| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bedrohungen im Firefox Cache (408 Bedrohungen) #2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.06.2013, 19:09
| #1 |
 |  Bedrohungen im Firefox Cache (408 Bedrohungen) #2 Guten Tag, ich habe wieder folgendes Problem, dass mir Kasperksy Bedrohungen im Firefox Cache Ordner anzeigt, folgendes Beispiel: 39599m01 Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 24.06.2013 18:43:08 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\F\EF\ Zurückgestellt Untersuchung des Computers 39599m01 Gefunden: HiddenObject.Multi.Generic 24.06.2013 18:43:08 c:\Documents and Settings\alex\AppData\Local\Mozilla\Firefox\Profiles\l3fiemti.default\Cache\F\EF\ Protokolliert Untersuchung des Computers Alle Bedrohungen sehen so aus, alle im gleichen Ordner. Auffällig ist nur, das es sonst keine "richtig" negativen Auswirkungen auf meinen PC hat, ich meine damit, z.B. gestohlene Passwörter, langsamer Pc, etc. Aber ich werde trotzdem nervös bei dieser hohen Anzahl an Bedrohungen, vorallem da ich nicht genau weiß ob sie jetzt doch wirklich schädlich sind oder nicht. Defogger-Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:53 on 24/06/2013 (alex)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 24.06.2013 19:53:31 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alex\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,93 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,97% Memory free 15,79 Gb Paging File | 14,30 Gb Available in Paging File | 90,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 5,88 Gb Free Space | 5,27% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\alex\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel(R) Corporation) PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (XTU3SERVICE) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel(R) Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation) DRV:64bit: - (HWiNFO32) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS (REALiX(tm)) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer USA Ltd) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (AcpiCtlDrv) -- C:\Windows\SysNative\drivers\AcpiCtlDrv.sys (Intel Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (e1qexpress) -- C:\Windows\SysNative\drivers\e1q62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (bulkadi) -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (iocbios2) -- C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys (Intel Corporation) DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (EfiVariable) -- C:\Windows\SysWOW64\drivers\variable64.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D8 7E FE 00 3A CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\alex\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alex\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.23 16:50:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.05.25 03:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions [2013.06.22 02:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\l3fiemti.default\extensions [2013.06.22 02:06:18 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\l3fiemti.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.06.19 22:49:31 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\l3fiemti.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2013.06.05 16:11:46 | 000,166,279 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\l3fiemti.default\extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013.05.25 03:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.25 03:23:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.23 16:50:37 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: Google Mail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6821D127-AFC2-40CD-9217-DECEC02DF96D}: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F04375FE-AF71-4E32-B2C6-07D7C75E5B95}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\raidcall.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\uninst.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\raidcall.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\uninst.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" File not found O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.20 22:31:53 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\Battlefield 3 [2013.06.20 21:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.06.20 18:36:32 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\wallpaper [2013.06.19 23:06:17 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.19 23:05:55 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.19 23:05:55 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.19 23:05:55 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.19 23:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.19 17:16:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.19 17:15:47 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.19 16:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.18 13:12:49 | 027,775,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.06.18 13:12:49 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.06.18 13:12:49 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.06.18 13:12:49 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.06.18 13:12:49 | 015,910,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.06.18 13:12:49 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.06.18 13:12:49 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.06.18 13:12:49 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.06.18 13:12:49 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.06.18 13:12:49 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.06.18 13:12:49 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.06.18 13:12:49 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.06.18 13:12:49 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.06.18 13:12:49 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.06.18 13:12:49 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll [2013.06.18 13:12:49 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll [2013.06.18 13:12:49 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2013.06.18 13:12:49 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2013.06.18 13:12:49 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2013.06.18 13:12:49 | 000,432,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2013.06.18 13:12:49 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2013.06.18 13:12:49 | 000,370,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2013.06.18 13:12:08 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.06.15 16:27:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.15 16:27:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.13 12:48:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 12:48:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 12:48:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 12:48:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.13 12:48:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.13 12:48:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.13 12:48:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.13 12:48:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.13 12:48:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.13 12:48:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.13 12:48:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.13 12:48:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.13 12:48:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.13 12:48:15 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.13 12:48:15 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.13 12:48:15 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.13 12:48:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.13 12:48:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.13 12:48:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.13 12:48:13 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.13 12:48:13 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.13 12:48:13 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.13 12:48:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.13 12:48:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.13 12:48:11 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.13 12:48:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.09 17:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.06.09 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Secunia PSI [2013.06.09 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.06.09 17:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.09 17:02:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.09 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.05 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\CustomSettingNames_en-EN - fps limiter [2013.06.05 15:06:05 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\nvidiaInspector [2013.06.04 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.06.03 17:03:26 | 001,330,144 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\alex\Desktop\GPU-Z.0.7.1.exe [2013.05.31 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\lel [2013.05.26 03:42:12 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Malwarebytes [2013.05.26 03:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.24 00:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\alex\AppData\Roaming\JomCap.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.24 19:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.24 10:18:39 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.24 10:18:39 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.24 10:18:30 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.06.24 08:37:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:37:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 08:36:40 | 001,613,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.24 08:36:40 | 000,696,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.24 08:36:40 | 000,652,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.24 08:36:40 | 000,148,174 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.24 08:36:40 | 000,121,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.24 08:31:59 | 000,001,924 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600.lnk [2013.06.24 08:30:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.20 22:33:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.06.20 22:15:40 | 000,012,061 | ---- | M] () -- C:\Users\alex\Desktop\mah nigga.png [2013.06.20 21:23:07 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.06.19 23:05:53 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.06.19 23:05:53 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.06.19 23:05:53 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.19 23:05:53 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.19 23:05:53 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.19 23:05:53 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.19 23:01:32 | 001,590,498 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.19 17:31:02 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.06.19 17:31:02 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.19 15:00:31 | 000,000,000 | ---- | M] () -- C:\Users\alex\defogger_reenable [2013.06.18 13:16:24 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.06.15 13:07:32 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.15 01:23:09 | 000,025,766 | ---- | M] () -- C:\Users\alex\Desktop\cc_20130615_012304.reg [2013.06.15 01:22:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.14 19:28:48 | 002,684,521 | ---- | M] () -- C:\Users\alex\Desktop\Vivienne-Westwood-Union-Jack-Wallpaper-£130-a-roll.jpg [2013.06.14 00:08:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2219949675-2119565610-2197399653-1001UA.job [2013.06.14 00:08:32 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2219949675-2119565610-2197399653-1001Core.job [2013.06.12 13:31:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 13:31:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.09 17:02:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.07 12:16:36 | 000,159,264 | ---- | M] () -- C:\Users\alex\Desktop\973782_541870045850394_1032246083_n.jpg [2013.06.07 12:16:32 | 000,165,441 | ---- | M] () -- C:\Users\alex\Desktop\975702_541869935850405_1053291288_n.jpg [2013.06.06 22:47:48 | 000,002,362 | ---- | M] () -- C:\Users\alex\Desktop\Google Chrome.lnk [2013.06.04 16:57:31 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.06.03 17:03:28 | 001,330,144 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\alex\Desktop\GPU-Z.0.7.1.exe [2013.05.27 05:14:31 | 001,352,471 | ---- | M] () -- C:\Users\alex\Desktop\TwAgD.png [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.20 22:15:40 | 000,012,061 | ---- | C] () -- C:\Users\alex\Desktop\mah nigga.png [2013.06.20 21:23:07 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.06.19 15:00:31 | 000,000,000 | ---- | C] () -- C:\Users\alex\defogger_reenable [2013.06.15 13:07:32 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.15 01:23:07 | 000,025,766 | ---- | C] () -- C:\Users\alex\Desktop\cc_20130615_012304.reg [2013.06.15 01:22:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.14 19:28:47 | 002,684,521 | ---- | C] () -- C:\Users\alex\Desktop\Vivienne-Westwood-Union-Jack-Wallpaper-£130-a-roll.jpg [2013.06.09 17:13:10 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.06.09 17:02:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.07 12:16:36 | 000,159,264 | ---- | C] () -- C:\Users\alex\Desktop\973782_541870045850394_1032246083_n.jpg [2013.06.07 12:16:30 | 000,165,441 | ---- | C] () -- C:\Users\alex\Desktop\975702_541869935850405_1053291288_n.jpg [2013.06.04 16:57:31 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.05.27 05:14:00 | 001,352,471 | ---- | C] () -- C:\Users\alex\Desktop\TwAgD.png [2013.04.15 19:22:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.11 01:05:48 | 000,005,886 | ---- | C] () -- C:\Users\alex\AppData\Local\recently-used.xbel [2013.01.19 16:56:04 | 000,003,072 | ---- | C] () -- C:\Users\alex\AppData\Local\file__0.localstorage [2012.12.11 14:02:00 | 000,000,680 | RHS- | C] () -- C:\Users\alex\ntuser.pol [2012.11.25 19:01:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.09.28 17:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.09.02 21:40:00 | 001,590,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.02 21:38:23 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.02 21:38:17 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.09.02 21:38:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.18 22:11:18 | 000,017,408 | ---- | C] () -- C:\Users\alex\AppData\Local\WebpageIcons.db [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.06.2013 19:53:31 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alex\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,93 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,97% Memory free
15,79 Gb Paging File | 14,30 Gb Available in Paging File | 90,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 5,88 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A74382E-5E5B-4F24-9C02-DDA1567797D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{162A0CB2-5C37-49D3-89F3-3709CD30AB0B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{24B8BDBB-E3E0-4CAF-A843-2486060AB3DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B52D4BC-479A-4420-A454-B4E5787A021F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35EF76EC-8CFF-4C64-A75B-EC6644409354}" = rport=137 | protocol=17 | dir=out | app=system |
"{3940D1E4-E82E-480D-B33C-D60624B48F42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A654757-0FC5-490C-A03A-89C25BD5A175}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43FB4317-5D79-4141-9FBB-7BA09B825EA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47A1DAEE-D554-4CEB-BE16-C1455D3BFC9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{480FEE1C-5FFA-40B7-B0CB-F526B5B7FEDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BC06471-75CD-4A72-B3C0-077B646539AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FD30AAB-6E40-47D3-96AE-AA1588B8CFD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DE250B9-01E3-41A3-A414-3392226CED71}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5E864418-28FF-40D1-973F-4FC647C75CD7}" = rport=139 | protocol=6 | dir=out | app=system |
"{64981964-F5F0-4AF9-99D8-044F5315AC8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66AEB849-ADF9-4EA1-A384-275061EFD228}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69AAFD87-90C5-44D6-8BD7-880F3EB7C4FF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8639B6F1-67DE-4441-9F73-55D5864122C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F89120B-2D29-489B-B2D0-E3B8262800BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{972D119C-4624-46CD-95B7-31281D4617AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B23A93B-98B3-4BA0-9855-0012F000E4C0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A285042B-AA9C-4705-9BC7-440707437979}" = lport=139 | protocol=6 | dir=in | app=system |
"{B06A3BE1-C368-47E4-B026-D3EC1D5609BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C924FB32-D870-4531-A343-3709BC9E265C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCCC2DEF-1790-4917-A000-361BD06B4965}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D151D443-B1F3-47C9-A767-504F5E837B25}" = lport=138 | protocol=17 | dir=in | app=system |
"{D62F0E48-6586-430F-B833-771BD492ADD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E04A379A-CBF1-4B4E-8440-6D0F970B798A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2D4002F-458E-4EE9-AB92-FAA76CF3F776}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7A26C0B-3E04-4171-8B4E-04B737703150}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F7CF13BB-BECA-4303-B0E7-4E39C53E7655}" = rport=138 | protocol=17 | dir=out | app=system |
"{FADD4203-7A37-4FB6-B46C-3200CD1F2D87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0383D529-81BE-40B2-BCA8-5ECA0CCDB199}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{05AE4DD7-6A32-4683-ACD4-D010E9843231}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0608F16C-99E2-4339-88E3-52A3AFE8613A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AB1912C-33A8-4593-8BFA-264558045B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{10448516-CC91-4216-9EE4-98A06E47FE1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1259AC10-4713-4952-8860-084AC39C5EAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1CD42557-9375-4BB8-9702-731B20642803}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2423CE18-2BBC-4392-937D-F9F13B35B6B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{270AF091-A719-4548-BF4E-77AED40ED9AA}" = dir=in | app=c:\program files (x86)\intel\extreme tuning utility\client\perftune.exe |
"{271284E9-C142-475E-9217-586D57D0A7E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2A9BC0F3-4B82-4808-BF5B-74435199FEBE}" = dir=in | name=twitch |
"{31050CCA-A259-4271-AE6B-814A1F8F6913}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{32E77A47-E18A-46C6-8CE2-D54BA3E9E1E5}" = protocol=6 | dir=out | app=system |
"{40DE0949-2F38-446F-8853-094ED3DBD3AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42683ACB-FE66-4E89-8D5A-4AFC5A457912}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{47216FFC-5566-4BAD-BDF6-9E290C956798}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48D00AC3-9E20-4F6A-996E-1B89EA8B72F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4AB4871C-1008-46BC-8219-E0D94C2B0E0E}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{4E07B450-8777-4455-BD2F-586EB88AB32E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{52C3619C-BF05-457B-9A97-FDFF20B0B79E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55F4CA88-4196-429A-ADF4-DEF7849DB336}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{565B7D4C-BAE0-4D23-BAFF-59E753CA0E93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gullegulle402\sourcesdk\bin\sdklauncher.exe |
"{57A87277-C099-4B66-9556-0CC92419C713}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5F56164D-2439-43D6-9DBD-9A6497ADE551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{693BE8B9-94AA-4494-A9BB-0E8D2B507FD3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C163D6C-CF47-4EA3-986D-77B44F6BFFD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C4770FC-48B9-4F5E-B566-FF016B9FB675}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{73A34325-5284-4DD3-A7A9-26A0061B8E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gullegulle402\sourcesdk\bin\sdklauncher.exe |
"{7B671B24-AF38-4C34-A443-D81C46C63D20}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{80723913-415A-4F67-9A94-59EC72243131}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{814A482C-6856-4BBB-8545-9EC798EFE117}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8FB1F17E-8EA6-46B7-9EFC-4E8B57F684F8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{90A7BDDA-4DB0-41FC-A7AA-BC554A120A3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{95DEE9A1-9304-4DC7-9DD2-794C5BF1F2A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{993AC872-3822-4569-B0BB-C0CD53B43AAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9E330CE3-E850-45D9-A443-9CD58CF7A3D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A854CCFD-CBE9-46DB-9CCF-A42E84481792}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFC4E1FF-56F0-435E-AEC6-3A6E92E094D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3C2D8B7-CC29-451E-BF63-F2037D8D8F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C1174A42-F76D-4058-B947-95B1648D5CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C338E599-3540-410B-A45C-ADBA18A0C3E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDB1E267-EDD0-47F0-AD2C-C2A0A96DB675}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDE32FF6-900E-45DA-A06A-5489724757E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D11B6295-F395-477F-9A1E-0FEF88871B59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D6BA5C49-4026-474A-886B-AB85B303F9EB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F1AB3E2A-C25B-45CD-93D3-4CF38C79008E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F32ECDF9-4856-4F9C-A84E-A6B56EB09CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB0FF8DE-3F99-4F7B-B2D8-8200DDC4E30B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6B44AEB-3F57-45D7-9A89-5020135CBF90}" = Studie zur Verbesserung von HP Officejet 6600 Produkten
"{C768E610-4DFB-4A60-A59B-71549EB7BF75}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"GCFScape_is1" = GCFScape 1.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.4.2
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84AEB93A-ECBB-4568-8F59-D4516EF59079}" = Skyrim Performance Monitor
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{a1d972d8-eaf6-4527-8775-265dc3eaa867}" = Intel Extreme Tuning Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}" = Razer Mamba
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A35687-AEA9-422C-B237-FC4F8136B6F6}" = Intel(R) Integrator Assistant
"{DCD74F6F-06AE-4DC4-96D3-B9B62EEF2C53}" = Intel Extreme Tuning Utility
"{E8D0E51F-CC46-48DF-9BF2-E6157FC3717E}" = Intel(R) Extreme Tuning Utility
"{F01CBA59-B5BD-4608-A834-1CBE8C292A71}" = Intel(R) Desktop Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Rainmeter" = Rainmeter
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Steam App 211" = Source SDK
"Steam App 570" = Dota 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"RIFT-Beta" = RIFT Beta
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2013 06:53:30 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.06.2013 06:55:12 | Computer Name = alex-PC | Source = VSS | ID = 13
Description =
Error - 21.06.2013 06:55:12 | Computer Name = alex-PC | Source = VSS | ID = 12292
Description =
Error - 21.06.2013 06:55:12 | Computer Name = alex-PC | Source = VSS | ID = 8193
Description =
Error - 21.06.2013 06:55:12 | Computer Name = alex-PC | Source = System Restore | ID = 8193
Description =
Error - 21.06.2013 20:03:35 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.06.2013 04:47:44 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.06.2013 22:52:28 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.06.2013 07:31:44 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 02:32:37 | Computer Name = alex-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 23.06.2013 16:46:44 | Computer Name = alex-PC | Source = DCOM | ID = 10005
Description =
Error - 23.06.2013 16:46:44 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 24.06.2013 02:30:39 | Computer Name = alex-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (UBA870010B5DF0E0000)
zurückgegeben.
Error - 24.06.2013 02:30:39 | Computer Name = alex-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (FFFFFFFFFFFFFFFF00)
zurückgegeben.
Error - 24.06.2013 02:30:40 | Computer Name = alex-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (BA870010B5DF0E0040)
zurückgegeben.
Error - 24.06.2013 02:30:40 | Computer Name = alex-PC | Source = Application Popup | ID = 262200
Description = Treiber PCI hat eine ungültige ID für das untergeordnete Gerät (BA870010B5DF0E0080)
zurückgegeben.
Error - 24.06.2013 02:30:47 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 24.06.2013 02:32:04 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 24.06.2013 02:32:04 | Computer Name = alex-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 24.06.2013 06:33:18 | Computer Name = alex-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-24 20:02:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Corsair_Force_GT rev.1.3.3 111,79GB Running: gmer_2.1.19163.exe; Driver: C:\Users\alex\AppData\Local\Temp\kxldrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800037b2000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800037b202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071721a22 2 bytes [72, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071721ad0 2 bytes [72, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071721b08 2 bytes [72, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071721bba 2 bytes [72, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071721bda 2 bytes [72, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75] .text C:\Program Files (x86)\Secunia\PSI\sua.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75] .text ... * 2 .text C:\Users\alex\Downloads\OTL.exe[8916] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75] .text C:\Users\alex\Downloads\OTL.exe[8916] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1732:4212] 000007fef3a79688 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 alex :: ALEX-PC [limitiert] 24.06.2013 20:03:25 mbam-log-2013-06-24 (20-03-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 254047 Laufzeit: 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
| Themen zu Bedrohungen im Firefox Cache (408 Bedrohungen) #2 |
| 7-zip, avp, bho, browser, converter, cpu-z, crystaldiskinfo, ebanking, error, eset smart security, firefox, flash player, hal.dll, helper, home, homepage, iexplore.exe, install.exe, kaspersky, kaspersky internet security 2013, launch, logfile, monitor.exe, mp3, nexus, officejet, plug-in, popup, problem, realtek, registry, scan, secunia psi, security, senden, server, tastatur, teamspeak, windows |
Baum-Darstellung