| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Searchnu.com , wie kriege ich es weg? :((Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2013, 08:02
| #1 |
 |  Searchnu.com , wie kriege ich es weg? :(( Hallo zusammen!!  Ich traue mich ja kaum hier zu posten da ich erst vor einigen monaten schon mal hier war (mein problem wurde gelöst,  ) und nun habe ich wohl schon wieder etwas  seit einigen tagen erscheint als startseite und neuer tab immer: hxxp://www.searchnu.com/406?tag=newtab ich weiss nicht genau seit wann weil ich den pc selten nutze, habe dafür meinen lappy auf dem ich nie probleme habe! - scheinbar schafft es mein ex der ständig hier ist sich immer wieder etwas einzufangen obwohl ich ihm ausdrücklich gesagt habe bitte aufzupassen nachdem ich hier schonmal jemanden mit meinem damaligem problem 'gequält' habe. ich habe erst gedacht es sei ein addon oder so aber dann habe ich gelesen dass es scheinbar ein trojaner ist!? *heul* es gibt auch schon hier einen thread wie ich gesehen habe, aber man kann nicht einfach so die gleichen anweisungen befolgen oder!? es tut mir so leid dass ich wieder einen von euch belästigen muss, aber ich hoffe es kann mir jemand helfen das ding wieder loszuwerden *bitte bitte* ganz liebe grüsse Tina |
|
20.04.2013, 13:04
| #2 |
| /// TB-Ausbilder   |  Searchnu.com , wie kriege ich es weg? :(( Hi Tina,
__________________tönt halb so wild.. Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
20.04.2013, 17:51
| #3 |
| | Searchnu.com , wie kriege ich es weg? :(( Hey aharonov *wink*
__________________danke für deine antwort habe gerade alles fertig und poste dir die text dateien: log bom adw cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 20/04/2013 um 17:52:01 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Tini - TINI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tini\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Users\Tini\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Program Files\search results toolbar
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\simplytech
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\ecfa2ova.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn[...]
*************************
AdwCleaner[R1].txt - [51130 octets] - [07/12/2012 21:04:01]
AdwCleaner[S1].txt - [51041 octets] - [07/12/2012 21:20:38]
AdwCleaner[S2].txt - [6497 octets] - [20/04/2013 17:52:01]
########## EOF - C:\AdwCleaner[S2].txt - [6557 octets] ##########
log vom Otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/20/2013 5:59:08 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tini\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free 5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900.41 Gb Total Space | 816.71 Gb Free Space | 90.70% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.23 Gb Free Space | 34.11% Space Free | Partition Type: NTFS Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/20 17:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Downloads\OTL.exe PRC - [2013/02/02 00:20:06 | 000,865,792 | ---- | M] () -- C:\Users\Tini\AppData\Local\Temp\OCS\Downloads\dab836309080449dfddf3bb5619b7b53\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/15 18:08:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012/09/24 14:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2012/07/02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012/07/02 17:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/08 19:15:06 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe PRC - [2009/12/29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/07/14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009/07/02 03:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2009/07/02 03:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/07/02 03:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013/04/16 10:33:47 | 000,474,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SoftwareUpdater\SystemStore.exe -- (SystemStoreService) SRV - [2013/04/12 07:23:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/03/13 19:32:47 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/02 00:20:06 | 000,865,792 | ---- | M] () [Auto | Running] -- C:\Users\Tini\AppData\Local\Temp\OCS\Downloads\dab836309080449dfddf3bb5619b7b53\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper) SRV - [2012/11/15 18:08:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2012/09/24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012/09/24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/07/02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/04 01:03:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - [2012/11/15 18:12:22 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/11/15 18:12:22 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012/10/10 18:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012/10/10 18:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2011/12/16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/22 04:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/01/07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/12/31 03:35:54 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/22 11:43:31] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerCinema Movie\000.fcl -- ({60DB6561-0A84-4c94-AF33-288405CFD56D}) DRV - [2009/12/22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009/12/03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/10/29 20:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009/10/29 20:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009/10/13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/07/01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Tini\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/09 21:32:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/12/20 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/20 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/12/20 20:48:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\Tini\AppData\Roaming\Helper [2013/02/02 00:23:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 07:23:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 07:23:15 | 000,000,000 | ---D | M] [2013/04/15 10:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions [2013/04/16 10:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions [2013/02/23 20:55:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/04/12 21:36:11 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions\battlefieldheroespatcher@ea.com [2012/12/13 21:32:36 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\firefox\profiles\ecfa2ova.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2013/04/15 10:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/04/12 07:23:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/18 11:21:04 | 000,170,592 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013/02/04 08:15:55 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/02/04 08:15:55 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/04 08:15:55 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/02/04 08:15:55 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/02 00:20:24 | 000,001,279 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/02/04 08:15:55 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/12/08 10:10:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000..\Run: [Steam] C:\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18FB4348-A233-4652-9588-6B0492EB5C9F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA6FBA5-A79C-4CC1-9878-85963AFB2B96}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/16 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Local\Freetec [2013/04/16 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Free YouTube Download Manager [2013/04/16 10:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013/04/16 10:31:00 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Local\DownloadGuide [2013/04/15 10:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr [2013/04/12 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Battlefield Heroes [2013/04/12 21:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013/04/12 21:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2013/04/12 19:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment [2013/04/12 19:37:38 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment [2013/04/12 19:25:24 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment [2013/04/12 19:22:23 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2013/04/12 07:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/10 22:18:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/10 22:18:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/10 22:18:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/10 22:18:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/10 22:18:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/04/10 22:18:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/04/10 22:18:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/04/10 22:18:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/04/10 20:10:59 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/10 20:10:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/10 20:10:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/10 20:10:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/04/10 18:53:53 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\TuneUp Software [2013/04/10 18:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/04/10 18:53:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/04/10 18:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013/04/10 18:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013/04/10 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Tini\Desktop\PWI_v699_Installer [2013/04/09 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013/03/30 08:29:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\%Report% [2013/03/29 23:57:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/03/25 18:01:54 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\TeamViewer [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Tini\*.tmp files -> C:\Users\Tini\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/20 18:01:17 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/20 18:01:17 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/20 18:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/04/20 17:59:11 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/04/20 17:59:11 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/20 17:59:11 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/04/20 17:59:11 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/20 17:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/20 17:53:26 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013/04/20 17:52:18 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/20 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/17 22:51:45 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013/04/17 22:46:44 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013/04/17 21:53:50 | 000,139,648 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013/04/16 10:31:35 | 000,000,134 | ---- | M] () -- C:\Users\Tini\Desktop\Deezer.url [2013/04/12 21:44:27 | 000,138,056 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\PnkBstrK.sys [2013/04/12 19:37:53 | 000,001,178 | ---- | M] () -- C:\Users\Tini\Desktop\Perfect World International.lnk [2013/04/12 09:33:24 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2013/04/11 05:25:09 | 000,289,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/10 18:53:00 | 000,001,360 | ---- | M] () -- C:\Users\Tini\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/09 21:28:49 | 000,000,000 | ---- | M] () -- C:\Users\Tini\__ng3d.lock [2013/04/09 21:10:08 | 000,000,202 | ---- | M] () -- C:\Users\Tini\Desktop\Champions of Regnum.url [2013/04/09 06:04:51 | 400,744,936 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/24 22:02:17 | 000,000,993 | ---- | M] () -- C:\Users\Tini\Desktop\WinDirStat.lnk [2013/03/24 20:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Tini\AppData\Local\resmon.resmoncfg [2013/03/24 19:02:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\mbamswissarmy.sys [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Tini\*.tmp files -> C:\Users\Tini\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/20 17:52:09 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/16 10:33:22 | 000,016,384 | ---- | C] () -- C:\Windows\Launcher.exe [2013/04/16 10:31:35 | 000,000,134 | ---- | C] () -- C:\Users\Tini\Desktop\Deezer.url [2013/04/12 21:44:28 | 000,139,648 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013/04/12 21:44:11 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013/04/12 21:44:08 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013/04/12 19:57:59 | 000,001,122 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/04/12 19:37:53 | 000,001,178 | ---- | C] () -- C:\Users\Tini\Desktop\Perfect World International.lnk [2013/04/10 18:53:00 | 000,001,360 | ---- | C] () -- C:\Users\Tini\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/09 21:28:49 | 000,000,000 | ---- | C] () -- C:\Users\Tini\__ng3d.lock [2013/04/09 21:10:08 | 000,000,202 | ---- | C] () -- C:\Users\Tini\Desktop\Champions of Regnum.url [2013/03/24 22:02:17 | 000,000,993 | ---- | C] () -- C:\Users\Tini\Desktop\WinDirStat.lnk [2013/03/24 19:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/02/02 00:20:08 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2013/01/31 15:37:26 | 000,023,584 | ---- | C] () -- C:\Windows\War3Unin.dat [2013/01/19 18:41:04 | 000,138,056 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\PnkBstrK.sys [2012/07/04 10:37:23 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012/03/24 12:27:57 | 000,000,000 | ---- | C] () -- C:\Users\Tini\AppData\Local\resmon.resmoncfg [2012/02/17 19:06:12 | 000,000,624 | ---- | C] () -- C:\Windows\eReg.dat [2012/02/15 22:30:29 | 000,347,472 | ---- | C] () -- C:\Users\Tini\AppData\Local\MB.SAV [2012/01/19 19:44:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/10/12 19:40:30 | 000,005,632 | ---- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/02 23:55:09 | 000,017,408 | ---- | C] () -- C:\Users\Tini\AppData\Local\WebpageIcons.db [2011/06/08 23:49:42 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/20/2013 5:59:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tini\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free
5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900.41 Gb Total Space | 816.71 Gb Free Space | 90.70% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.23 Gb Free Space | 34.11% Space Free | Partition Type: NTFS
Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B66BA7-7313-4F1B-BF12-3BCBE1F23A03}" = lport=137 | protocol=17 | dir=in | app=system |
"{14482380-1C2C-4FCF-AB6D-72B714F98F5C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{22DBE5F4-FABC-4091-99F5-E5603BAED2DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22EC563F-A530-4147-BBA9-50A4CBB22FA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2885682F-D4E9-446D-8C20-02D9B817CD59}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D6171EC-D1A7-4A25-80D1-B0DC6115BD7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E81D8A9-73D7-49B0-A812-CD1E341C96C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{36E49077-75DF-4C48-A8A0-48082AB8210B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4218BF11-0466-49A7-B672-4FF5BC762B73}" = lport=139 | protocol=6 | dir=in | app=system |
"{5296EA67-B982-48D5-9030-57EC7616461E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{64B5DE84-1C17-4C6A-968A-AD8A322FAAFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{695FF718-853C-41C6-A44B-F0345A94270E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{71DE3893-88AC-4B2D-ABBC-8B1A3F896EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B35D43D-4C39-4238-B471-1F8EDD8E6E90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B78F9A0-57F0-4E6E-9B4D-2F81CAFE8DB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F0A4F15-7330-4756-B59D-95FE3B129D04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C1E297D-E260-4718-8C77-1A72FECA8884}" = rport=137 | protocol=17 | dir=out | app=system |
"{8D909FB4-3E35-4527-9F5B-BE681967A32F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3676597-BE3E-4ACD-8E05-B0EA62050DFD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5FDC51E-8A17-49AE-954B-EF34F9E6B01A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEBA1A77-D360-4C08-9E48-BC24AAC24D7E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B36D696F-A9B2-40E0-A375-A1F6792752B2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C688A4D6-5925-4B9E-9335-7E4DD6C10925}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDAC8DBA-ED4E-448C-8E4B-2DC9147A009F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D6CBB05B-4AD5-4110-8192-0E5C23BB9F8C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{DDCC2E78-B1BC-45D1-A5DF-655516479917}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE5B441E-8D5A-4EDD-AD83-1A4B6DC40ACD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F78E6D00-A235-4236-9FAC-717C0334A2DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB45BDA9-E58D-4941-A902-0A6D26FECD79}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CC00EB-15BC-489C-9F65-97EB76F2ED93}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0E205A1F-7B4D-4880-967A-656C2CCBF713}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe |
"{0E4BF218-D8B7-4765-8D7A-14D51769761A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{12375C0E-B102-4188-8F1A-1E2C33C0EBD1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{16692856-EDFA-4DA9-831B-ED956197DBB0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1728E32E-3129-48E5-9FA9-6E484810CBEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A275D4D-4C83-417A-97CF-E46E02EFE0B0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{1BA58D5D-AB49-459A-BDEF-5BA79B2F2F63}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{1CE96BC5-722C-4AE7-BB58-63400AE6E441}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{1D47CD3A-797C-4716-8D8F-7D1DF37FE31B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{205EFAE2-DE2A-40B3-89F0-A2B341CE0A39}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{2306076A-26F6-4A3D-8784-5761A1B444BF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{253C9EB5-389B-4735-A4A9-83D2F5D70FC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29A33729-F7F8-48EC-B59F-753C08769FED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{2C6AF0BF-DDD4-4CFB-82A9-1018628EAB98}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{2CD68159-0DCA-4F92-9C72-56C2C0235445}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{2FD99BF1-616F-4980-9531-3B24002422CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\everquest 2\launchpad.exe |
"{33E4CEBA-43E3-48E8-8F9A-1FEF2210544F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\aoeonline.exe |
"{351EDA4A-2AD0-4E15-8DEC-0C354B7DD295}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3A9C7AD5-8E36-4246-A8D1-0E7790011FEA}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{3C5B610A-8F10-4B34-9153-446D510582AF}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{3F133E00-2929-40BC-930B-FFA10E9B1E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43B867BA-3506-4306-8268-8AD04734A9F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{486A3686-1F14-4C02-A3DB-1CAE86D5548A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51BFFB9D-CE17-4943-A504-0DD09A8C1485}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{5213E768-814F-4042-8FEA-ABE7B3A01614}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe |
"{52C004FF-4547-4F77-9681-9057015E079F}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{53B01539-20BA-45DA-BA9C-57203CD9AA96}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{55852BF9-9791-4358-8F22-905045F28805}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{58D7BAC7-4713-42F0-BC0E-1E5CB537F66A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{592B5C88-F865-491C-B151-925A6679DEA8}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{5CC70368-7173-45B4-B8A7-3C4D2264B926}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{5D3B5954-7223-45A8-86C3-2749454065C2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe |
"{5DAC09AE-9C13-4D3F-8A31-7C9EFA65135A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5ED77807-1652-4B9D-A417-1F9CFCA507A9}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{608681DC-2D3E-41CB-B4BF-11A8FD131F34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65F34A66-06CC-45A2-A95A-70BC4219E888}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{67E5746D-D0BE-4CDE-91C5-496C64D0A255}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{6A26E274-A70E-4737-8E13-8BA76C354CEB}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{6CFA5D63-88A9-4542-B08F-4BDEEAF6E3F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{7507B783-D147-4145-9F7C-261272A2B713}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"{75587CFF-39A7-434A-8594-9FFAC1BEE36D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{763C0A53-6101-4965-BDF3-FC4023682479}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{78AF9FA4-59C4-4127-975B-533D5FC91416}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{7B7DCE9A-4CF3-455B-A53A-C4EBC73962E3}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{7CC28C12-E482-4BBD-96B8-7185635D51F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CF47E76-AA46-4F53-8E0C-F444946178DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8047F2D9-96F2-4D14-92DF-35242A854325}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{805792CE-0DD1-4535-8B45-4C62C5CDCE36}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{88014E47-3ADB-406B-9A4E-A6EF17619B53}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8816C4E1-0728-4DD4-BA4C-5D767757E0AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DA96D4B-EA4E-4309-9234-DCB9233D82F4}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{90C0943C-0EBC-43A5-98BF-6C8D2F60FCF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{91F4775C-8AFE-4B2D-97C5-42F9FC7D0AC8}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{92FA78DF-04AC-4E23-BF28-25EBBE8EEFCF}" = protocol=6 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"{93227524-44BD-4AF3-B27C-FAC485572935}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{947258C2-75DB-4DDE-92F2-CA0ADE9848D5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9617CA2F-65B6-4371-96E2-00E790630CDF}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\regnum\rolaunchersteam.exe |
"{992CA517-D66C-437A-AD0F-778A2BE3FBBE}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{9A045F59-09AC-49AA-A8B3-D81C5F224933}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A0E14968-0601-4DA8-9798-0B8C334095E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A685E491-B911-4B98-A67E-816716D220F3}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{AC007553-73AA-4F0A-AC37-70DA537BF858}" = protocol=17 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"{ADCA0B4C-CA9B-4A1A-AEAB-D787442A1E06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1EFAA6F-1F87-401E-B13C-85D5D7678B56}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B40D7CCE-FE00-45A7-806F-3820A262B9C6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B88AA1BA-F925-4634-8060-5C9363707F0E}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{B9E93C6D-6EE1-49DC-A7A3-1BA6EB5C2C18}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe |
"{BA26000A-3050-4612-A12F-D93991922EE7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{BC0E86CD-974A-4787-B811-4C31D646824B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{BEDEF5DC-A375-4D6A-A02A-F368C430EA10}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{C0015075-E31D-426D-96BB-CB2487CF509E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C0A5606D-56DE-4790-BB11-958780FDDC9D}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{C3E658BF-91A5-4314-8FAB-7538AA61E7F5}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{C434B20F-3860-476E-8837-4ACEA143555C}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C4E2A564-4256-49AB-B384-6457E340AB17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{C7296F54-610A-4955-851E-0357DB8CD7C7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C8A26337-BC80-4628-9F94-A687C5D21697}" = protocol=6 | dir=out | app=system |
"{CBADF560-8DCE-4362-9376-3D2CB1FE9B89}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{CD57042C-F516-4ED2-A83C-E583AEB8945E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\everquest 2\launchpad.exe |
"{D46467A4-B089-404E-BD7A-883E50471182}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\aoeonline.exe |
"{D4CB2363-546C-4F75-A526-010648A01965}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D639DD0B-407F-424D-B1CB-2653BA7C6DF2}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{DB7CF3F1-1545-4CFD-950A-1AD4B06F94A9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DD28CF10-A7F6-4943-A1A0-9DE8E1E6D9D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE1862E2-8815-41A6-BE0C-928C041C6F98}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{DEABD82F-187D-43E3-BC02-08378859EC8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DFED47F8-1650-4B0F-8FAC-521BA7465E0A}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\regnum\rolaunchersteam.exe |
"{E1742B39-B160-45E0-9B43-E2E586018147}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{E3F61A76-FF0C-4595-917E-CA9C80494444}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{E4DF51E3-10C0-43AA-A564-8A441CB51EBE}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\regnum\liveserver\roclientgame.exe |
"{EBE86853-268F-4BA0-8138-2F51591CC806}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{ED8CD9E9-030B-4C30-A72C-DAFC9DBCE7DE}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"{EEE54435-263D-4AE8-BDE3-85BD6F0AE6C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF907E8A-F88C-401D-A67F-907C2CFD7E9C}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{F5D9781E-7635-4046-85B4-AB7A22598398}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe |
"{F6B11279-C82D-4795-A7B2-B8130D0AC9EE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe |
"{F6E5FC8A-040E-46AB-991D-BAB48485DF65}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{F7A4D3CD-34C0-4B6A-96DA-F8AE264CC6A1}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\regnum\liveserver\roclientgame.exe |
"{FD4861C3-0EFF-4725-A2B1-74CA562694C4}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{FDC1B88A-EFFE-433F-8F03-D09530D5AC81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEB4390E-3AF6-4CC4-A513-52BC638B681A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{FFDAE163-03D5-4641-B1D9-25B96D96C1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0D1AA4CC-3729-4D0D-B602-D6EEA0C1E0E1}C:\users\tini\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"TCP Query User{1815542A-BED2-4945-A027-C723B41077ED}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{214CB451-1630-4914-856F-C6826B87EBD5}C:\program files\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{4D1D3C59-59A4-434C-B0DF-7F22896006A0}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{5FDA9D05-E793-48DB-B4E2-DF22374C02CE}C:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{62D2B7C4-64A0-44EF-8FC9-C154309339F0}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"TCP Query User{72F5A3E0-0AA6-4C2E-949E-8EB0BEA28C8C}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{7EB60670-F12E-447B-82C2-1812728F135D}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{8CAC37AE-A09C-420B-9816-E4EDC49060CF}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{930FC4A6-05D9-4DE4-A66F-3ECE4094FFD7}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{AA73F872-EF98-4840-AA6E-BB046F4E0518}C:\users\tini\desktop\dasdasds\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\dasdasds\gamin16\gameunp.exe |
"TCP Query User{C966D39A-A67C-4933-8C37-02364F3EE75E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{E7BD5CAB-A26A-4B48-9A68-EC7DE1A50A4B}C:\users\tini\desktop\fas\mohaa.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\fas\mohaa.exe |
"TCP Query User{EDFB6F9D-2324-4EDB-A16C-652DA6426A64}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{05556BDC-A88D-4E88-B639-6AD9F1A25F41}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{07DAD139-B668-402D-B088-86CBAF148B60}C:\users\tini\desktop\fas\mohaa.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\fas\mohaa.exe |
"UDP Query User{095CFD2C-5329-4399-BB73-899A1DF61680}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{16B12535-07B0-46F5-8AC6-AD0B08599A23}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"UDP Query User{1CE27168-27A8-450D-848F-D4C37E73BB56}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{4F2B2E39-5DE2-4EB4-B73D-8203E65AB06C}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{5B6899ED-5FDC-4547-BE1F-A5C85BB751C7}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{70F9394A-9005-4A43-8DEC-A25856D8F75C}C:\users\tini\desktop\dasdasds\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\dasdasds\gamin16\gameunp.exe |
"UDP Query User{741F7D9D-65D3-4A8B-BF01-9D4834CD83EB}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{78552178-392E-4286-A43F-43286E63EE10}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{992FCF26-16D8-4A52-8D09-84C30B8B0389}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{9DBB179E-2844-4BE8-AFD9-852ED8708A0E}C:\program files\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{CB94C7FB-B7D5-47BC-869E-33583BE9741E}C:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{F587A60A-9FCF-4CA8-8227-0753D8A39A83}C:\users\tini\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B2B9AA2-1139-4B44-8539-39A0C4EDF608}" = NextWindow Drivers
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7507C3-DF2B-4740-8700-8227C2C7AE81}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BrothersInArms" = Brothers In Arms
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Giraffic" = Veoh Giraffic Video Accelerator
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Steam App 222520" = Champions of Regnum
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.2
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/1/2013 11:00:03 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6287
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10967
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10967
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15725
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15725
Error - 2/4/2013 1:52:03 PM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/4/2013 1:53:51 PM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13151
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13151
Error - 2/6/2013 2:27:26 AM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/6/2013 2:28:42 AM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 4/13/2013 4:54:12 AM | Computer Name = Tini-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 4/13/2013 5:00:45 AM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/13/2013 7:09:24 AM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/15/2013 8:12:41 AM | Computer Name = Tini-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{18FB4348-A233-4652-9588-6B0492EB5C9F} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 4/15/2013 2:28:37 PM | Computer Name = Tini-PC | Source = BROWSER | ID = 8032
Description =
Error - 4/16/2013 2:00:38 PM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 4/18/2013 12:15:38 PM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 4/18/2013 2:15:07 PM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/20/2013 8:02:13 AM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 4/20/2013 11:52:38 AM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
|
|
20.04.2013, 17:52
| #4 |
| | Searchnu.com , wie kriege ich es weg? :(( Hey aharonov *wink* danke für deine antwort habe gerade alles fertig und poste dir die text dateien: log bom adw cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 20/04/2013 um 17:52:01 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Tini - TINI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tini\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Users\Tini\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Program Files\search results toolbar
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tini\AppData\LocalLow\simplytech
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Tini\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=7da3a144-a723-48d6-b868-212bbf8a9f01&searchtype=ds&q={searchTerms}&installDate=10/04/2013 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\ecfa2ova.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn[...]
*************************
AdwCleaner[R1].txt - [51130 octets] - [07/12/2012 21:04:01]
AdwCleaner[S1].txt - [51041 octets] - [07/12/2012 21:20:38]
AdwCleaner[S2].txt - [6497 octets] - [20/04/2013 17:52:01]
########## EOF - C:\AdwCleaner[S2].txt - [6557 octets] ##########
log vom Otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/20/2013 5:59:08 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tini\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free 5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900.41 Gb Total Space | 816.71 Gb Free Space | 90.70% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.23 Gb Free Space | 34.11% Space Free | Partition Type: NTFS Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/20 17:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Downloads\OTL.exe PRC - [2013/02/02 00:20:06 | 000,865,792 | ---- | M] () -- C:\Users\Tini\AppData\Local\Temp\OCS\Downloads\dab836309080449dfddf3bb5619b7b53\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/15 18:08:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012/09/24 14:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2012/07/02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012/07/02 17:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/08 19:15:06 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe PRC - [2009/12/29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/07/14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009/07/02 03:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2009/07/02 03:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/07/02 03:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013/04/16 10:33:47 | 000,474,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SoftwareUpdater\SystemStore.exe -- (SystemStoreService) SRV - [2013/04/12 07:23:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/03/13 19:32:47 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/02 00:20:06 | 000,865,792 | ---- | M] () [Auto | Running] -- C:\Users\Tini\AppData\Local\Temp\OCS\Downloads\dab836309080449dfddf3bb5619b7b53\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper) SRV - [2012/11/15 18:08:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2012/09/24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012/09/24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/07/02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/04 01:03:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - [2012/11/15 18:12:22 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/11/15 18:12:22 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012/10/10 18:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012/10/10 18:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2011/12/16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/22 04:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/01/07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/12/31 03:35:54 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/22 11:43:31] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerCinema Movie\000.fcl -- ({60DB6561-0A84-4c94-AF33-288405CFD56D}) DRV - [2009/12/22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009/12/03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/10/29 20:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009/10/29 20:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009/10/13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/07/01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Tini\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/09 21:32:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/12/20 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/20 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/12/20 20:48:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\Tini\AppData\Roaming\Helper [2013/02/02 00:23:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 07:23:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 07:23:15 | 000,000,000 | ---D | M] [2013/04/15 10:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions [2013/04/16 10:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions [2013/02/23 20:55:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/04/12 21:36:11 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions\battlefieldheroespatcher@ea.com [2012/12/13 21:32:36 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\firefox\profiles\ecfa2ova.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2013/04/15 10:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/04/12 07:23:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/18 11:21:04 | 000,170,592 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013/02/04 08:15:55 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/02/04 08:15:55 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/04 08:15:55 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/02/04 08:15:55 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/02 00:20:24 | 000,001,279 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/02/04 08:15:55 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/12/08 10:10:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000..\Run: [Steam] C:\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18FB4348-A233-4652-9588-6B0492EB5C9F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA6FBA5-A79C-4CC1-9878-85963AFB2B96}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/16 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Local\Freetec [2013/04/16 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Free YouTube Download Manager [2013/04/16 10:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013/04/16 10:31:00 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Local\DownloadGuide [2013/04/15 10:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr [2013/04/12 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Battlefield Heroes [2013/04/12 21:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013/04/12 21:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2013/04/12 19:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment [2013/04/12 19:37:38 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment [2013/04/12 19:25:24 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment [2013/04/12 19:22:23 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2013/04/12 07:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/10 22:18:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/10 22:18:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/10 22:18:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/10 22:18:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/10 22:18:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/04/10 22:18:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/04/10 22:18:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/04/10 22:18:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/04/10 20:10:59 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/10 20:10:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/10 20:10:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/10 20:10:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/04/10 18:53:53 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\TuneUp Software [2013/04/10 18:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/04/10 18:53:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/04/10 18:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013/04/10 18:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013/04/10 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Tini\Desktop\PWI_v699_Installer [2013/04/09 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013/03/30 08:29:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\%Report% [2013/03/29 23:57:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/03/25 18:01:54 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\TeamViewer [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/03/24 22:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Tini\*.tmp files -> C:\Users\Tini\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/20 18:01:17 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/20 18:01:17 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/20 18:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/04/20 17:59:11 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/04/20 17:59:11 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/20 17:59:11 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/04/20 17:59:11 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/20 17:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/20 17:53:26 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013/04/20 17:52:18 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/20 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/17 22:51:45 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013/04/17 22:46:44 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013/04/17 21:53:50 | 000,139,648 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013/04/16 10:31:35 | 000,000,134 | ---- | M] () -- C:\Users\Tini\Desktop\Deezer.url [2013/04/12 21:44:27 | 000,138,056 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\PnkBstrK.sys [2013/04/12 19:37:53 | 000,001,178 | ---- | M] () -- C:\Users\Tini\Desktop\Perfect World International.lnk [2013/04/12 09:33:24 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2013/04/11 05:25:09 | 000,289,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/10 18:53:00 | 000,001,360 | ---- | M] () -- C:\Users\Tini\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/09 21:28:49 | 000,000,000 | ---- | M] () -- C:\Users\Tini\__ng3d.lock [2013/04/09 21:10:08 | 000,000,202 | ---- | M] () -- C:\Users\Tini\Desktop\Champions of Regnum.url [2013/04/09 06:04:51 | 400,744,936 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/03/24 22:02:17 | 000,000,993 | ---- | M] () -- C:\Users\Tini\Desktop\WinDirStat.lnk [2013/03/24 20:42:00 | 000,000,000 | ---- | M] () -- C:\Users\Tini\AppData\Local\resmon.resmoncfg [2013/03/24 19:02:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\mbamswissarmy.sys [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Tini\*.tmp files -> C:\Users\Tini\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/20 17:52:09 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/16 10:33:22 | 000,016,384 | ---- | C] () -- C:\Windows\Launcher.exe [2013/04/16 10:31:35 | 000,000,134 | ---- | C] () -- C:\Users\Tini\Desktop\Deezer.url [2013/04/12 21:44:28 | 000,139,648 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013/04/12 21:44:11 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013/04/12 21:44:08 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013/04/12 19:57:59 | 000,001,122 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/04/12 19:37:53 | 000,001,178 | ---- | C] () -- C:\Users\Tini\Desktop\Perfect World International.lnk [2013/04/10 18:53:00 | 000,001,360 | ---- | C] () -- C:\Users\Tini\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/09 21:28:49 | 000,000,000 | ---- | C] () -- C:\Users\Tini\__ng3d.lock [2013/04/09 21:10:08 | 000,000,202 | ---- | C] () -- C:\Users\Tini\Desktop\Champions of Regnum.url [2013/03/24 22:02:17 | 000,000,993 | ---- | C] () -- C:\Users\Tini\Desktop\WinDirStat.lnk [2013/03/24 19:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/02/02 00:20:08 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2013/01/31 15:37:26 | 000,023,584 | ---- | C] () -- C:\Windows\War3Unin.dat [2013/01/19 18:41:04 | 000,138,056 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\PnkBstrK.sys [2012/07/04 10:37:23 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012/03/24 12:27:57 | 000,000,000 | ---- | C] () -- C:\Users\Tini\AppData\Local\resmon.resmoncfg [2012/02/17 19:06:12 | 000,000,624 | ---- | C] () -- C:\Windows\eReg.dat [2012/02/15 22:30:29 | 000,347,472 | ---- | C] () -- C:\Users\Tini\AppData\Local\MB.SAV [2012/01/19 19:44:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/10/12 19:40:30 | 000,005,632 | ---- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/02 23:55:09 | 000,017,408 | ---- | C] () -- C:\Users\Tini\AppData\Local\WebpageIcons.db [2011/06/08 23:49:42 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/20/2013 5:59:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tini\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free
5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900.41 Gb Total Space | 816.71 Gb Free Space | 90.70% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.23 Gb Free Space | 34.11% Space Free | Partition Type: NTFS
Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B66BA7-7313-4F1B-BF12-3BCBE1F23A03}" = lport=137 | protocol=17 | dir=in | app=system |
"{14482380-1C2C-4FCF-AB6D-72B714F98F5C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{22DBE5F4-FABC-4091-99F5-E5603BAED2DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22EC563F-A530-4147-BBA9-50A4CBB22FA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2885682F-D4E9-446D-8C20-02D9B817CD59}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D6171EC-D1A7-4A25-80D1-B0DC6115BD7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E81D8A9-73D7-49B0-A812-CD1E341C96C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{36E49077-75DF-4C48-A8A0-48082AB8210B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4218BF11-0466-49A7-B672-4FF5BC762B73}" = lport=139 | protocol=6 | dir=in | app=system |
"{5296EA67-B982-48D5-9030-57EC7616461E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{64B5DE84-1C17-4C6A-968A-AD8A322FAAFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{695FF718-853C-41C6-A44B-F0345A94270E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{71DE3893-88AC-4B2D-ABBC-8B1A3F896EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B35D43D-4C39-4238-B471-1F8EDD8E6E90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B78F9A0-57F0-4E6E-9B4D-2F81CAFE8DB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F0A4F15-7330-4756-B59D-95FE3B129D04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C1E297D-E260-4718-8C77-1A72FECA8884}" = rport=137 | protocol=17 | dir=out | app=system |
"{8D909FB4-3E35-4527-9F5B-BE681967A32F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3676597-BE3E-4ACD-8E05-B0EA62050DFD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5FDC51E-8A17-49AE-954B-EF34F9E6B01A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEBA1A77-D360-4C08-9E48-BC24AAC24D7E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B36D696F-A9B2-40E0-A375-A1F6792752B2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C688A4D6-5925-4B9E-9335-7E4DD6C10925}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDAC8DBA-ED4E-448C-8E4B-2DC9147A009F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D6CBB05B-4AD5-4110-8192-0E5C23BB9F8C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{DDCC2E78-B1BC-45D1-A5DF-655516479917}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE5B441E-8D5A-4EDD-AD83-1A4B6DC40ACD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F78E6D00-A235-4236-9FAC-717C0334A2DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB45BDA9-E58D-4941-A902-0A6D26FECD79}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CC00EB-15BC-489C-9F65-97EB76F2ED93}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0E205A1F-7B4D-4880-967A-656C2CCBF713}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe |
"{0E4BF218-D8B7-4765-8D7A-14D51769761A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{12375C0E-B102-4188-8F1A-1E2C33C0EBD1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{16692856-EDFA-4DA9-831B-ED956197DBB0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1728E32E-3129-48E5-9FA9-6E484810CBEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A275D4D-4C83-417A-97CF-E46E02EFE0B0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{1BA58D5D-AB49-459A-BDEF-5BA79B2F2F63}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{1CE96BC5-722C-4AE7-BB58-63400AE6E441}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{1D47CD3A-797C-4716-8D8F-7D1DF37FE31B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{205EFAE2-DE2A-40B3-89F0-A2B341CE0A39}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{2306076A-26F6-4A3D-8784-5761A1B444BF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{253C9EB5-389B-4735-A4A9-83D2F5D70FC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29A33729-F7F8-48EC-B59F-753C08769FED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{2C6AF0BF-DDD4-4CFB-82A9-1018628EAB98}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{2CD68159-0DCA-4F92-9C72-56C2C0235445}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{2FD99BF1-616F-4980-9531-3B24002422CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\everquest 2\launchpad.exe |
"{33E4CEBA-43E3-48E8-8F9A-1FEF2210544F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\aoeonline.exe |
"{351EDA4A-2AD0-4E15-8DEC-0C354B7DD295}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3A9C7AD5-8E36-4246-A8D1-0E7790011FEA}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{3C5B610A-8F10-4B34-9153-446D510582AF}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{3F133E00-2929-40BC-930B-FFA10E9B1E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43B867BA-3506-4306-8268-8AD04734A9F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{486A3686-1F14-4C02-A3DB-1CAE86D5548A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51BFFB9D-CE17-4943-A504-0DD09A8C1485}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{5213E768-814F-4042-8FEA-ABE7B3A01614}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe |
"{52C004FF-4547-4F77-9681-9057015E079F}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{53B01539-20BA-45DA-BA9C-57203CD9AA96}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{55852BF9-9791-4358-8F22-905045F28805}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{58D7BAC7-4713-42F0-BC0E-1E5CB537F66A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{592B5C88-F865-491C-B151-925A6679DEA8}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{5CC70368-7173-45B4-B8A7-3C4D2264B926}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{5D3B5954-7223-45A8-86C3-2749454065C2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe |
"{5DAC09AE-9C13-4D3F-8A31-7C9EFA65135A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5ED77807-1652-4B9D-A417-1F9CFCA507A9}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{608681DC-2D3E-41CB-B4BF-11A8FD131F34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65F34A66-06CC-45A2-A95A-70BC4219E888}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{67E5746D-D0BE-4CDE-91C5-496C64D0A255}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{6A26E274-A70E-4737-8E13-8BA76C354CEB}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{6CFA5D63-88A9-4542-B08F-4BDEEAF6E3F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{7507B783-D147-4145-9F7C-261272A2B713}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"{75587CFF-39A7-434A-8594-9FFAC1BEE36D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{763C0A53-6101-4965-BDF3-FC4023682479}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{78AF9FA4-59C4-4127-975B-533D5FC91416}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{7B7DCE9A-4CF3-455B-A53A-C4EBC73962E3}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{7CC28C12-E482-4BBD-96B8-7185635D51F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CF47E76-AA46-4F53-8E0C-F444946178DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8047F2D9-96F2-4D14-92DF-35242A854325}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{805792CE-0DD1-4535-8B45-4C62C5CDCE36}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{88014E47-3ADB-406B-9A4E-A6EF17619B53}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8816C4E1-0728-4DD4-BA4C-5D767757E0AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DA96D4B-EA4E-4309-9234-DCB9233D82F4}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{90C0943C-0EBC-43A5-98BF-6C8D2F60FCF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{91F4775C-8AFE-4B2D-97C5-42F9FC7D0AC8}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{92FA78DF-04AC-4E23-BF28-25EBBE8EEFCF}" = protocol=6 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"{93227524-44BD-4AF3-B27C-FAC485572935}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{947258C2-75DB-4DDE-92F2-CA0ADE9848D5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9617CA2F-65B6-4371-96E2-00E790630CDF}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\regnum\rolaunchersteam.exe |
"{992CA517-D66C-437A-AD0F-778A2BE3FBBE}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{9A045F59-09AC-49AA-A8B3-D81C5F224933}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A0E14968-0601-4DA8-9798-0B8C334095E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A685E491-B911-4B98-A67E-816716D220F3}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{AC007553-73AA-4F0A-AC37-70DA537BF858}" = protocol=17 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"{ADCA0B4C-CA9B-4A1A-AEAB-D787442A1E06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1EFAA6F-1F87-401E-B13C-85D5D7678B56}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B40D7CCE-FE00-45A7-806F-3820A262B9C6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B88AA1BA-F925-4634-8060-5C9363707F0E}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{B9E93C6D-6EE1-49DC-A7A3-1BA6EB5C2C18}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe |
"{BA26000A-3050-4612-A12F-D93991922EE7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{BC0E86CD-974A-4787-B811-4C31D646824B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{BEDEF5DC-A375-4D6A-A02A-F368C430EA10}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{C0015075-E31D-426D-96BB-CB2487CF509E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C0A5606D-56DE-4790-BB11-958780FDDC9D}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{C3E658BF-91A5-4314-8FAB-7538AA61E7F5}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{C434B20F-3860-476E-8837-4ACEA143555C}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C4E2A564-4256-49AB-B384-6457E340AB17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{C7296F54-610A-4955-851E-0357DB8CD7C7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C8A26337-BC80-4628-9F94-A687C5D21697}" = protocol=6 | dir=out | app=system |
"{CBADF560-8DCE-4362-9376-3D2CB1FE9B89}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{CD57042C-F516-4ED2-A83C-E583AEB8945E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\everquest 2\launchpad.exe |
"{D46467A4-B089-404E-BD7A-883E50471182}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\aoeonline.exe |
"{D4CB2363-546C-4F75-A526-010648A01965}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D639DD0B-407F-424D-B1CB-2653BA7C6DF2}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{DB7CF3F1-1545-4CFD-950A-1AD4B06F94A9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DD28CF10-A7F6-4943-A1A0-9DE8E1E6D9D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE1862E2-8815-41A6-BE0C-928C041C6F98}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{DEABD82F-187D-43E3-BC02-08378859EC8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DFED47F8-1650-4B0F-8FAC-521BA7465E0A}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\regnum\rolaunchersteam.exe |
"{E1742B39-B160-45E0-9B43-E2E586018147}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{E3F61A76-FF0C-4595-917E-CA9C80494444}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{E4DF51E3-10C0-43AA-A564-8A441CB51EBE}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\regnum\liveserver\roclientgame.exe |
"{EBE86853-268F-4BA0-8138-2F51591CC806}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{ED8CD9E9-030B-4C30-A72C-DAFC9DBCE7DE}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"{EEE54435-263D-4AE8-BDE3-85BD6F0AE6C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF907E8A-F88C-401D-A67F-907C2CFD7E9C}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{F5D9781E-7635-4046-85B4-AB7A22598398}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe |
"{F6B11279-C82D-4795-A7B2-B8130D0AC9EE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe |
"{F6E5FC8A-040E-46AB-991D-BAB48485DF65}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{F7A4D3CD-34C0-4B6A-96DA-F8AE264CC6A1}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\regnum\liveserver\roclientgame.exe |
"{FD4861C3-0EFF-4725-A2B1-74CA562694C4}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{FDC1B88A-EFFE-433F-8F03-D09530D5AC81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEB4390E-3AF6-4CC4-A513-52BC638B681A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{FFDAE163-03D5-4641-B1D9-25B96D96C1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0D1AA4CC-3729-4D0D-B602-D6EEA0C1E0E1}C:\users\tini\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
"TCP Query User{1815542A-BED2-4945-A027-C723B41077ED}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{214CB451-1630-4914-856F-C6826B87EBD5}C:\program files\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{4D1D3C59-59A4-434C-B0DF-7F22896006A0}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{5FDA9D05-E793-48DB-B4E2-DF22374C02CE}C:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{62D2B7C4-64A0-44EF-8FC9-C154309339F0}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"TCP Query User{72F5A3E0-0AA6-4C2E-949E-8EB0BEA28C8C}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{7EB60670-F12E-447B-82C2-1812728F135D}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{8CAC37AE-A09C-420B-9816-E4EDC49060CF}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{930FC4A6-05D9-4DE4-A66F-3ECE4094FFD7}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{AA73F872-EF98-4840-AA6E-BB046F4E0518}C:\users\tini\desktop\dasdasds\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\dasdasds\gamin16\gameunp.exe |
"TCP Query User{C966D39A-A67C-4933-8C37-02364F3EE75E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{E7BD5CAB-A26A-4B48-9A68-EC7DE1A50A4B}C:\users\tini\desktop\fas\mohaa.exe" = protocol=6 | dir=in | app=c:\users\tini\desktop\fas\mohaa.exe |
"TCP Query User{EDFB6F9D-2324-4EDB-A16C-652DA6426A64}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{05556BDC-A88D-4E88-B639-6AD9F1A25F41}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{07DAD139-B668-402D-B088-86CBAF148B60}C:\users\tini\desktop\fas\mohaa.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\fas\mohaa.exe |
"UDP Query User{095CFD2C-5329-4399-BB73-899A1DF61680}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{16B12535-07B0-46F5-8AC6-AD0B08599A23}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"UDP Query User{1CE27168-27A8-450D-848F-D4C37E73BB56}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{4F2B2E39-5DE2-4EB4-B73D-8203E65AB06C}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{5B6899ED-5FDC-4547-BE1F-A5C85BB751C7}C:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\gaminator\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{70F9394A-9005-4A43-8DEC-A25856D8F75C}C:\users\tini\desktop\dasdasds\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\desktop\dasdasds\gamin16\gameunp.exe |
"UDP Query User{741F7D9D-65D3-4A8B-BF01-9D4834CD83EB}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{78552178-392E-4286-A43F-43286E63EE10}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{992FCF26-16D8-4A52-8D09-84C30B8B0389}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{9DBB179E-2844-4BE8-AFD9-852ED8708A0E}C:\program files\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{CB94C7FB-B7D5-47BC-869E-33583BE9741E}C:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{F587A60A-9FCF-4CA8-8227-0753D8A39A83}C:\users\tini\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\tini\downloads\gamin16\gamin16\gameunp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B2B9AA2-1139-4B44-8539-39A0C4EDF608}" = NextWindow Drivers
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7507C3-DF2B-4740-8700-8227C2C7AE81}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BrothersInArms" = Brothers In Arms
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Giraffic" = Veoh Giraffic Video Accelerator
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Steam App 222520" = Champions of Regnum
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.2
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/1/2013 11:00:03 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6287
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10967
Error - 2/2/2013 12:41:51 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10967
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15725
Error - 2/3/2013 9:35:56 AM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15725
Error - 2/4/2013 1:52:03 PM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/4/2013 1:53:51 PM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13151
Error - 2/4/2013 4:06:07 PM | Computer Name = Tini-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13151
Error - 2/6/2013 2:27:26 AM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 2/6/2013 2:28:42 AM | Computer Name = Tini-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 4/13/2013 4:54:12 AM | Computer Name = Tini-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 4/13/2013 5:00:45 AM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/13/2013 7:09:24 AM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/15/2013 8:12:41 AM | Computer Name = Tini-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{18FB4348-A233-4652-9588-6B0492EB5C9F} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 4/15/2013 2:28:37 PM | Computer Name = Tini-PC | Source = BROWSER | ID = 8032
Description =
Error - 4/16/2013 2:00:38 PM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 4/18/2013 12:15:38 PM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 4/18/2013 2:15:07 PM | Computer Name = Tini-PC | Source = bowser | ID = 8003
Description =
Error - 4/20/2013 8:02:13 AM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 4/20/2013 11:52:38 AM | Computer Name = Tini-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
|
|
20.04.2013, 17:57
| #5 |
| /// TB-Ausbilder | Searchnu.com , wie kriege ich es weg? :(( Hi, welche Probleme bestehen im Moment noch?
__________________ cheers, Leo |
|
20.04.2013, 18:34
| #6 |
| | Searchnu.com , wie kriege ich es weg? :(( Hi, jetzt ist searchnu weg..yuhuu habe es einige male versucht und bekomme immer meine normale startseite & weitere tabs sind leer. das war das einzige problem, zumindest ist mir sonst nichts aufgefallen ich nehme mal an jetzt passt alles oder? |
|
20.04.2013, 18:38
| #7 |
| /// TB-Ausbilder | Searchnu.com , wie kriege ich es weg? :(( Dann machen wir noch eine Kontrolle und schliessen vorhandene Sicherheitslücken. Schritt 1
Code:
ATTFilter :OTL
O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
20.04.2013, 18:59
| #8 |
| | Searchnu.com , wie kriege ich es weg? :(( ich bekomme bei schritt 1 einen error nach dem fix. sollte ich den gesamten otl log kopieren (das habe ich nämlich gemacht) und einfügen oder nur etwas bestimmtes? den text der unter schritt 1 als code steht finde ich bei mir iim log nicht!? sorry :$ |
|
20.04.2013, 19:01
| #9 |
| /// TB-Ausbilder | Searchnu.com , wie kriege ich es weg? :(( Du sollst nur diesen kurzen Text hier (komplett) kopieren und in die Textbox von OTL einfügen: Code:
ATTFilter :OTL
O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
:commands
[emptytemp]
__________________ cheers, Leo |
|
21.04.2013, 08:48
| #10 |
| | Searchnu.com , wie kriege ich es weg? :(( sorry, gestern konnte ich nicht alles abschliessen - eset hat lange gebraucht und ich war dann nicht mehr zuhause. hier mal alle logs: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}\ deleted successfully. C:\ProgramData\DNSErrorHelper\bho.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tini ->Temp folder emptied: 747001703 bytes ->Temporary Internet Files folder emptied: 11142702 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 382299923 bytes ->Flash cache emptied: 22232 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47881719 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,133.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04202013_200326 Files\Folders moved on Reboot... C:\Users\Tini\AppData\Local\Temp\OCS\Downloads\dab836309080449dfddf3bb5619b7b53\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.04.20.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tini :: TINI-PC [Administrator] 20.04.2013 20:12:31 mbam-log-2013-04-20 (20-12-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213782 Laufzeit: 7 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Eset hat nichts gefunden. Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.4001) Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.0.3 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.6.602.180 Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
21.04.2013, 13:57
| #11 |
| /// TB-Ausbilder | Searchnu.com , wie kriege ich es weg? :(( Sehr gut. Nur noch ein paar Updates und dann räumen wir auf. Schritt 1§ Downloade und installiere den Internet Explorer 10. Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird. Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 21.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
21.04.2013, 14:32
| #12 |
| | Searchnu.com , wie kriege ich es weg? :(( okay, habe nun alles erledigt, mein java ist nun auch gelöscht . ich hoffe ich werde es nicht für irgend etwas brauchen - mache das am lappy auch gleich mal. ich werde mich strengstens bemühen alle punkte einzuhalten damit ich niemand mehr belästigen muss, ohne hilfe wüsste ich sonst echt nicht weiter! danke!! werde meinem ex auch sagen dass er noch mehr aufpassen soll. mittlerweile weiss er dass er bei downloads das häkchen für toolbars etc wegmachen muss aber ich weiss ja nicht wo er sonst noch surft und sich da immer wieder etwas einfängt. vielen dank nochmal ganz liebe grüsse tina |
|
21.04.2013, 14:37
| #13 |
| /// TB-Ausbilder | Searchnu.com , wie kriege ich es weg? :(( Danke für die Rückmeldung, Tina. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Searchnu.com , wie kriege ich es weg? :(( |
| addon, einfach, erscheint, gelöst, hallo zusammen, hoffe, kriege, liebe, monate, neuer, newtab, nutze, poste, posten, problem, probleme, schonmal, search, seite, startseite, tab, tagen, thread, troja, trojaner, zusammen |
Textbox.
Linear-Darstellung
