 09:36:14 | Computer Name = Media-HP | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error - 22.03.2013 09:36:14 | Computer Name = Media-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error - 22.03.2013 09:36:44 | Computer Name = Media-HP | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error - 22.03.2013 09:36:44 | Computer Name = Media-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: %%-2147014790.
< End of report >
|
|
22.03.2013, 15:33
| #29 | |
| /// TB-Ausbilder | weisser Bildschirm beim starten von Windows 7 (64 bit) Hallo Heiko, das ist relativ unauffällig bis hierhin. Bemerkst du denn irgendwelche Symptome oder ist alles ok? Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.03.2013, 19:11
| #30 |
| | weisser Bildschirm beim starten von Windows 7 (64 bit) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 18:14:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Media - MEDIA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Media\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Gelöscht mit Neustart : C:\Program Files (x86)\Searchqu Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Media\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Media\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Media\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Media\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Media\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Media\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Media\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Media\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Media\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Media\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ilivid
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\7oyn9x4c.default-1359405826157\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8qmpa8oz.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=");
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [14161 octets] - [22/03/2013 18:14:15]
########## EOF - C:\AdwCleaner[S1].txt - [14222 octets] ##########
|
|
| Themen zu weisser Bildschirm beim starten von Windows 7 (64 bit) |
| 64 bit, abgesicherte, abgesicherten, abgesicherten modus, arten, beim starten, bildschirm, gelangen, gen, gestern, hoffnung, modus, starte, starten, taste, versuch, versucht, weisse, weisser, weisser bildschirm, windows, windows 7 |
Linear-Darstellung
