| |
| |||||||
Log-Analyse und Auswertung: Ständig neue Geräte am Router die nach manueller löschung und reset automatisch verbinden (kein WLAN)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.07.2013, 01:58
| #1 |
| |  Ständig neue Geräte am Router die nach manueller löschung und reset automatisch verbinden (kein WLAN) Hallo, vor zwei Tagen hatte ich Internetabbrüche. Laut Windows-Diagnose war irgendwas mit der DNS-Server verbindung. Nachdem ich dann gesehen hab das zwei neue Geräte an meinem Router (Speedport W 723V) hängen löschte ich diese aus der Liste und I-net war wieder da. Jedoch verbinden diese MAC-Addressen nach einem Routerneustart automatich. Kannte sowas bisher nur durch WLAN  , nachdem ich dann aber ein Kabel gelegt hab, die Festplatte formartiert und von Vista auf Win7 upgegradet hab war lange Zeit ruhe. Doch jetzt geht das wieder los. danke im Vorraus Gruß Gora Code:
ATTFilter OTL logfile created on: 26.07.2013 02:00:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patryk\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,19% Memory free 8,00 Gb Paging File | 6,44 Gb Available in Paging File | 80,56% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,04 Gb Total Space | 287,62 Gb Free Space | 63,35% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 423,43 Gb Free Space | 90,91% Space Free | Partition Type: NTFS Computer Name: GRR | User Name: Patryk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.07.26 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patryk\Downloads\OTL.exe PRC - [2013.06.25 10:45:27 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.25 10:45:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.06.25 10:45:16 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\program files (x86)\avira\antivir desktop\avgnt.exe PRC - [2013.06.25 10:45:16 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2011.12.02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2013.07.12 10:02:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.25 10:45:27 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.25 10:45:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.06.25 10:45:16 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.10 11:34:54 | 000,541,608 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.31 23:38:24 | 000,075,136 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.17 09:01:22 | 000,110,592 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2010.11.21 05:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.01 12:43:14 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010.03.01 12:43:14 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010.03.01 12:43:12 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:64bit: - [2010.03.01 12:43:12 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:64bit: - [2010.03.01 12:43:12 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:64bit: - [2010.03.01 12:43:10 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010.03.01 12:43:02 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.07.23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1) DRV:64bit: - [2007.03.20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D D1 C3 59 22 96 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.09 01:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.09 01:43:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.07.10 23:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patryk\AppData\Roaming\mozilla\Extensions [2013.07.26 00:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patryk\AppData\Roaming\mozilla\Firefox\Profiles\udwzstrt.default\extensions [2013.07.23 00:43:42 | 000,534,063 | ---- | M] () (No name found) -- C:\Users\Patryk\AppData\Roaming\mozilla\firefox\profiles\udwzstrt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.07.26 00:23:31 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Patryk\AppData\Roaming\mozilla\firefox\profiles\udwzstrt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.10 23:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.10 23:10:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CF929FC-EF0C-486A-88E8-3ED4522BE7E5}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{36113eff-0539-11e1-b56b-0019214939df}\Shell - "" = AutoRun O33 - MountPoints2\{36113eff-0539-11e1-b56b-0019214939df}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{92eef564-0464-11e1-b4c4-0019214939df}\Shell - "" = AutoRun O33 - MountPoints2\{92eef564-0464-11e1-b4c4-0019214939df}\Shell\AutoRun\command - "" = K:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.26 01:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.07.13 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Patryk\Documents\My Games [2013.07.13 21:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.07.13 21:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2013.07.12 15:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.07.12 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Patryk\AppData\Local\ElevatedDiagnostics [2013.07.12 11:03:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.10 23:13:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.10 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\Patryk\AppData\Roaming\Mozilla [2013.07.10 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\Patryk\AppData\Local\Mozilla [2013.07.10 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.07.10 23:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.10 22:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.07.10 22:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.07.10 21:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.07.10 21:01:11 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.07.10 21:01:11 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.07.10 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\Patryk\AppData\Local\Macromedia [2013.07.10 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Patryk\AppData\Local\VirtualStore [2013.07.10 14:17:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.09 01:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.07.26 01:59:31 | 000,000,000 | ---- | M] () -- C:\Users\Patryk\defogger_reenable [2013.07.26 01:45:19 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.07.26 01:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.26 00:22:27 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.26 00:22:27 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.26 00:19:29 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.26 00:19:29 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.26 00:19:29 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.26 00:19:29 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.26 00:19:29 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.26 00:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.26 00:14:58 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys [2013.07.13 21:39:33 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.07.13 20:41:28 | 000,000,337 | ---- | M] () -- C:\Users\Patryk\AppData\Local\Perfmon.PerfmonCfg [2013.07.12 13:43:30 | 000,000,680 | RHS- | M] () -- C:\Users\Patryk\ntuser.pol [2013.07.10 23:11:00 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.10 19:37:03 | 774,457,731 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.10 13:09:52 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.07.10 12:58:55 | 000,291,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.10 11:26:54 | 000,007,633 | ---- | M] () -- C:\Users\Patryk\AppData\Local\Resmon.ResmonCfg [2013.07.10 10:07:56 | 000,098,695 | ---- | M] () -- C:\Users\Patryk\Desktop\841 nach Roseller..pdf ========== Files Created - No Company Name ========== [2013.07.26 01:59:31 | 000,000,000 | ---- | C] () -- C:\Users\Patryk\defogger_reenable [2013.07.13 21:39:33 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.07.13 20:28:39 | 000,000,337 | ---- | C] () -- C:\Users\Patryk\AppData\Local\Perfmon.PerfmonCfg [2013.07.10 23:11:00 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.10 23:11:00 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.10 22:46:38 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.07.10 22:44:39 | 000,021,578 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.07.10 19:37:03 | 774,457,731 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.07.10 10:07:56 | 000,098,695 | ---- | C] () -- C:\Users\Patryk\Desktop\841 nach Roseller..pdf [2012.09.26 17:01:42 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.14 23:52:26 | 000,000,680 | RHS- | C] () -- C:\Users\Patryk\ntuser.pol [2011.11.26 10:00:38 | 000,007,633 | ---- | C] () -- C:\Users\Patryk\AppData\Local\Resmon.ResmonCfg [2011.10.31 23:31:13 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.31 23:31:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.06 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Patryk\AppData\Roaming\Thunderbird [2011.11.25 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\Patryk\AppData\Roaming\Tific [2012.11.18 23:34:23 | 000,000,000 | ---D | M] -- C:\Users\Patryk\AppData\Roaming\TS3Client [2012.03.04 15:12:27 | 000,000,000 | ---D | M] -- C:\Users\Patryk\AppData\Roaming\ts3overlay ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.07.2013 02:00:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patryk\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,19% Memory free
8,00 Gb Paging File | 6,44 Gb Available in Paging File | 80,56% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,04 Gb Total Space | 287,62 Gb Free Space | 63,35% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 423,43 Gb Free Space | 90,91% Space Free | Partition Type: NTFS
Computer Name: GRR | User Name: Patryk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09025929-A15C-4A41-8F89-E6852BC7C3DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{10E1CA07-6C8A-46B1-AD3A-79AD5E82C08E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A8EAE75-0506-4E1E-8BF6-AFB54344C9C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{35A6C5B4-3FE2-4912-B90F-8774B26FE484}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FABB283-541F-452C-AB6B-CAA6CF51607C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5970003C-836B-4883-B3FC-7B9F9A4957ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68D16AE1-7DD9-40B1-BC59-66DD78ACC8BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6D362A7A-6DF0-43AB-BBF5-515A17972E81}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DD536B5-D70D-4CBB-9BB5-4B9FF614BCE8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1ADD05F-2976-43B1-94F6-45109DE78AD2}" = rport=138 | protocol=17 | dir=out | app=system |
"{B732F5DD-10F6-4794-8F30-CB5E5FB46007}" = lport=137 | protocol=17 | dir=in | app=system |
"{CF70A097-73AC-45D8-AAF3-4785D6ECF489}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D94F4E04-43B0-47A0-B268-71F1D597B0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFA09936-37EB-42ED-8541-98B023B2CCAD}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017F6E5E-AAE8-492E-9724-8038BE9441B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{060F17AD-256F-4176-8D45-23AFF139A580}" = protocol=6 | dir=in | app=c:\users\patryk\appdata\local\apps\2.0\peg580wh.z8g\c29wbn62.etr\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{0F74C158-D4D5-4A80-9159-C3D9458E5BE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{14377B26-ABF9-4978-B8DD-AAD95A114626}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{198B3100-FBEB-49C8-BF57-1A15B89783F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{25A86FE5-AA62-4A88-96B2-E2371F733A75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29D07086-8321-4339-9307-68B8E767AE5F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{2D05D2D1-54ED-475F-A457-6B1D21A45B38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{2F380909-2249-4A9C-B93C-58A7230D1D4A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{30A23C3C-B6F4-4AE3-9E89-4F8690D9E91E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{31236CA6-AB01-4CD0-AB07-8AEE621F20C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{31722190-6EBA-4118-828E-9343F1AB22A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34FF8778-274B-46B0-8C93-12B598D9D002}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36CE59FE-25BD-4B7E-9FC3-1802E79EF4E3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |
"{3A5C4F52-27BF-4A4D-AEEA-7893039EDFF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41019FB9-D101-4FE9-9074-125B94A84FC1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{42DCC16F-746E-4ACF-BD85-B276C825C2C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{438EACBF-C041-4A0F-A364-C97EE5F25CB8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{471B7030-0E6B-40FB-B97B-C5B8487FA820}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{4A1B68E8-8C4B-480D-A421-0E12C85D6B44}" = protocol=6 | dir=in | app=c:\program files (x86)\rift game\riftpatchlive.exe |
"{51BB5B4B-AD93-459A-B568-3E2CFA5D1EED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{54C25172-9CE4-41F4-AF05-CA6074348673}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{5712CD18-3D15-47F1-A8AE-FE2A6A38CDDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{5754347E-1BD6-433C-AD3F-7912BADCDBB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{579C4CF6-2E37-4D23-8270-EAD0192A7A61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{589FF7E4-15CF-46A9-A8EF-4D96DEF902F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5CA057C4-A8D6-48AF-9CB3-993027081645}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{5E334862-0BF1-431C-97A6-A204C3442A63}" = protocol=6 | dir=in | app=c:\program files (x86)\rift game\rift.exe |
"{63F740BF-BC90-412A-AC57-A4DD85608EFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{64072754-D146-4C68-8274-18E522E684C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{649F75C7-720D-42A6-9565-A3C15AB0D29A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D817D50-9803-4516-AFF4-DBFE067E2928}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E61A04E-063D-40CD-8F26-CC06ADB0B3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\rift game\rift.exe |
"{76103FEC-B651-43E1-A97F-C4F0D01CE497}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{7EE40E50-F5F4-4FD3-BFFA-CEA05BA2787C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{80E77E7B-DEA1-440E-9B6E-41B6C0B955FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{82526C7B-9349-45AB-8CEC-E5086CD0F258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{8C198097-C3C4-4793-BE72-8D6905D77B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{8D7CBEE9-3F64-4450-8038-2F5FC208CBFD}" = protocol=17 | dir=in | app=c:\program files (x86)\rift game\riftpatchlive.exe |
"{92322537-8B17-45E4-8C32-0679E1A66545}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{925CEC03-B6D5-4F9F-A8F3-0573E72668EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9940E086-CF36-49B6-A2B5-076FB2E9090B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9AB8704E-5A05-4D0B-BD97-F877E46F145F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{9BEF1993-2050-4A34-BBEE-5EF8FF815A4F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0A22DA7-A31A-4AE2-92C2-B8F769231211}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |
"{A5203F8C-FBEA-4B5D-8702-3BAB3A34D9A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AAAB54B2-E518-4630-8419-785ACDBA9C95}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{ABB861DC-6E3A-4DFA-8BEE-56A65C0F43D8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ACBFB9C9-197B-4AD4-A047-3CAE6059FC56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AFBB2C2B-7844-48A4-A9BA-50B51440AD78}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B37B679A-0730-4035-B07B-BFC187757BDA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4C51A1D-751D-4E97-8B60-9247C2E73830}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{B6F5F4BB-1C62-4973-87D7-BDBE4B9D35C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{BB1FB2E3-83BA-45F5-9ACF-E20D696EBF0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{BD85A19F-69D2-4DFC-8E1D-105C9C9CE332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BDE27FCB-8103-4962-911C-36D40F9167EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{C1D30896-8E91-47BB-B2CC-D38116CA807D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C77C2739-48F3-4EDA-B7EB-2B59FD5343BC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{C8E2264F-1AC5-491E-8760-59164F45C09F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{CB9561D6-31CD-4571-BBE9-EDAEE53D0026}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{D261EBB8-9D5F-4762-BB7C-63DF74C1C138}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D70C0DC0-DB0A-4466-B7F3-B09E84A8E384}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{DFD9BF5F-06CC-4B7E-99B3-744210C52D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{E0B6D7BC-8FA7-4510-9565-56714AD09842}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{E4A4E69B-7D99-49B9-B70B-C9735DD5BEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{EBE2ABC4-1F77-4623-A980-AB4E7A2A4FB9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ECCF7628-B7A9-4DA1-A135-6FFC4BC4A440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{F0DB42C0-00E0-4E98-9D8C-4228BEB7AB08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{F10BCEEC-A0DF-4022-ACAA-FED90BF56BC6}" = protocol=17 | dir=in | app=c:\users\patryk\appdata\local\apps\2.0\peg580wh.z8g\c29wbn62.etr\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{F3E758C9-0863-45B4-8EC4-A950A9033135}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{F45E84F5-4D3A-4023-8DA4-BE0225BA6D0C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{F7A3CCDA-3DFF-44C0-B535-553FE25912A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"TCP Query User{0AA59196-2271-42A1-8F4D-FC15B7E8A056}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{1B16CB20-E4AD-4B47-993E-5BCB3C3D6C86}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
"TCP Query User{29B4309A-49A6-49EF-9E18-F220FC07CE2D}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{4EA9B14E-2BF1-4081-884E-5237AA37FA6E}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{57A40E9C-D0DA-4725-8F34-358DB4FF60CA}C:\users\patryk\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\patryk\appdata\local\temp\gw2.exe |
"TCP Query User{60C62018-8A18-4863-B208-0B94ADA4AB66}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{83EA6E52-A06D-48F3-B096-1A4A8CDE742D}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{976AA0E5-7A5A-4813-A9FA-2CDB4D428A2D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AD1E52EA-277A-4438-8560-E49FBB845DEB}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{EC8CFB2A-4D0E-4889-AF1F-BCE1F628C6F7}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{333E9F34-F20F-4996-94F8-9271FB03ED0E}C:\users\patryk\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\patryk\appdata\local\temp\gw2.exe |
"UDP Query User{35DBB27B-09A1-4162-BC6B-6ECCFB6397C2}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
"UDP Query User{62A9D691-F3B0-46E6-AF83-B5AB0561F437}C:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{6A04A612-8A67-432B-A3DF-9D0F6F976815}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{9200ABEE-DC1E-49DB-83F7-B532FDF12FF2}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{AADC2532-ABDE-46D0-B21E-E630046CCCEC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{BDCB74B7-F0AE-4ABC-AB4D-0A48FF4FF78C}C:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{CBE0C148-07F4-4C72-939D-0467133795C8}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{EF0EB08E-8796-46BB-8035-437A3EDFB1D4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{F703D63E-F89C-40DA-91D0-D4D6A59894E2}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"Diablo III Public Test" = Diablo III Public Test
"Guild Wars 2" = Guild Wars 2
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2013 20:31:40 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2013 20:35:54 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2013 21:11:51 | Computer Name = grr | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.8.16603 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 7a4 Startzeit: 01ce880a9c0098b5 Endzeit: 0 Anwendungspfad: C:\Program
Files (x86)\Diablo III\Diablo III.exe Berichts-ID: 02e6cdbe-f3fe-11e2-95cf-0019214939df
Error - 23.07.2013 21:31:19 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2013 21:41:24 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2013 21:49:54 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2013 02:47:17 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2013 18:19:55 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 25.07.2013 05:02:33 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
Error - 25.07.2013 18:16:47 | Computer Name = grr | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.07.2013 06:20:24 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:24 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:35 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:35 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:35 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:35 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:47 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:47 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:47 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 25.07.2013 06:20:47 | Computer Name = grr | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-26 02:48:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500630AS rev.3.AAD 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\pxldqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002deb000 45 bytes [00, 00, 1E, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002deb02f 16 bytes [00, 05, 00, 00, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread [1820:3288] 00000000776c3e45
Thread [1820:1904] 0000000076a17587
Thread [1820:3436] 0000000072f1c59c
Thread [1820:3220] 0000000072f1c59c
Thread [1820:640] 0000000072f1c59c
Thread [1820:3396] 00000000776c2e25
Thread [1820:3992] 0000000072f1c41c
Thread [1820:216] 0000000072d5e2db
Thread [1820:2920] 0000000072f1c59c
Thread [1820:2376] 0000000072f1c41c
Thread [1820:3720] 0000000072f1c41c
Thread [1820:2664] 0000000072f1c41c
Thread [1820:600] 0000000072f1c41c
Thread [1820:3108] 0000000072f1c41c
Thread [1820:636] 0000000072f1c41c
Thread [1820:2472] 0000000072f1c41c
Thread [1820:692] 0000000072f1c41c
Thread [1820:3372] 0000000072f1c41c
Thread [1820:3952] 0000000072f1c41c
Thread [1820:2428] 0000000072f1c41c
Thread [1820:3592] 0000000072f1c41c
Thread [1820:896] 0000000072f1c41c
Thread [1820:3784] 0000000072f1c41c
Thread [1820:3976] 0000000072f1c41c
Thread [1820:3300] 0000000072f1c41c
Thread [1820:3172] 0000000072f1c41c
Thread [1820:3368] 0000000072f1c59c
Thread [1820:3196] 00000000726f8e20
Thread [1820:2444] 00000000726f8e20
Thread [1820:2604] 00000000726f8e20
Thread [1820:1656] 00000000726f4e00
Thread [1820:2228] 0000000072f1c59c
Thread [1820:2140] 0000000072f1c59c
Thread [1820:2884] 0000000072f1c59c
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????????????????????????????,????????m???????X??????d???d??Composite.Dev????????????????????????????n???-???????.??????????????????????{4d36e96f-e325-11ce-bfc1-08002be10318}\0002?30???????????????w???????????????????????????????????z???????z????X?????????????USBSTOR\Disk?USBSTOR\RAW????{36fc9e60-c465-11cf-8056-444553540000}?6????Port_#0002.Hub_#0006?D???????&???&???&??3???{533c5b84-ec70-11d2-9505-00c04f79deaf}\0005??????k?k?n?n?n?n?k?n?????n?n?n??????????????????6.1.7600.16385???????????????????????????????????e?? 8???????????????????????????????d???????????????????????????l?????e.d??????????????????????????????????usb\composite????????????????????????????t?????s?????????????????????????????????????????????????&?????????????????????????d????WpdMtpDriver????????????? ??%S?????????????????l?????????????????0??????????????el???????????s??????????????????????generic_hid_device?TOR?????g????????nf??Microsoft???????????{65A9A6CF-64CD-480b-843E-32C86E1BA19F}??????@volsnap.inf,%msft%;Microsoft????????????/?????????
---- EOF - GMER 2.1 ----
 |
| Themen zu Ständig neue Geräte am Router die nach manueller löschung und reset automatisch verbinden (kein WLAN) |
| adobe reader xi, antivir, avg, avira, battle.net, black, cpu-z, desktop, error, festplatte, firefox, flash player, format, home, hängen, iexplore.exe, install.exe, intranet, launch, logfile, mozilla, programm, registry, rundll, scan, security, software, svchost.exe, teamspeak, udp, vista, wlan |
Baum-Darstellung