| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2013, 20:25
| #1 |
| |  EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Hallo liebe Forenmitglieder, bei einem Systemcheck auf meinem PC (Windows 7 Home Premium, 64 bit) wurde folgende Malware gefunden: EXP/CVE-2012-1723.A.1 Da ich mich mit Malware nicht besonders gut auskenne, wollte ich nicht auf eigene Faust anfangen, jene zu entfernen. Ich habe über Google nur gefunden, dass er scheinbar einer dieser Erpresser-Trojaner ist, ich habe die Datei in Quarantäne verschoben, die Internet- und Netzwerkverbindungen gekappt und mittels eines USB-Sticks die Programme OTL, Defogger und GMER auf den Rechner geschoben. Nachdem ich die Programme die Logs erstellen ließ, habe ich den PC heruntergefahren, was in einem Bluescreen resultierte: "driver power state failure". Weitere Probleme traten nicht auf, hier sind die Logs: OTL: Code:
ATTFilter OTL logfile created on: 15.01.2013 19:07:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,27% Memory free 15,94 Gb Paging File | 14,32 Gb Available in Paging File | 89,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,90 Gb Total Space | 43,12 Gb Free Space | 28,77% Space Free | Partition Type: NTFS Drive D: | 390,76 Gb Total Space | 183,93 Gb Free Space | 47,07% Space Free | Partition Type: NTFS Drive E: | 390,76 Gb Total Space | 390,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 18:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.12.24 22:58:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 09:20:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.28 18:41:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.28 18:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.08 21:59:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.24 22:58:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.20 15:07:04 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.28 18:41:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.28 18:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.28 18:41:11 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.06.28 18:41:11 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 A9 13 DA 64 EF CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Admin\AppData\Local\Roblox\Versions\version-322083e762564446\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.03.31 17:16:11 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2012.03.31 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2013.01.06 20:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions [2012.07.29 10:56:52 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\battlefieldheroespatcher@ea.com [2012.07.29 11:01:08 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\battlefieldplay4free@ea.com [2012.10.10 14:59:32 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\42denw4d.default\extensions\ich@maltegoetz.de [2012.10.10 14:59:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\extensions\testpilot@labs.mozilla.com.xpi [2012.06.28 19:19:47 | 000,001,831 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\leo-deu-eng.xml [2012.06.28 22:37:09 | 000,001,328 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\wikipedia-de.xml [2012.03.31 17:48:47 | 000,002,057 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\42denw4d.default\searchplugins\youtube-video-search.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Admin\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll CHR - Extension: Battlefield Play4Free = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EADM] D:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 78.42.43.62 82.212.62.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F945E3-19F4-49CB-A8FC-CE51DBBF2357}: DhcpNameServer = 192.168.1.1 78.42.43.62 82.212.62.62 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation) O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.01 12:15:56 | 000,206,657 | R--- | M] () - F:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2012.05.14 14:03:14 | 000,000,106 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 19:04:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.01.12 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2013.01.11 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.11 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.11 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.11 16:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.01.06 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Play withSIX [2013.01.06 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Play withSIX [2013.01.06 20:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks [2013.01.06 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks [2013.01.06 13:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.01.06 00:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.01.06 00:06:28 | 000,000,000 | ---D | C] -- C:\Fraps [2013.01.05 23:22:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Winterberg-Modifkation_fü [2013.01.01 05:11:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PAYDAY [2013.01.01 05:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.12.24 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 3 [2012.12.24 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ESN [2012.12.24 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.12.24 20:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.12.24 20:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.12.24 20:06:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.12.24 18:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.12.24 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Origin [2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Origin [2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.12.24 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.12.22 13:41:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Minecraft alt [2012.12.20 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GTA Vice City User Files ========== Files - Modified Within 30 Days ========== [2013.01.15 19:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.01.15 19:05:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.15 19:05:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.15 19:05:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.15 19:05:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.15 19:05:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.15 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.15 18:55:06 | 000,365,568 | ---- | M] () -- C:\Users\Admin\Desktop\gmer-2.0.18444.exe [2013.01.15 18:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.01.15 18:46:46 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2013.01.15 18:33:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000UA.job [2013.01.15 18:10:00 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 18:10:00 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 18:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.15 18:02:39 | 2123,087,871 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 17:49:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.12 17:49:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.12 17:17:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.12 10:33:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000Core.job [2013.01.11 21:11:44 | 000,002,322 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk [2013.01.10 18:20:33 | 000,293,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.06 20:28:25 | 000,000,160 | ---- | M] () -- C:\Users\Admin\.screenleap [2013.01.06 15:41:58 | 000,020,232 | ---- | M] () -- C:\Users\Admin\Desktop\Bericht.odt [2013.01.06 00:06:29 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2012.12.31 15:48:18 | 000,000,221 | ---- | M] () -- C:\Users\Admin\Desktop\PAYDAY The Heist.url [2012.12.24 22:58:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.24 20:06:24 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.24 18:03:25 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.12.23 17:19:08 | 000,000,221 | ---- | M] () -- C:\Users\Admin\Desktop\Plain Sight.url [2012.12.16 20:49:25 | 000,017,114 | ---- | M] () -- C:\Users\Admin\Desktop\Deutschklausur.odt ========== Files Created - No Company Name ========== [2013.01.15 19:06:03 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.01.15 19:04:53 | 000,365,568 | ---- | C] () -- C:\Users\Admin\Desktop\gmer-2.0.18444.exe [2013.01.15 19:04:53 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2013.01.06 20:27:16 | 000,000,160 | ---- | C] () -- C:\Users\Admin\.screenleap [2013.01.06 15:09:02 | 000,020,232 | ---- | C] () -- C:\Users\Admin\Desktop\Bericht.odt [2013.01.06 00:06:29 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2012.12.31 15:48:18 | 000,000,221 | ---- | C] () -- C:\Users\Admin\Desktop\PAYDAY The Heist.url [2012.12.24 20:06:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.24 18:03:25 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.12.23 17:19:08 | 000,000,221 | ---- | C] () -- C:\Users\Admin\Desktop\Plain Sight.url [2012.12.16 20:25:36 | 000,017,114 | ---- | C] () -- C:\Users\Admin\Desktop\Deutschklausur.odt [2012.07.02 19:38:35 | 000,000,720 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel [2012.05.23 02:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.23 02:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.31 17:56:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.03.31 17:56:43 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.31 17:56:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.25 17:00:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.21 16:27:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft [2012.08.28 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AtomZombieData [2012.11.07 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2012.07.02 19:11:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\inkscape [2012.08.28 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2012.06.28 22:38:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2012.12.24 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin [2013.01.06 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Play withSIX [2012.07.09 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDISC [2012.08.11 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-updater [2012.07.14 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-zsync [2012.12.24 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 19:07:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,27% Memory free
15,94 Gb Paging File | 14,32 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 43,12 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 183,93 Gb Free Space | 47,07% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 390,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036E5976-0D06-4F83-99DD-041A2542935F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"{03954961-DF35-4BA1-A9DD-90635FF5133E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{03B78E4E-CB63-45AB-9D83-166A48CC39FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{03EA8B6B-3E91-4365-89EB-0B28EDC21D41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{08F0A1A4-E001-4DDF-A068-9FB5161309F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{09E2DD4B-0E84-4B7A-A794-3C4574526DC4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{0C30AB8B-BEA7-414F-B04B-17524C301907}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{0E6625B5-5EAC-41F8-8363-863F31EB1FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{17FDD93C-53B4-4B2F-A947-60AE9656F2FB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{1C71DE9C-E7D3-4F67-95A2-9DAD3B1CF0A7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{1FB89147-649A-4571-88D1-BFE386D7DADE}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2049719A-E78C-4F49-B448-6A7AF3FBC2A4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{28A438CA-0179-4ABD-B131-8C08050080CE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{2AE18E02-600C-4FF0-A3C1-07237F8DE313}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2D50CEF0-DA11-4908-BBFB-F20DF89F9CAD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{2E0C7070-8E11-4968-BCFB-77AAF253E03D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{2EF4A96C-78C2-4CCF-BDC4-44D7A947F19D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{2FEA2FBB-5888-4036-800E-A33A08C2ABF4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{317C3A83-E1EC-405E-AE1F-7B5D949FE16D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{3184F63B-760A-4171-B806-EF6FC0575011}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{3278BEA6-206A-4BDC-92C8-411476FA1BB8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{327CAC3E-359A-470E-9E41-2124DABC19BB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{32983C75-7711-4028-82B1-3C05F181EA2A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{3391DAC1-ED67-4EAD-8033-B5A944C5FFA2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{386F44B8-02FB-4DDD-BBB1-D928B87E5925}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{3A275874-BEA5-4324-9A90-EE3E286CA04D}" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"{3AC3CF36-6104-4951-9998-BADCC4AD196D}" = protocol=17 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4x.exe |
"{3B6DEBA5-B29E-4F3C-9EBC-DF60092E8ABC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3C8784A8-D224-4ED2-BFB3-B9F35EF01E8F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{41D62E14-225E-4459-A103-1CA0C1F1FF0B}" = protocol=17 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4xdedicatedserver.exe |
"{430B7CD8-CD59-4205-8021-6F1BC65D5F33}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{43694A96-094A-4A13-85C4-528FB5A8981A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4A2B48B4-488D-401E-A6A5-63545056AC93}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{4AA568A1-F75F-42FA-BBF8-6C4DF96AA9E0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{4EB93C6A-B0B7-45EE-B8B7-75955E0CD351}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{4FF7F31C-EA1F-43C5-AA9E-37BFE3DDA076}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{565C21E3-A594-4206-99E5-14324D340F06}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{58280DF5-EBE4-40E3-BFEF-BE2C3281030F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{584A0425-0E61-4165-9B4D-2705A544E218}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{5868387B-9E92-4715-88A6-58210041ACD0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{5B045D1C-DC7C-4D7F-9622-EB17825B0FBD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5CA2866C-BCAA-4864-9AC4-406BF1719D3D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{5D828C8A-254B-4FB7-B24B-777AE2AEA405}" = protocol=6 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4x.exe |
"{5EBFD658-FEA3-4EA6-A0A7-64F991BF0B1D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{674BEFF0-C3D3-414B-B540-2A39016E2A06}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{67ED90DA-3C72-4A87-A3A2-6A86A7D38429}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{68742715-748D-427F-B67D-7887C2B07B5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A4CE491-6F5E-4055-AD50-74037994DAD1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{6F534628-3C5F-45F2-A76B-CF75FDB38CF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6FE4E432-3C16-4417-AE5E-044670E212FF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{72B5D642-3E6E-43BD-B2E1-F61AF370DA3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{75AB548E-FF9C-4762-8CF4-571FF225654B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{75F203F1-3E13-4995-B71E-EC2854C10F03}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{771F8239-86E7-4D6B-AFA7-D703FEF42A41}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7D49F6EF-3359-40A7-BCC0-F070B60BCE06}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7E299B23-BB9E-4246-ACDF-5B7FCCB59565}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{80CCDF78-48C5-4F8B-90E4-6366EB151FAB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{8616A204-EF8E-4E7B-B85A-8529010BE41F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{899FD8DA-98AF-4A67-BDBE-472F7F55DCF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8D96CBE4-3F3F-443F-9266-85ED6A97C085}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8E26CA30-8359-4C69-9322-1906D4E48B2B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{8FBFC210-FD8B-40EF-BBA5-21C16B965A29}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{934FD9F4-B30D-4F2B-9C08-B9EA91E95CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{9BDE7A6E-59A4-4230-A097-85A072B5E09B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"{A1297CDB-AF95-4748-A121-27372C64BB30}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{A1D95AF5-C85F-40E3-8DA5-B705DDB1DBDB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A7128FF0-B485-4A78-94D9-13567B39F4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{AB399E88-A65C-45B6-A66A-CD0EC651F05F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{ACE3E4FB-3B1E-4252-B7BE-01F27D4D3854}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{AD10FF4E-3234-4DFA-A6DE-0A2DB912A234}" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"{AECB42B2-3EFE-4525-A595-67F9762BE8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B01285E6-0FBE-43BB-BB74-B1A8D8B371C8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
"{B396DBFB-FA75-4C98-8986-DFED83DD860F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{B4FFD473-367C-40BB-8614-1DA302974389}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{B8F72E07-9525-4F84-ADF8-0885E393A71D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{BA072B0D-A912-415E-8791-1919925575B7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{BB39E014-E3E2-4651-B986-49F1451C36E8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{BECB8539-0D8E-4A7B-87EA-78C2840F3908}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{C137F054-F436-4489-BC02-54BD6AA09C04}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{C24ED0D4-9DCB-4D75-A197-C441A934B8BE}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{C4379D3E-9E2B-4F34-B565-1E9659B58BF1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{C4F67A68-97D5-4796-BD28-02BF71DE88D5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{C519F277-3CCE-44CD-B965-6E7A9D8FC719}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{CFC2A674-E94E-4D5A-B460-7EE5DF02A360}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{D517BBC9-FB72-4D50-B7BB-4BCB5E6DBA28}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{D538F7F8-C73A-4E6E-9FDF-9EDD5F4AAB4B}" = protocol=6 | dir=in | app=d:\program files (x86)\contentexpansion\system\swat4xdedicatedserver.exe |
"{D6C3018B-4735-47EA-A30B-D033A4E1BE75}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{D7F4D7D6-AD59-47C3-922F-449056D5487A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{DABD3DC6-5346-437D-B0C7-4CAD7FF3C90C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{DB01FC58-90FD-4376-90EF-A60F4E80E11A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{DD559530-B802-4A99-801D-939766B470E9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{DEC42522-925E-46E4-963A-6E3B51468C5F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{E0141E4F-7F1C-4D45-B8F4-EE0E5F431467}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E0EF1956-7700-4D99-8948-A56811B1227A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E18BA7A7-EB8B-401D-9666-2A900806E297}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E8E364AB-F2D6-4D58-900F-7F4517021BE3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EB643FBC-EE85-4A34-9FF7-CA8E6763D00E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{EC5B95E1-E5FA-4F56-9121-395D748C03FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EC5DCF24-FC12-49C3-A66E-051AAE7FF761}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{ECF84137-F614-4475-882F-D9B54FD06DD5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{F05F43C7-D347-4350-87F8-6F54C16A1051}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F767DAE4-86AF-4F3C-9809-B2C5F361665A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F89AA1E0-66F7-4A77-8AF7-0371D1B1B1B4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FBF95B20-1F58-4707-8ABC-F68F9E19A9C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FCBE53A6-7906-4154-9A74-B891F2B427B3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FDBD8FCA-87E1-4743-A155-0C43092D2706}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{0E1341AD-267F-4775-8DDC-04DA546DAA10}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{2B0E768B-BE77-41F7-8133-C7A2018DA708}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"TCP Query User{300DA2C0-0D5C-436B-B37A-62F775E77A75}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5240432B-363E-4863-8A27-A41B2A8D4F88}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{596E1A7D-B501-4B5E-A9C8-690A8D70664E}D:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"TCP Query User{6634F891-D126-4DD7-8987-75D0D99DF259}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{69836E13-D3AA-4BAB-B6C9-5DAC8D1FAD15}C:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"TCP Query User{6C4C89AF-DF28-4F36-AEE5-E95F97FCA628}D:\program files (x86)\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"TCP Query User{6DB6C661-2DD4-4047-8E52-19FFFFD3FF06}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{7F1FA901-8498-4D17-978A-9C4EDFB10A8B}D:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe |
"TCP Query User{85892C3E-EE30-4E82-8133-BFFF46289C31}C:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{A846F643-67AB-442E-99CF-5AFB93496F5E}C:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"TCP Query User{ABE0CE8D-6784-4766-90F5-E2ADEB4AA64F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{B6B69668-39C2-4264-9B78-A244D62F1B9E}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{C3A42AA3-4E14-41D5-A01D-AD5385B31BA2}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{CE34F549-4599-403F-BCB2-E2AA93E27E50}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{F23690C1-B670-4360-BE8D-0FA7164C42A9}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{FDA019B9-892C-4C57-B387-C27B73F170BA}D:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"TCP Query User{FECA6782-02D2-40A1-B377-B393D7AF1E83}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{03378881-E6A0-45DA-844A-ED1DBC12EFE2}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"UDP Query User{1CFC6B7B-2532-4203-8407-D6D19BE01D39}D:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{2E34E60C-07EC-40C2-BDA3-0EBD4EE2DACF}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{2F232050-D2C4-4B5E-A98D-58EF88E41ECB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{50B55F73-BB7B-44D1-856D-9858A2AD5A69}C:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"UDP Query User{5B3FEA33-7AE0-4A3B-8FDD-BBE47001520F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6635198D-666C-4F21-9DB0-8A03C0709AF8}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{6B3E5545-5F42-45F6-864B-E4011D41ACDB}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{86921D82-4486-4805-B6A1-E0B615DCF56F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{99BACF8D-B476-44D5-9434-BE7983845C02}D:\program files (x86)\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 3\bf3.exe |
"UDP Query User{A0E7DB5D-D69D-43A0-84BB-6289DE69A0EC}C:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\admin\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{A41C3317-4B44-431E-BFCB-AD05F60C1BE4}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{BBD9C7C1-27B5-4A52-8A9C-CF54D2579106}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{BC8E27FB-8CF8-4870-AE92-97F2A127E914}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C0C49CD1-7FFE-4AAC-BE46-C14B2F0DF573}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{C7CEDC4B-CFC2-4958-8A4B-6A5C73349A73}D:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\team fortress 2\hl2.exe |
"UDP Query User{C8ADB4FB-B346-4F6F-9172-D76FECB75800}C:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"UDP Query User{CCC24AC9-59F4-494F-A3A7-241140D2FBEA}D:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\xxx\half-life 2 deathmatch\hl2.exe |
"UDP Query User{F776755B-3DF5-4F6D-BEC2-338F8522822E}D:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D726D186-0BA7-8BC4-6273-A9AED17C7B8A}" = Application Profiles
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC529949-EECA-2BF6-02AC-8041AD76B4B5}" = Application Profiles
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Emergency 2012" = Emergency 2012 Deluxe
"ERSBerlin2BetaGER_is1" = ERS Berlin 2 Beta
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"Inkscape" = Inkscape 0.48.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"Notepad++" = Notepad++
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 110800" = L.A. Noire
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12900" = Audiosurf
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 218" = Source SDK Base 2007
"Steam App 218230" = PlanetSide 2
"Steam App 220" = Half-Life 2
"Steam App 22200" = Zeno Clash
"Steam App 22208" = Zeno Clash Models
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31280" = Poker Night at the Inventory
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 41210" = Eufloria
"Steam App 42910" = Magicka
"Steam App 49900" = Plain Sight
"Steam App 50" = Half-Life: Opposing Force
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55230" = Saints Row: The Third
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8980" = Borderlands
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Admin
"Google Chrome" = Google Chrome
"SOE-" = gamelauncher-ps2-live
"SOE-C:/Users/Admin/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2 PSG
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 12:55:35 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: atiumd64.dll, Version: 9.14.10.926,
Zeitstempel: 0x5064fc85 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000019088b
ID
des fehlerhaften Prozesses: 0x9b0 Startzeit der fehlerhaften Anwendung: 0x01cdf01bfb1c9e1f
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\atiumd64.dll Berichtskennung: b75a1f46-5c0f-11e2-9676-8c89a5648fc8
Error - 11.01.2013 15:36:37 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 16:17:29 | Computer Name = Admin-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Grand Theft Auto IV" konnte nicht heruntergefahren
werden.
Error - 12.01.2013 05:17:16 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 10:09:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 10:36:14 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm SaintsRowTheThird.exe, Version 1.0.0.1 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 134c Startzeit: 01cdf0cfe52fe463 Endzeit: 808 Anwendungspfad:
d:\program files (x86)\steam\steamapps\common\saints row the third\SaintsRowTheThird.exe
Berichts-ID:
Error - 12.01.2013 12:48:41 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x550 Startzeit der fehlerhaften Anwendung: 0x01cdf0e04e55fe59 Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: eac31a67-5cd7-11e2-8640-8c89a5648fc8
Error - 13.01.2013 06:27:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 14:37:20 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 14:38:50 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: atiumd64.dll, Version: 9.14.10.926,
Zeitstempel: 0x5064fc85 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000019088b
ID
des fehlerhaften Prozesses: 0xa44 Startzeit der fehlerhaften Anwendung: 0x01cdf1bccd2cd0eb
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\atiumd64.dll Berichtskennung: 78912d28-5db0-11e2-a922-8c89a5648fc8
Error - 13.01.2013 16:12:25 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm Em4.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1208 Startzeit:
01cdf1c8d663e809 Endzeit: 25 Anwendungspfad: C:\Users\Admin\Desktop\sixteen tons
entertainment\Emergency4\Em4.exe Berichts-ID: 8910263d-5dbd-11e2-a922-8c89a5648fc8
Error - 14.01.2013 12:29:03 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2013 13:04:28 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.11.2012 14:18:53 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?11.?2012 um 19:15:06 unerwartet heruntergefahren.
Error - 25.11.2012 14:56:54 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?11.?2012 um 19:54:46 unerwartet heruntergefahren.
Error - 28.11.2012 15:08:42 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 20:07:42 unerwartet heruntergefahren.
Error - 28.11.2012 15:49:32 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 20:47:36 unerwartet heruntergefahren.
Error - 28.11.2012 15:49:34 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 29.11.2012 12:54:14 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 30.11.2012 08:54:11 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 30.11.2012 08:54:55 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 04.12.2012 14:58:17 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 04.12.2012 14:58:17 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 19:19:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4D 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000731717fa 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073171860 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073171942 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007317194d 2 bytes [17, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753b1401 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753b1419 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753b1431 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753b144a 2 bytes [3B, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753b14dd 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753b14f5 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753b150d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753b1525 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753b153d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753b1555 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753b156d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753b1585 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753b159d 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753b15b5 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753b15cd 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753b16b2 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753b16bd 2 bytes [3B, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1496] 000000001000e2eb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1232] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1100] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1968] 00000000018966e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536:1972] 0000000001892560
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2588] 000000006eb78f84
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2620] 000000006eb7925e
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064:2660] 000000006eb78bd0
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:2892] 000007fefc182a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3836] 000000006961d068
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3868] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3872] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3876] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3880] 000007feec37b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356:3904] 0000000068122340
Thread C:\Windows\System32\svchost.exe [3708:1548] 000007fef95a9688
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1388] 0000000075790000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1536] 0000000075790000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3064] 0000000075220000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2232] 000007fef3520000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [356] 000007fef3520000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3708] 000007fefd4b0000
---- EOF - GMER 2.0 ----
Ich danke schon einmal herzlichst im Vorraus! Mit freundlichen Grüßen SEG_San |
|
15.01.2013, 21:14
| #2 |
| /// TB-Ausbilder  | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Also ich sehe nichts von der von dir genannten Infektion. Nur eine Sache erscheint mir ein wenig komisch, die wir aber überprüfen können. Scan mit Combofix
__________________ |
|
15.01.2013, 21:44
| #3 |
| | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Soll ich den Windows Defender auch deaktivieren?
__________________BTW: Bei mir ist jetzt innerhalb weniger Minuten der Windows Explorer 3-mal abgestürzt. |
|
15.01.2013, 21:53
| #4 |
| /// TB-Ausbilder | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Ja, mach den vor allem komplett aus. Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Wenn Combo nicht läuft, kannst du auch den abgesicherten Modus benutzen. So funktioniert es:Abgesicherter Modus zur Bereinigung Dieser besondere Startmodus wird von einem User normalerweise nicht benötigt oder benutzt. Für uns ist er jedoch ein großartiges Hilfsmittel, da beim Start des Computers nur sehr wenige Komponenten geladen und so störende Bestandteile (und meistens auch die Malware) eben nicht mitgestartet werden. Um in diesen Modus zu gelangen mußt du während des Neustarts deines Computers im richtigen Moment (oder einfach so oft bis es soweit ist) die F8-Taste drücken und es wird ein Auswahlmenü erscheinen, von dem folgende drei Punkte wichtig sind: Abgesicherter ModusWähle mit den Pfeiltasten Abgesicherter Modus mit Netzwerktreibern aus und drücke Enter.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.01.2013, 23:00
| #5 |
| | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Hier ist die Combo-Logfile: Code:
ATTFilter [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15 22:54:01
ComboFix-quarantined-files.txt 2013-01-15 21:54
.
Vor Suchlauf: 12 Verzeichnis(se), 45.867.069.440 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 46.060.503.040 Bytes frei
.
- - End Of File - - 4A13EAE98BA97D2AE12CC51DF0ACAB39
|
|
16.01.2013, 15:22
| #6 |
| /// TB-Ausbilder | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Ja, das ist interessant, aber ich hätte dennoch gerne das komplette Logfile gesehen.
__________________ --> EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? |
|
16.01.2013, 16:12
| #7 |
| | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Verzeihung, hier ist das komplette Logfile: Code:
ATTFilter ComboFix 13-01-15.02 - Admin 15.01.2013 22:51:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8161.6771 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\4.0
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-15 bis 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-15 21:53 . 2013-01-15 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 18:25 . 2012-12-16 16:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-12 09:15 . 2013-01-12 09:15 -------- d-----w- c:\users\Admin\AppData\Roaming\Apple Computer
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-11 20:18 . 2013-01-11 20:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-11 20:18 . 2013-01-11 20:18 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-11 20:18 . 2013-01-11 20:18 -------- d-----w- c:\programdata\Apple Computer
2013-01-11 15:23 . 2013-01-11 15:23 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2013-01-11 14:49 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DA4DC8A-3AF0-4248-9DA7-E1D8D437784C}\mpengine.dll
2013-01-09 20:55 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:55 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 20:55 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:55 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 20:55 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 20:55 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 20:55 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:55 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 20:55 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 20:55 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-06 19:31 . 2013-01-13 13:03 -------- d-----w- c:\users\Admin\AppData\Local\Play withSIX
2013-01-06 19:31 . 2013-01-06 19:31 -------- d-----w- c:\users\Admin\AppData\Roaming\Play withSIX
2013-01-06 19:31 . 2013-01-06 19:31 -------- d-----w- c:\program files (x86)\SIX Networks
2013-01-06 12:59 . 2013-01-06 12:59 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-05 23:06 . 2013-01-05 23:08 -------- d-----w- C:\Fraps
2013-01-05 22:22 . 2013-01-05 22:22 -------- d-----w- c:\users\Admin\AppData\Local\Winterberg-Modifkation_fü
2013-01-01 04:11 . 2013-01-01 04:11 -------- d-----w- c:\users\Admin\AppData\Local\PAYDAY
2013-01-01 04:10 . 2013-01-01 04:10 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-12-24 19:39 . 2012-12-24 19:39 -------- d-----w- c:\users\Admin\AppData\Local\ESN
2012-12-24 19:39 . 2012-12-24 19:39 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-12-24 19:37 . 2012-12-25 10:44 -------- d-----w- c:\programdata\EA Logs
2012-12-24 19:06 . 2012-12-24 19:06 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-12-24 17:53 . 2012-12-24 17:53 -------- d-----w- c:\program files (x86)\Origin Games
2012-12-24 17:52 . 2012-12-24 19:21 -------- d-----w- c:\users\Admin\AppData\Local\Origin
2012-12-24 17:03 . 2012-12-24 18:31 -------- d-----w- c:\users\Admin\AppData\Roaming\Origin
2012-12-24 17:03 . 2012-12-24 18:24 -------- d-----w- c:\programdata\Origin
2012-12-21 13:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 13:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 16:49 . 2012-03-31 17:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-12 16:49 . 2012-03-31 16:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-12 16:17 . 2012-03-31 16:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-08 20:59 . 2012-03-31 16:44 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 20:59 . 2012-03-31 16:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-24 21:58 . 2012-03-31 16:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 07:06 . 2012-12-12 15:30 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 15:30 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 15:30 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 15:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 15:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 15:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 15:30 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 15:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 15:30 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 15:30 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 15:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 15:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 15:30 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 15:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 15:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 15:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 15:30 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 14:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 14:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 14:41 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 14:41 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-12-03 1354736]
"EADM"="d:\program files (x86)\Origin\Origin.exe" [2012-11-28 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GPU-Z;GPU-Z;c:\users\Admin\AppData\Local\Temp\GPU-Z.sys [x]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-28 86224]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - RTCORE64
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:59]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:23]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004764620-34079624-740062768-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 78.42.43.62 82.212.62.62
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42denw4d.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BattlEye for A2 - d:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\users\Admin\Desktop\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2004764620-34079624-740062768-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,a2,af,11,a9,50,08,93,ef,02,76,9b,0b,51,b9,6a,45,ce,6d,7e,05,
e7,84,21,66,12,f1,3b,55,41,c0,e6,96,32,26,aa,e9,bd,fa,7a,8c,4d,0e,e5,15,0b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15 22:54:01
ComboFix-quarantined-files.txt 2013-01-15 21:54
.
Vor Suchlauf: 12 Verzeichnis(se), 45.867.069.440 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 46.060.503.040 Bytes frei
.
- - End Of File - - 4A13EAE98BA97D2AE12CC51DF0ACAB39
|
|
16.01.2013, 16:20
| #8 |
| /// TB-Ausbilder | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Wichtig: Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.01.2013, 21:29
| #9 |
| | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] 16.01.2013 19:32:50 mbam-log-2013-01-16 (19-32-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208250 Laufzeit: 1 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SecurityCheck-Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
16.01.2013, 21:40
| #10 |
| /// TB-Ausbilder | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff: Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff: Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff: Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff: Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.01.2013, 18:05
| #11 |
| | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Vielen herzlichen Dank für die schnelle und gut beschriebene Hilfe! Nur eine Frage noch: Ich habe die Datei ja noch in Antivirus in der Quarantäne. Kann ich die jetzt da herauslöschen, oder ist es sicherer, sie einfach dort zu belassen? |
|
17.01.2013, 18:06
| #12 |
| /// TB-Ausbilder | EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? Beides ist okay Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner? |
| 78.42.43.62, antivir, antivirus, autorun, avira, bho, bluescreen, ccc.exe, error, firefox, flash player, format, google, grand theft auto, helper, home, homepage, install.exe, launch, logfile, malware, malware gefunden, mom.exe, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, teamspeak, vice city, windows |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
