| |
| |||||||
Log-Analyse und Auswertung: Zufällige Werbepopups beim SurfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2013, 14:37
| #1 |
| |  Zufällige Werbepopups beim Surfen Hallo, ich bekomme während dem Surfen im Internet immer wieder zufällige Werbepopups. Dabei hab ich keine zeitliche Regelmäßigkeit feststellen können und auch sonst keine Abhängigkeit davon, was ich mach. Die Popups erscheinen jedoch ausschließlich wenn ich tatsächlich surfe. Ist der Browser geschlossen kommen keine Popups und soweit ich feststellen konnte auch nicht, wenn ich z.B. 20 Minuten lang einfach Google geöffnet habe. Mein verwendeter Browser ist Chrome. Versucht das Problem selbst zu beheben hab ich schon mit folgendem: Malewarebites AntiMaleware, Spybot S&D, Avira AntiVir, Super AntiSpyware. Hier die Logfiles, die beim ersten Post mit dabei sein sollen: OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2013 14:07:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\salva\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421)Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,90 Gb Total Physical Memory | 13,89 Gb Available Physical Memory | 87,35% Memory free 31,79 Gb Paging File | 29,68 Gb Available in Paging File | 93,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,03 Gb Total Space | 15,11 Gb Free Space | 14,12% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 15,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive E: | 341,80 Gb Total Space | 165,17 Gb Free Space | 48,32% Space Free | Partition Type: NTFS Drive F: | 1,92 Gb Total Space | 0,76 Gb Free Space | 39,39% Space Free | Partition Type: FAT32 Drive G: | 570,18 Gb Total Space | 330,26 Gb Free Space | 57,92% Space Free | Partition Type: NTFS Computer Name: SALVA-PC | User Name: salva | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 14:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe PRC - [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.12 15:47:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 15:47:01 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 15:47:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.29 16:22:54 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2013.01.23 02:03:02 | 028,792,168 | ---- | M] (Dropbox, Inc.) -- C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.24 01:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.05.20 09:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility) SRV - [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.12 15:47:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 15:47:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.11 00:35:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.20 22:42:38 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.16 12:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.23 19:05:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.10.23 19:05:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.08.29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.27 13:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2010.05.20 09:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.14 14:01:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.11 17:25:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:25:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.26 23:39:30 | 000,123,904 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum) DRV:64bit: - [2012.09.26 23:39:22 | 000,037,504 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.12 10:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.01.13 11:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.10.10 18:37:05 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2011.09.21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.31 02:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012.12.16 12:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 62 A7 04 86 A9 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.unibw.de;*.unibw-muenchen.de;192.168.0.1;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webproxy.unibw.de:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 14:52:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:04:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.08 13:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\Extensions [2013.01.14 21:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\Firefox\Profiles\glqkxofe.default\extensions [2013.01.14 21:23:26 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\salva\AppData\Roaming\mozilla\firefox\profiles\glqkxofe.default\extensions\groovesharkUnlocker@overlord1337.xpi ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - Extension: Turn Off the Lights = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\ CHR - Extension: Tabs Join = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\binjiceocgbfooocmheaenmmcominbpe\2.1_1\ CHR - Extension: JoinTabs = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjmimocndihpmdoelbiilpkkfkppikap\1.4.15_0\ CHR - Extension: YouTube = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\ CHR - Extension: Adblock Plus = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Better Battlelog (BBLog) = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.3.0_0\ CHR - Extension: ProxMate - unblock the Internet! = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.7_0\ CHR - Extension: Little Alchemy = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\ CHR - Extension: Print = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj\1.1_0\ CHR - Extension: Ti\u00EBsto = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Better History = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0\ CHR - Extension: Battlefield Play4Free = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\ CHR - Extension: Hover Zoom = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbimoafigmfpaiobngkbobhpmjeeppfh\4.11.1_0\ CHR - Extension: Google Mail = C:\Users\salva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2013.02.13 22:58:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SDTray] D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] G:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DB74808-801F-46B5-B241-238D950B74EE}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.24 10:32:30 | 000,000,110 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 14:04:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe [2013.02.13 23:13:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.13 22:59:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.13 22:55:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.13 22:55:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.13 22:55:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.13 22:55:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.13 22:55:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.13 22:40:25 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\salva\Desktop\ComboFix.exe [2013.02.13 22:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.13 16:02:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\salva\Desktop\HijackThis.exe [2013.02.13 07:41:44 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Malwarebytes [2013.02.13 07:41:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.13 07:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.13 07:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 16:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.02.04 21:20:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.04 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\salva\Desktop\tp [2013.01.29 16:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.01.28 13:38:35 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.01.27 20:50:02 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Local\HP [2013.01.25 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.01.25 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Dropbox [2013.01.24 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\HandBrake [2013.01.24 16:23:12 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.24 16:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.24 16:15:34 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\Broad Intelligence [2013.01.24 13:40:11 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming\avidemux [2013.01.22 08:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 14:07:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 14:07:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 14:07:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 14:07:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 14:07:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 14:06:11 | 000,365,568 | ---- | M] () -- C:\Users\salva\Desktop\gmer_2.0.18454.exe [2013.02.14 14:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\salva\Desktop\OTL.exe [2013.02.14 14:03:30 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:03:30 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:01:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.14 14:01:29 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.14 14:01:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.14 14:01:19 | 000,441,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 14:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 14:01:10 | 4212,432,894 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 14:00:34 | 000,000,020 | ---- | M] () -- C:\Users\salva\defogger_reenable [2013.02.14 14:00:17 | 000,050,477 | ---- | M] () -- C:\Users\salva\Desktop\Defogger.exe [2013.02.14 13:47:14 | 000,001,049 | ---- | M] () -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.14 13:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 13:27:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 23:16:52 | 000,001,670 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.02.13 22:58:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.13 22:40:31 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\salva\Desktop\ComboFix.exe [2013.02.13 20:55:00 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.13 20:55:00 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.13 16:02:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\salva\Desktop\HijackThis.exe [2013.02.13 14:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.12 19:28:43 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.12 17:38:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.11 20:57:51 | 000,048,434 | ---- | M] () -- C:\Users\salva\Desktop\Schriftliche Ausarbeitung Kubakrise.pdf [2013.01.27 20:55:32 | 002,394,361 | ---- | M] () -- C:\Users\salva\Desktop\einkommenssteuer.pdf [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.14 14:06:09 | 000,365,568 | ---- | C] () -- C:\Users\salva\Desktop\gmer_2.0.18454.exe [2013.02.14 14:00:34 | 000,000,020 | ---- | C] () -- C:\Users\salva\defogger_reenable [2013.02.14 14:00:15 | 000,050,477 | ---- | C] () -- C:\Users\salva\Desktop\Defogger.exe [2013.02.14 13:47:14 | 000,001,049 | ---- | C] () -- C:\Users\salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.13 22:55:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.13 22:55:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.13 22:55:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.13 22:55:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.13 22:55:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.11 20:57:50 | 000,048,434 | ---- | C] () -- C:\Users\salva\Desktop\Schriftliche Ausarbeitung Kubakrise.pdf [2013.01.27 20:55:32 | 002,394,361 | ---- | C] () -- C:\Users\salva\Desktop\einkommenssteuer.pdf [2013.01.11 23:27:14 | 001,268,228 | ---- | C] () -- C:\Users\salva\2013January11 03-56-16.jpg [2013.01.11 18:28:14 | 000,001,670 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.01.07 13:45:12 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2013.01.07 13:45:11 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll [2013.01.07 13:45:11 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll [2013.01.07 13:45:11 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll [2013.01.07 13:45:11 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll [2013.01.07 13:45:11 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll [2013.01.07 13:45:11 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll [2013.01.07 13:45:11 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll [2013.01.07 13:45:11 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll [2013.01.07 13:45:11 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll [2013.01.07 13:45:11 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll [2013.01.07 13:45:11 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll [2013.01.07 13:45:11 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll [2013.01.07 13:45:11 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll [2013.01.07 13:45:11 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll [2013.01.07 13:45:11 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll [2013.01.07 13:45:11 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.10 13:25:29 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll [2012.10.27 16:37:20 | 000,028,102 | ---- | C] () -- C:\Users\salva\AppData\Roaming\OFMissionEditorConfig.xml [2012.10.26 09:28:30 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.18 13:46:40 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.10.08 15:31:46 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.08 15:31:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.08 12:39:04 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012.10.08 12:39:04 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012.10.08 12:39:04 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012.10.08 12:39:03 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.10.08 12:39:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.10.08 12:38:42 | 000,000,003 | ---- | C] () -- C:\Users\salva\AppData\Local\user_data.ini [2012.10.08 12:30:24 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.10.08 12:30:24 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.03.31 07:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.07 00:18:41 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\.minecraft [2013.01.25 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\avidemux [2013.01.24 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Broad Intelligence [2012.11.15 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\DAEMON Tools Lite [2013.02.14 14:01:38 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Dropbox [2012.11.23 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Fatshark [2012.10.16 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Foxit Software [2012.11.21 11:12:53 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Garmin [2013.01.07 00:27:47 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\GetRightToGo [2013.01.25 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\HandBrake [2012.10.08 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Leadertech [2012.10.08 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\LolClient [2012.10.09 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\OpenOffice.org [2012.12.04 20:18:21 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Origin [2012.12.10 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\PlayClaw4 [2012.10.14 11:12:11 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\runic games [2012.10.13 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SPORE [2012.10.10 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\SteelSeries [2012.10.15 10:49:26 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\The Creative Assembly [2012.10.08 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\salva\AppData\Roaming\Thunderbird [2013.01.07 12:06:39 | 000,000,000 | -HSD | M] -- C:\Users\salva\AppData\Roaming\wyUpdate AU ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 14:07:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\salva\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,90 Gb Total Physical Memory | 13,89 Gb Available Physical Memory | 87,35% Memory free
31,79 Gb Paging File | 29,68 Gb Available in Paging File | 93,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 15,11 Gb Free Space | 14,12% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 15,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive E: | 341,80 Gb Total Space | 165,17 Gb Free Space | 48,32% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 0,76 Gb Free Space | 39,39% Space Free | Partition Type: FAT32
Drive G: | 570,18 Gb Total Space | 330,26 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Computer Name: SALVA-PC | User Name: salva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025699DD-7127-47B7-BC1A-E5666A3D4CDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{105C7223-A2D1-45E0-94D9-785A169F90F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BA64051-EB86-4A63-9D63-4071FA8BFF91}" = lport=137 | protocol=17 | dir=in | app=system |
"{22F6BBD4-496C-4FB0-AEFB-A6FCEFD62C75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C6834B4-B94D-43AD-B885-69A45DD05BFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D8788E3-C36F-408E-82FA-09F629E2689E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44A94FFE-67C7-44DB-B926-D46C5A4B805D}" = rport=445 | protocol=6 | dir=out | app=system |
"{542DDBE0-29C2-4697-9B6A-4D5B1E80F12B}" = rport=139 | protocol=6 | dir=out | app=system |
"{650800A6-52BD-4A81-8D03-A7E033A8BFF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B6FA32F-471E-464F-998D-FB2D97B607D2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72335073-D883-4F4A-8E07-1158B9537D09}" = lport=58240 | protocol=17 | dir=in | name=pando media booster |
"{7326BCE5-A1C6-454B-A89E-82F6EB9978D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{761597DF-BBE4-4341-A402-D97B375FE5A8}" = lport=58240 | protocol=6 | dir=in | name=pando media booster |
"{79B81DE9-455E-4053-A8CB-FA375C2E8586}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8394120B-720F-40E9-A728-FB3CD423CA39}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\outlook.exe |
"{8A5CD620-761F-4D98-865A-81993F711E7E}" = lport=138 | protocol=17 | dir=in | app=system |
"{95A0A9AA-EBCF-47A3-8BB6-8A000751CBCA}" = rport=138 | protocol=17 | dir=out | app=system |
"{98834B4A-B115-427E-A1CB-D2DE66ACC0F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A17F608A-7C0C-4E6F-8040-2D28D4500CA7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A926E4F1-C8D8-4C12-9828-0D585D4B86DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7FE53EB-2985-4CE2-BFE9-4372BF86135B}" = lport=58240 | protocol=6 | dir=in | name=pando media booster |
"{B9F03E3F-61D8-45F1-9B89-5AA3C49E2A5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC08A82A-27F4-49BC-9E5B-156999D47C07}" = lport=58240 | protocol=17 | dir=in | name=pando media booster |
"{F10C5F96-D33E-457A-85C2-61698D1A9AB5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6DD7AF2-EBDF-49AD-9045-05E7A3C86046}" = lport=445 | protocol=6 | dir=in | app=system |
"{FEF34721-D9EA-4017-A9B2-AF5105CDA7F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514E198-9105-44DD-BA1F-46D4541B5DB2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{07EDB2B8-42E4-4001-BD71-C7D309A459F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08404A68-E3A0-4722-9180-215F4363BCD0}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{08CC9CB3-DA0E-4108-B9DC-FB9BE3B3B90E}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{08DD6342-7B54-48F9-BB19-FBC64A05D5ED}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{0A5CDE34-208B-459D-9CEF-33D60BF83BB5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{0AEBF8DD-EEAE-4BCA-8FD5-5B13681B4714}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{0D670E94-C53E-4C42-B740-6EE24956D01A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{0DA2063D-3843-4927-BAFF-AE31235630F9}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{10BC626B-826F-4BDC-AD00-15C9D00E40E8}" = dir=out | app=%programfiles% (x86)\origin games\battlefield 3\bf3.exe |
"{13864A3C-A347-4A9F-B79F-91C43F5C5694}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{144F1BB8-7BDA-4A39-954F-5C2A7F28EFA9}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"{14531BF7-FD5B-4DCC-909D-9E5BBABEFB33}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{14B9B6D4-0708-46C1-980D-CC38293F0925}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{1D39DD5D-EF81-48C0-B6AF-3A703571A4D9}" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii.exe |
"{1DC6A13D-4D1E-4B76-9431-4DC08B2AAE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FF7A4E7-2A8E-44D6-9E48-9C12574B53C2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\of orcs and men\oforcsandmen_steam.exe |
"{2123F218-4863-4F0C-8C89-282A4A8B6D92}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{27B59E3D-4E30-4049-89EC-B03347C308FC}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe |
"{2866DD5A-0D9D-41F9-B8A7-3028787888D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29DF5CB5-E085-4538-B03C-C822970FFFFF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2AAF81F4-F2C7-4234-AE28-1E36CC6D2979}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{2F360678-4D58-402D-990C-6632019AEF34}" = dir=out | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{31202BCC-64AD-468F-A3A8-3DF6678773C3}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{3231CF4D-B0AE-47A2-B21D-977CA154C9D9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{329B3F6E-1F71-447E-BAE4-25556AF1C015}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{3300A85E-C383-45FE-AF9C-180742CF63AD}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{371DBFFC-3ECB-46BD-B5E1-A8AB2F66063B}" = protocol=6 | dir=in | app=g:\program files (x86)\diablo iii\diablo iii.exe |
"{37B02BA2-7959-401C-BEB8-A4C3970107E4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{37C82F30-6472-47EB-A61A-C6816AA00FEB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"{395ED227-9EF2-4C2C-8F57-568A806C1F5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39CC10B5-2D7C-4973-836F-B118075471C4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{39DD72E5-5A68-4C38-9D5F-684F47985F1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A338F38-4881-4CCE-B891-6BE99FA5C9A7}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{3A544CDF-03D7-4DE0-8EC3-397941F3B5DA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{4B4A4ACB-3006-4A25-958C-53727BE3AEFA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{4C13BF53-EF9B-4AAD-9B86-1F40C60BB49A}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{4C1504E3-1380-4672-8807-78F19632153B}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6mp.exe |
"{4C7AC607-084E-4E18-9550-9FA068C578C1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{50C7034E-D6D3-4797-88D9-CFC1E4658177}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{54A5ACB2-1808-4850-90AB-85C3E7A66B42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54F22F20-3BB4-4641-87EA-09379E53FEEC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{56E4F97E-9AC2-4319-BFC7-DB9D8818B1CE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{56F235A3-C884-47C3-896B-F3FE9989D605}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{58233B91-7A62-4F6E-8650-DA23D5826ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{582B38DE-F86C-421A-90C5-51E3AA6B5E43}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5A11DFCD-B5E9-4986-873C-493789F9DBEA}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{5C34AF5C-FA88-437F-891E-CB988A015D6A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{5FF4BDE4-EFCE-4883-A6B6-E5E709473D5A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{607B4795-AA13-48D8-9A5F-7596A8A0F175}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6zm.exe |
"{613311B6-8AEB-43A9-BAB6-1DD35758B7C6}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6AE08646-A65C-46D6-A001-AB6645926A2A}" = protocol=17 | dir=in | app=c:\users\salva\appdata\roaming\dropbox\bin\dropbox.exe |
"{6E49BB02-78FE-4B16-9165-C4D02A1FC6D4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{703765A6-8F98-47C4-A804-73C1A6C18D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7051A97E-1679-4B59-A38F-926F59811BE0}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{709906CC-78F7-4A2D-9EDE-FCFBBD161D7A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{719EDCEF-7B9B-42D7-BE28-16F93C73C53B}" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii.exe |
"{73CFBA2E-37BE-4F7C-BDAA-F8AA62B033B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77DA6FFD-4C8A-4818-8348-EB89D22978C1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{7ECF6E81-FA14-4901-8792-762DB84B2FDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F059895-C427-450B-9062-FFB2CEC095A0}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{855437D2-1A16-4124-8697-D8EE1AE495F4}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{85EC5F97-4E81-409F-9C23-260662851C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8F7EDECE-C059-47EA-A495-C34FD47853A5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{906951B5-82A4-4CAB-9972-628A5C63E3BB}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{94613BC2-D44B-4FA5-896C-7AA7C8FCA8CB}" = dir=out | app=g:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"{94EBDAA1-82D2-461F-8134-E1120B5C8B34}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{952AE26E-5C4B-48F6-B902-588E395F3C48}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{976AB639-795B-48F5-B196-D597AA84DF91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B2AC795-8EFA-4833-AB7F-36A992FA7414}" = protocol=6 | dir=out | app=system |
"{9B77BA48-2BCC-4F6B-BA0C-F13021BE43F1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{9B95E016-CC16-4ECD-B4C9-8DACBB32C366}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9C583ECC-EE9B-49FC-AC5B-B2BAE8D529A4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{9D667017-3B2B-4092-A252-2CAD5F10E3B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E62C6F0-97F1-4620-92B5-88C51737FCBB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{A0FB9C2B-6120-41AC-A265-4A66D0B7DB19}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{A3FB4451-BB16-491A-AC7E-325BD1D92610}" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A410BCFE-69C7-431D-9D94-08C465304210}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A5BDDC38-6C24-46DE-8366-95C8D46A1D86}" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A6B5D5C5-E53F-4798-A1CD-26E8D72C03B1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{A9ED1C5A-AE2A-4A49-92C6-CDA3C20382EA}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"{AA639950-E51C-472D-A6ED-93967C6304A7}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{AD01AAE3-0C6E-4405-AAD9-BC6531FB289B}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{AE3FE3B3-0A77-4253-AC61-79951B54F90D}" = protocol=17 | dir=in | app=g:\program files (x86)\diablo iii\diablo iii.exe |
"{AECDB3EF-FFFA-43BB-B7D0-FF42C9B92946}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{B23E6361-3370-48EA-B430-3D36B9826848}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{B23EA7D5-A98D-4172-BBFA-FAFAB3E8AA1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B26B6B91-E3B8-448E-A6FC-67B8A6E3AD5E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{B5429C4C-A9BB-41CA-AFD1-3E8098B13E7C}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe |
"{BAAB78DC-506A-4D25-ADE2-38CD89185B80}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BB1F1EDB-818D-4313-B1EE-84A5DE4EA8F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BE426AC4-8351-40B7-94CB-102D65135AB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C05CEA60-05A8-454D-B437-707F3CA393CF}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{C39C86A9-46B0-4528-8587-54450CE92246}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{C7259EA5-DA16-4FEF-8B5E-7F75BD8F5697}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{CB3C9BC6-D5F0-4515-9813-DD2DB6BD2C03}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{CC25D40E-DFDA-4C7A-A761-3CDD4509390A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{CDFB8A1B-9ABC-42F0-A91C-F73A207A24A1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{CE50AA32-0CA5-4A6D-9C2C-81E128D9C0A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D26C64EC-6B00-48D9-A883-678C908E310F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{D3A502EC-989A-4439-A17E-9ADF73B55948}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D3E1A600-3C3C-40A4-965F-27FCE1EC3468}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D50C017F-7371-4911-9A69-1BB9447BAB1C}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{D6A23DE6-B97D-4A96-A996-1C1B43D08D3F}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D880E176-BFE1-41F1-B078-F5762F3B3D87}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{D90B4DD9-508F-4569-A144-D64FB739DD85}" = protocol=6 | dir=in | app=c:\users\salva\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0034507-3D88-4ACB-AA52-C897B399D5C9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E161C15B-3EB3-437A-B8BC-C0B2358BE996}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2803F2B-838C-45FA-8687-38F614A0D549}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E31A2119-7AAE-409D-A890-DF8F5BCF9CA1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E838EB73-A442-410B-8696-FA54FE4D689D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9EB9315-F21F-4DEF-81AE-4DC04799810F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{EA542E00-85D2-4826-8AE1-F6F3E62064E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EEC78377-7DC0-48E1-83F3-89CAD548D38D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{F0813EE2-A165-482A-B4F3-92D312B1FA4E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{F10960FE-F9C9-4C3E-9075-475EEC733653}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F2AC3002-188E-4E8E-A503-C76375A20185}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"{F5E64F1A-E339-4433-950D-A3025184F2DD}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\of orcs and men\oforcsandmen_steam.exe |
"{F68ACAEC-CF69-4A36-B9D1-C42F9A712FD8}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{F8A513CC-0B7A-4630-ACE7-FB592B37A230}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC38473D-ECC5-49B0-BDC6-E6C649D397ED}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"TCP Query User{199B509F-720C-47AC-813C-46D1A8F3C86A}G:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"TCP Query User{301E2067-62AC-48B6-8AA6-F552E69708DB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{31233CFA-C19C-466F-BCB8-05BFB24DB561}G:\program files (x86)\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=g:\program files (x86)\battlefield play4free\bfp4f.exe |
"TCP Query User{495D4D4F-A449-4FA5-89F2-C4691A306EC2}E:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=e:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe |
"TCP Query User{5B5CFF64-1B27-414E-A1A2-8A3F28E72356}G:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{6B0C6A10-650D-4DD5-8708-00730DCFB59E}G:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=g:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{6F895829-92AF-4936-8402-0C6539C77115}G:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe |
"TCP Query User{9926684D-4501-41FA-9ECB-4D9FCC110AD9}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{9AA9C424-3BEA-42E0-87CF-4BBC7D988A22}G:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{9E06B315-F23D-44F4-B44A-33C3C92E2B3E}G:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=g:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{DF4B32A0-9278-4DBC-BF72-AFFF751A9C96}D:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{008AAD70-9013-4C59-9F75-D06C67885381}G:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{2FCFFA3F-40AD-4810-BCE9-B38F245A5433}G:\program files (x86)\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=g:\program files (x86)\battlefield play4free\bfp4f.exe |
"UDP Query User{3B0567F1-5C06-4544-AC92-1DA31110542C}G:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{3E3A12CF-E925-4D2F-A0EE-D06401567FE9}D:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3ECBC2C7-C301-45B4-8101-AE427DA5C9DC}G:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"UDP Query User{6121C001-60D9-4362-97FA-45DB00065CA6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7F623DDC-50D8-4EAF-8E4C-85C41A5BC1E3}G:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{900AB33D-8A93-4032-BB12-4D8F89C7FC9D}G:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=g:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{A225581C-A088-4D56-BA40-9F7ED170F62E}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{C853B88F-A0A4-42FE-BFAE-18A7AF2338A8}E:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=e:\games\mass effect 3\m3.international\binaries\win32\masseffect3.exe |
"UDP Query User{D151552B-D107-4C81-820C-1C3418971980}G:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\the_gamer211092\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Lazarus_is1" = Lazarus 1.0.2
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SteelSeries Engine" = SteelSeries Engine
"UDK-7fea3f8c-9746-467c-b8a2-efcfef3a4425" = My Game Long Name
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.5.6366
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}" = HP LaserJet 100 color MFP M175
"{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A5949B71-46FB-43F3-8852-4E74D9FC7564}" = hpbM175DSService
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C3529014-BB16-4933-83FE-9BC9D79619F5}" = HP LJ100 M175 HP Scan
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9C72E0-61E9-4FB6-9D9D-69A9D974106C}_is1" = Assassin's Creed III version v1.01
"«Endless Space - Emperor Special Edition»_is1" = «Endless Space - Emperor Special Edition» 1.0.29
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aika Online: Epic III" = Aika Online: Epic III
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darksiders II_is1" = Darksiders II
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PlayClaw 4_is1" = PlayClaw 4
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"RGF HotSpot_is1" = RGF HotSpot version 0.6b
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 113200" = The Binding of Isaac
"Steam App 113400" = APB Reloaded
"Steam App 1250" = Killing Floor
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203730" = Q.U.B.E.
"Steam App 204360" = Castle Crashers
"Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
"Steam App 216910" = Of Orcs And Men
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 34030" = Napoleon: Total War
"Steam App 40800" = Super Meat Boy
"Steam App 42160" = War of the Roses
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 93200" = Revenge of the Titans
"SysInfo" = Creative Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 18:04:23 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 13.02.2013 18:04:26 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 13.02.2013 18:13:06 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 13.02.2013 18:13:09 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 04:45:46 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 04:45:49 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 04:46:38 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 04:46:41 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 14.02.2013 09:01:20 | Computer Name = salva-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 14.02.2013 09:01:22 | Computer Name = salva-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
[ Spybot - Search and Destroy Events ]
Error - 12.02.2013 19:01:49 | Computer Name = salva-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.02.2013 03:42:54 | Computer Name = salva-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2792100)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 9 unter
Windows 7 für x64-basierte Systeme (KB2797052)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2790113)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2790655)
Error - 14.02.2013 04:49:33 | Computer Name = salva-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070003 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2792100)
Error - 14.02.2013 08:48:33 | Computer Name = salva-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 14.02.2013 09:01:20 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "AMD External Events Utility .NET." wurde mit folgendem
Fehler beendet: %%2
Error - 14.02.2013 09:01:27 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 09:03:28 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 14.02.2013 09:03:28 | Computer Name = salva-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Sollte der GMER auch noch benötigt werden, kann ich den auch noch im nächsten Post mit reinschreiben, der war jetzt zu lang für diesen Post! Ich hoff ich hab soweit noch nicht allzu viel falsch gemacht und mir kann noch geholfen werden... mfg salva92 Geändert von salva92 (14.02.2013 um 15:36 Uhr) Grund: QUOTE durch CODE ersetzt |
|
14.02.2013, 16:19
| #2 | |
| /// TB-Ausbilder   |  Zufällige Werbepopups beim Surfen Hallo salva92 und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Zitat:
Zudem habe ich gesehen, dass du Combofix laufen lassen hast. Dieses Tool sollte man eigentlich nicht einfach so mal ausführen. Reiche aber bitte auch dieses Log (C:\Combofix.txt) noch nach. Hat sonst irgendeiner deiner Scanner etwas gefunden? Falls ja, dann poste entsprechenden Report bitte ebenfalls noch. Zudem: Mach in xp-AntiSpy bitte temporär alle Änderungen rückgängig, indem du unter "Profile" das Systemprofil auf Systemstandard einstellst. Frage: Treten denn diese Popups denn nur auf, wenn du mit dem Chrome surfst? Teste das bitte auch mal mit dem Internet Explorer und dem Mozilla Firefox (vorher noch updaten) und teile mir mit, wie es dort aussieht.
__________________ |
|
14.02.2013, 16:27
| #3 |
| | Zufällige Werbepopups beim SurfenCode:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 14:19:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 OCZ-VERT rev.1.37 107,13GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\salva\AppData\Local\Temp\ugloypob.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000744117fa 2 bytes [41, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074411860 2 bytes [41, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074411942 2 bytes [41, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007441194d 2 bytes [41, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes [8C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes [8C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000758c1401 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000758c1419 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000758c1431 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000758c144a 2 bytes [8C, 75]
.text ... * 9
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000758c150d 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000758c153d 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000758c1555 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000758c1585 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000758c159d 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes [8C, 75]
.text C:\Users\salva\AppData\Roaming\Dropbox\bin\Dropbox.exe[3952] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes [8C, 75]
.text ... * 9
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes [8C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes [8C, 75]
---- Threads - GMER 2.0 ----
Thread [1772:1784] 0000000077d73e45
Thread [1772:1788] 0000000075d67587
Thread [1772:1808] 0000000074fac59c
Thread [1772:1812] 0000000074fac59c
Thread [1772:2000] 0000000074fac59c
Thread [1772:2016] 0000000077d72e25
Thread [1772:2020] 0000000074fac41c
Thread [1772:2728] 0000000074d2e2db
Thread [1772:2732] 0000000074fac59c
Thread [1772:2736] 0000000074fac41c
Thread [1772:2740] 0000000074fac41c
Thread [1772:2744] 0000000074fac41c
Thread [1772:2748] 0000000074fac41c
Thread [1772:2752] 0000000074fac41c
Thread [1772:2756] 0000000074fac41c
Thread [1772:2760] 0000000074fac41c
Thread [1772:2764] 0000000074fac41c
Thread [1772:2768] 0000000074fac41c
Thread [1772:2772] 0000000074fac41c
Thread [1772:2776] 0000000074fac41c
Thread [1772:2780] 0000000074fac41c
Thread [1772:2784] 0000000074fac41c
Thread [1772:2788] 0000000074fac41c
Thread [1772:2792] 0000000074fac41c
Thread [1772:2800] 0000000074fac41c
Thread [1772:2804] 0000000074fac41c
Thread [1772:2812] 0000000074fac59c
Thread [1772:2816] 0000000073bc8e00
Thread [1772:2820] 0000000073bc8e00
Thread [1772:2824] 0000000073bc8e00
Thread [1772:2828] 0000000073bc4e80
Thread [1772:2848] 0000000074fac59c
Thread [1772:3612] 0000000074fac59c
Thread [1772:4324] 0000000074fac59c
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3060:1560] 0000000075d67587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3060:2132] 0000000073ad0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3060:2304] 0000000077d72e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3060:5736] 0000000077d73e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3060:4916] 0000000077d73e45
Thread C:\Windows\SysWOW64\ntdll.dll [740:3912] 00000000000c49bf
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5020:3748] 000007fefc4e2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5020:4380] 000007feea83d618
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0xB6 0x46 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0x8B 0x5C 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xAE 0x0E 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0xB6 0x46 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0x8B 0x5C 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0xAE 0x0E 0x16 ...
---- EOF - GMER 2.0 ----
ComboFix hatte ich vergessen zu erwähnen, sorry. Den hab ich auf Empfehlung/Anleitung eines Kollegen hier vor Ort ausgeführt, habe aber leider die LogDatei nicht mehr. Die Programme haben keine Schadsoftware gefunden, Malewarebites lediglich 2 Tracking Cookies, hat aber seltsamerweise nirgends ein Logfile hinterlassen. Die Popups hab ich bis jetzt nur bei Chrome festgestellt, habe aber gerade noch Internet Explorer/Firefox gestartet, um das da zu prüfen. Ist nur schwer zu sagen, weil das eben so unregelmäßig auftritt. EDIT: Hab auf nem USB Stick den Log doch noch gefunden: Code:
ATTFilter ComboFix 13-02-13.02 - salva 13.02.2013 22:55:48.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16279.13558 [GMT 1:00]
ausgeführt von:: e:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\salva\AppData\Local\assembly\tmp
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-13 bis 2013-02-13 ))))))))))))))))))))))))))))))
.
.
2013-02-13 21:57 . 2013-02-13 21:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-13 21:57 . 2013-02-13 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-13 21:30 . 2013-02-13 21:30 -------- d-----w- c:\windows\system32\appmgmt
2013-02-13 19:16 . 2013-02-13 19:16 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-02-13 06:41 . 2013-02-13 06:41 -------- d-----w- c:\users\salva\AppData\Roaming\Malwarebytes
2013-02-13 06:41 . 2013-02-13 06:41 -------- d-----w- c:\programdata\Malwarebytes
2013-02-13 06:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 15:45 . 2013-02-12 15:45 -------- d-----w- c:\programdata\Package Cache
2013-02-11 19:50 . 2013-02-11 19:50 -------- d-----w- c:\users\salva\AppData\Local\PDF24
2013-01-28 15:11 . 2013-01-28 15:10 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-28 15:10 . 2013-01-28 15:10 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-28 15:10 . 2013-01-28 15:10 188832 ----a-w- c:\windows\system32\java.exe
2013-01-28 15:10 . 2013-01-28 15:10 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-28 12:38 . 2013-01-28 12:38 -------- d-----w- c:\windows\Hewlett-Packard
2013-01-27 19:50 . 2013-01-27 19:50 -------- d-----w- c:\users\salva\AppData\Local\HP
2013-01-25 18:55 . 2013-02-04 20:19 -------- d-----w- c:\users\salva\AppData\Roaming\Dropbox
2013-01-24 15:23 . 2013-01-25 19:01 -------- d-----w- c:\users\salva\AppData\Roaming\HandBrake
2013-01-24 15:15 . 2013-01-24 15:23 -------- d-----w- c:\users\salva\AppData\Roaming\Broad Intelligence
2013-01-24 12:40 . 2013-01-25 19:49 -------- d-----w- c:\users\salva\AppData\Roaming\avidemux
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 19:55 . 2012-10-08 16:12 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-13 19:55 . 2012-10-08 14:31 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-13 19:16 . 2012-10-08 11:37 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-02-13 13:22 . 2012-10-09 13:51 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 18:28 . 2012-10-08 14:31 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-12 16:38 . 2012-10-08 14:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-02-10 23:35 . 2012-10-08 13:39 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 23:35 . 2012-10-08 13:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-28 15:10 . 2012-10-08 11:47 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-28 15:10 . 2012-10-08 11:47 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-06 23:16 . 2013-01-06 23:25 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-12-16 17:11 . 2013-01-07 03:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-07 03:11 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-07 03:11 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-07 03:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 01:42 . 2012-12-14 01:42 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-12-14 01:42 . 2012-12-14 01:42 21850112 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 196096 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-14 01:42 . 2012-12-14 01:42 384512 ----a-w- c:\windows\system32\igfxpph.dll
2012-12-14 01:42 . 2012-12-14 01:42 12615680 ----a-w- c:\windows\system32\igdumd64.dll
2012-12-14 01:42 . 2012-12-14 01:42 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-12-14 01:42 . 2012-12-14 01:42 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-12-14 01:42 . 2012-12-14 01:42 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-12-14 01:42 . 2012-12-14 01:42 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-12-14 01:42 . 2012-12-14 01:42 330752 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-12-14 01:42 . 2012-12-14 01:42 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-12-14 01:42 . 2012-12-14 01:42 11174912 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-12-14 01:42 . 2012-10-08 11:30 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-12-14 01:42 . 2012-10-08 11:30 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-12-14 01:42 . 2012-12-14 01:42 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42 512112 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-12-14 01:42 . 2012-12-14 01:42 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-12-14 01:42 . 2012-12-14 01:42 255088 ----a-w- c:\windows\system32\igfxext.exe
2012-12-14 01:42 . 2012-12-14 01:42 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-12-14 01:42 . 2012-12-14 01:42 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-12-14 01:42 . 2012-12-14 01:42 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-12-14 01:42 . 2012-12-14 01:42 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-12-14 01:42 . 2012-12-14 01:42 12858368 ----a-w- c:\windows\system32\igd10umd64.dll
2012-12-14 01:42 . 2012-12-14 01:42 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-12-14 01:42 . 2012-12-14 01:42 754652 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42 598384 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-12-14 01:42 . 2012-12-14 01:42 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-12-14 01:42 . 2012-12-14 01:42 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-12-14 01:42 . 2012-12-14 01:42 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-12-14 01:42 . 2012-12-14 01:42 5353888 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-12-14 01:42 . 2012-12-14 01:42 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-12-14 01:42 . 2012-12-14 01:42 185968 ----a-w- c:\windows\system32\difx64.exe
2012-12-14 01:42 . 2012-12-14 01:42 11633152 ----a-w- c:\windows\system32\ig7icd64.dll
2012-12-14 01:42 . 2012-12-14 01:42 8621056 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-12-14 01:42 . 2012-12-14 01:42 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-12-14 01:42 . 2012-12-14 01:42 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-12-14 01:42 . 2012-12-14 01:42 27457536 ----a-w- c:\windows\system32\igdfcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 116224 ----a-w- c:\windows\system32\igfxCoIn_v2932.dll
2012-12-14 01:42 . 2012-12-14 01:42 442880 ----a-w- c:\windows\system32\igfxdev.dll
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-12-14 01:42 . 2012-12-14 01:42 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-12-14 01:42 . 2012-12-14 01:42 441968 ----a-w- c:\windows\system32\igfxpers.exe
2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-12-14 01:42 . 2012-12-14 01:42 410112 ----a-w- c:\windows\system32\igfxTMM.dll
2012-12-14 01:42 . 2012-12-14 01:42 3581440 ----a-w- c:\windows\system32\igdbcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 172144 ----a-w- c:\windows\system32\igfxtray.exe
2012-12-14 01:42 . 2012-12-14 01:42 5906032 ----a-w- c:\windows\system32\GfxUI.exe
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-12-14 01:42 . 2012-12-14 01:42 3511296 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-12-14 01:42 . 2012-12-14 01:42 2898944 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 175104 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-12-14 01:42 . 2012-12-14 01:42 399984 ----a-w- c:\windows\system32\hkcmd.exe
2012-12-14 01:42 . 2012-12-14 01:42 277616 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-12-11 16:25 . 2012-10-08 12:17 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 16:25 . 2012-10-08 12:17 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-07 13:20 . 2013-01-09 08:10 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 08:10 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 08:10 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:10 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:21 . 2012-12-10 12:25 153600 ----a-w- c:\windows\system32\tmb1-v64.dll
2012-12-07 11:21 . 2012-12-10 12:25 139264 ----a-w- c:\windows\SysWow64\tmb1-v32.dll
2012-12-07 11:20 . 2013-01-09 08:10 30720 ----a-w- c:\windows\system32\usk.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Spybot-S&D Cleaning"="d:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"avgnt"="d:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"SDTray"="d:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-10-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-23 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2011-10-10 22040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 Tcpz-x64;Tcpz-x64;c:\users\salva\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-09-26 123904]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-09-26 37504]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-03-12 66336]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-02-13 34752]
S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 13:27 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 23:35]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 11:44]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 11:44]
.
2013-02-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-02-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\salva\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = webproxy.unibw.de:8080
uInternet Settings,ProxyOverride = *.unibw.de;*.unibw-muenchen.de;192.168.0.1;<local>
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\salva\AppData\Roaming\Mozilla\Firefox\Profiles\glqkxofe.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-83851407-2873241263-2947113166-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,72,d5,01,97,06,7d,5c,45,90,ec,f7,b8,b5,d1,15,3b,b5,15,a0,01,
b2,10,86,51,f3,54,db,a6,ea,ad,b3,69,49,7d,1b,ee,4e,ca,0e,7b,8e,79,68,e6,bc,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-13 22:59:04
ComboFix-quarantined-files.txt 2013-02-13 21:59
.
Vor Suchlauf: 10 Verzeichnis(se), 14.365.642.752 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.114.250.752 Bytes frei
.
- - End Of File - - 41FA792F9263EB65142120FAB97371FC
Geändert von salva92 (14.02.2013 um 16:33 Uhr) |
|
14.02.2013, 21:40
| #4 |
| /// TB-Ausbilder | Zufällige Werbepopups beim Surfen Da ist noch nicht viel zu sehen.. Kannst du das eingrenzen, seit wann denn das Problem ungefähr besteht? Und kannst du bitte die Symptome etwas genauer beschreiben: Sind es wirklich Popups im Sinne von kleinen Browserfensterchen, die aufgehen, oder wird einfach etwas in der aktuellen Seite eingeblendet? Und was wird beworben? Siehst du eine Adresse von der Werbeseite? Teste bitte weiterhin, ob auch die anderen Browser betroffen sind, oder nur Chrome, das wäre schon aufschlussreich. Wenn nur der Chrome betroffen ist: Hast du eine neue Extension oder ähnliches hinzugefügt, bevor das mit diesen Werbepopups begonnen hat?
__________________ cheers, Leo |
|
14.02.2013, 23:00
| #5 |
| | Zufällige Werbepopups beim Surfen Das Problem besteht etwa seit Montag, den 11.02.13. Installiert hatte ich in der Zeit nur den PDF24 Creator, den hab ich jedoch auch schon wieder deinstalliert. Die Popups sind vollständige Browserfenster mit wechselnder Werbung. Online Spiele, "Börsen Tipps" und Erotik Chatrooms sind die häufigsten. Die Adressen wechseln von Werbung zu Werbung. Kann nach dem Verwenden der anderen Browser (Firefox und IE) jetzt sicher sagen, dass die Werbung nur bei Chrome erscheint. An Erweiterungen oder ähnlichem hab ich nichts hinzugefügt/verändert. Seit ca. 1 Stunde sind jetzt jedoch keine Popups mehr aufgetaucht...ich werde morgen, wenn ich wieder an den PC kann, versuchen die Voraussetzungen für das Erscheinen der Popups weiter einzugrenzen. Vielen Dank schon mal soweit! |
|
15.02.2013, 00:02
| #6 |
| /// TB-Ausbilder | Zufällige Werbepopups beim Surfen Hi, so eine Erweiterung kann auch durch ein Update diese neue Zusatzfunktion bekommen haben.. Ich würd beginnen, der Reihe nach diese Addons zu deaktivieren und jedes Mal zu kontrollieren, ob die Popups noch erscheinen. Vielleicht kannst du so eines entdecken, welches dafür verantwortlich ist. Und ich würd natürlich bei den "am wenigsten offiziellen" beginnen, dort ist die Chance am grössten, dass mit leicht dubioser Werbung Einkünfte generiert werden sollen.
__________________ --> Zufällige Werbepopups beim Surfen |
|
15.02.2013, 16:16
| #7 |
| | Zufällige Werbepopups beim Surfen Ich habe jetzt Stück für Stück alle Erweiterungen deaktiviert und als das nicht geholfen hat den Browser komplett deinstalliert und gerade wieder installiert, ohne Erweiterungen. Bis jetzt sind keine Popups mehr aufgetaucht und ich hoffe, dass das jetzt die endgültige Lösung ist! Vielen Dank Leo für deine Hilfe und deine aufgewendete Zeit! |
|
15.02.2013, 16:20
| #8 |
| /// TB-Ausbilder | Zufällige Werbepopups beim Surfen Danke für die Rückmeldung. Falls die Popups dennoch wieder auftauchen, dann meld dich einfach wieder hier und wir graben noch weiter.
__________________ cheers, Leo |
|
19.02.2013, 09:26
| #9 |
| /// TB-Ausbilder | Zufällige Werbepopups beim Surfen Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Zufällige Werbepopups beim Surfen |
| 0x80041003, adblock, antivir, application/pdf:, audiograbber, avira, battle.net, bho, black, browser, error, firefox, flash player, google, helper, hewlett packard, hijack, homepage, hotspot, iexplore.exe, install.exe, jdownloader, launch, mozilla, nodrives, nvidia update, object, pando media booster, plug-in, problem, realtek, registry, scan, security, senden, software, super, svchost.exe, teamspeak, usb, windows |
Linear-Darstellung
