| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bei anklicken von einem Link weitergeleitet zu einer AbofalleWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2012, 20:40
| #1 |
 |  Bei anklicken von einem Link weitergeleitet zu einer Abofalle Hallo, da es mir heute schon das 3. mal passiert ist mach ich mir langsam Sorgen.Und zwar habe ich gestern eine Meldung gekriegt von GData 2012, dass irgend ein Virus blockiert worden ist, von einer Seite die mir total unbekannt war. Nun ist es heute zum 4. mal passiert, dass wenn ich einen Link bei Google öffne, ich auf irgendeine unregistrierte Domain geleitet und soll eine survey erfüllen um das sehen zu können. Wenn ich den Link erneut anklicke, komm ich dann wirklich auf die Seite die ich wollte. Kann es sein das ich mir da irgendwas eingefangen habe? Lasse grade schon mal nach RootKits scannen über GData, hoffe auf Antwort. mfg Brauny Logfiles sind grade in der "Prozedur" Geändert von Brauny (22.02.2012 um 20:52 Uhr) |
|
22.02.2012, 22:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bei anklicken von einem Link weitergeleitet zu einer AbofalleZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
22.02.2012, 22:26
| #3 |
| | Bei anklicken von einem Link weitergeleitet zu einer Abofalle so hier mal allerlei logs...
__________________Code:
ATTFilter OTL Extras logfile created on: 22.02.2012 20:49:36 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Brauny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 55,76% Memory free
6,69 Gb Paging File | 4,87 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 209,45 Gb Free Space | 36,04% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Computer Name: HACKZ | User Name: Brauny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A5584DC-3E74-4999-918F-278458991112}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{2ACD06B9-98CA-455F-8103-145E0D927AFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D969F34-8082-4DA4-868B-FDA3B71F1B10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3164E200-5FBD-4C3E-B795-70662FDAC61A}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{37DA7497-3ABF-4C7A-8D23-1F21B9DB5599}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{3C67E93E-22E2-48AA-9562-932FBB30E196}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5155F739-5B72-4CEB-B65E-E127E119F0A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{547B678F-6104-4E33-B3FB-C6C89981A0F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{56D5AE3F-D311-4A27-B690-E215B57D05AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{719EE466-77F1-405A-A3C0-4EFBD758200E}" = lport=445 | protocol=6 | dir=in | app=system |
"{71E530DD-1F0A-44A3-9341-51A303D85D76}" = lport=139 | protocol=6 | dir=in | app=system |
"{8BF934A9-AB4F-4358-8F95-B4B430CDA207}" = rport=137 | protocol=17 | dir=out | app=system |
"{A67003D5-AB8D-450F-8ACE-A9D41322F56B}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A9AE49C1-DF9C-4A89-B8DC-C3140158CF4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BABEB5CF-4050-4247-8B78-E857934F011C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3CB80D6-04AC-425A-BA94-8C25CB37670B}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3FCF476-FFBD-4DA3-ABD9-57A969468687}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{DA34A1AC-E5CD-4F95-8864-C1AF49289A6B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E74D5524-8A19-4504-82A2-19A01BDCCF74}" = rport=138 | protocol=17 | dir=out | app=system |
"{E80CDD06-1943-4CCB-B830-A8D9E8149843}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E92B633D-0D36-4CBB-AA13-2A036CF0B3C0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{F967B1A1-60E9-46C5-88BE-BA05736741DA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9F65100-3937-49C1-ADB2-C3E92BA5E653}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FCF49E12-3A17-4A2B-BA09-EE1157C236CB}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074920DA-18B1-44AA-9439-8083421158ED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{07B6652D-41E9-4E0D-8CF5-430C3C521DA7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{08BA1A61-F9B1-4B31-BE86-5C919B840C70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{0B634310-E75E-496B-B863-3BB98CE9FC89}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"{0E8BDB56-DE1A-451A-8738-7BD1956A2A7D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{128BB426-1765-49F1-B33C-2231D17764D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{141BD56A-907E-41EB-9ACF-707A9AC69AC4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{1474423A-850A-4ECF-BF61-E6AE584DDCE8}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{1A920FDA-5838-476D-833F-C07492AB14D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{1B2D188E-F234-447C-8A03-B608F0CBC040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FFCDCAB-0DC5-481C-8C65-F0E3F300763E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"{21A56F51-EA84-468C-BE77-F1FED9217A5C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{2603D8B4-CF63-455B-91E2-6311BA7E9829}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{2D77B85E-0A6C-4D42-9D48-D2A7B6051BE3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2DD8E637-1413-4C1E-88D1-E17062BA4E6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\half-life\hl.exe |
"{3255640F-996C-49CF-B4D9-DB55B3BCFEF2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{33B9136E-9B54-49F2-B1C2-1F077A01A7A4}" = protocol=6 | dir=in | app=c:\users\brauny\appdata\local\apps\2.0\80lerqlb.kjd\84gr8pma.82k\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{35411023-2774-4BC2-9B34-B93B454AD3F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{3646B45D-73C4-4769-9B99-03BD1A477633}" = protocol=6 | dir=in | app=c:\program files\realtek\wireless lan utility\rtwlan.exe |
"{3FAEE3EA-C68D-49F0-B150-6C144AB5C8EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{41BE080D-3DEC-47A5-A02E-D7234146E81C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{41C34602-77C3-4212-92A4-B69A06878C00}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\brink\brink.exe |
"{47368DEB-1510-46FD-844F-39997436ACB9}" = protocol=17 | dir=in | app=c:\users\brauny\appdata\local\apps\2.0\80lerqlb.kjd\84gr8pma.82k\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{4A056B99-743C-41D5-BAD7-87D021589EAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{4BBFE427-47A9-4D09-990D-B001E7D18092}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\brink\brink.exe |
"{5004F8CE-BED5-49C1-8004-E3C465844EA4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{51C18387-EB3A-4153-B05E-967F73CF2001}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55F2FA6C-8AA6-4932-AF5F-1960FE11E823}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"{56524F62-71E4-4A07-9300-4462F6AADD1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{5694E48C-7B01-4B94-A829-43C07ADFB5C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe |
"{58126E82-E310-4FEB-A73E-4238E1425A5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike\hl.exe |
"{5AEC1CAA-43A6-4E9D-B109-0BD8F7D290A0}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{5CD1D829-6EAF-4199-9BA7-021A6B1136B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6162708A-7529-4808-810B-E8E826CB84C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{618F12FC-5449-49A1-9A55-2CA14596A784}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{661A7E2C-1EA3-4671-947B-B9756E339BBB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{686CF94A-8772-4A57-9FE4-2B759C9772C0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{69C9ACC3-F194-4ABB-AACE-E512EE145739}" = dir=in | app=c:\users\brauny\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6E64DF60-CA9C-436E-9443-261AB330BC89}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{6FAE92E7-1CA3-493B-888C-282613A03D28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{756A728D-8AC2-43FB-BA6B-F0B3F1D624BE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{7AF76BF2-94D0-41A5-BB66-437F013527AD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7D369B4C-3E4D-466E-9C1D-137C800C35A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{8398E7A1-218D-488D-8A28-91D29432C178}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{8AE858F1-B94F-4EA7-BC7E-3DEA69DCA16B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\eve online\eve.exe |
"{8F379C79-FC0E-4229-BCE3-19F9C2F74AD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{91BF1E12-182C-4C66-AE9C-1AA97D82CBFF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{947CA89B-E540-4D00-8639-F738F9FA190E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike\hl.exe |
"{9835718E-DCE7-4624-9145-BF828F78A0EC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{99B9CBBA-83A3-4B83-97BF-9645DD422AD0}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{9BDCF30D-83C5-43E4-BD26-A7932F453517}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{9D596013-D408-443E-9E01-7FEF7FE4DA93}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{9E6A43A2-258F-475C-8D72-7994F0086B1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9EEA42D1-6E62-4CDA-84C7-4A73DEC1FAD9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A6CD92C2-864A-4B31-9C1E-38B09CFC645E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |
"{A74EC1B9-FFF2-473D-8EA9-6161DC9E14CF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A8BF9D1F-2684-484B-9B27-5CBACD0DE2BA}" = protocol=17 | dir=in | app=c:\program files\realtek\wireless lan utility\rtwlan.exe |
"{B5D9236E-2760-472C-BA78-4D5FBA49363C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{B6444058-1B23-4542-A595-F8D537663000}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"{B76CF4DD-7A19-4DF6-BDF6-8C78ED52A229}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |
"{B80B9451-E3FE-4ADB-BD8F-B555F4F52B7B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{B858E59F-EF4A-4194-81DD-490FA1A9B38B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{BABF4190-1763-46BD-ACE4-07C554CF167E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFB8FD64-464F-4F9F-B65A-B7303318F759}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFEC4CD4-DAEE-43F5-9F94-1BA98266DD90}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C1D33381-48D6-4C12-BA09-8AF0FCF00F11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1EC3AB7-448E-4879-B39C-6F3433BF5921}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C35F8604-03EF-47BD-86A5-6263F1198D90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe |
"{C5157302-F710-4BEF-9264-34866B5E3420}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{C6B603CA-CC8D-4874-A87A-AD0750E0C7DC}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{C745D6A5-4897-414A-9D50-2E414917BEC3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{CB9E3741-61B0-4357-9044-A1C6678643FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\eve online\eve.exe |
"{D24CACA1-00E3-44EC-8337-F100205D8580}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{D39E7013-4037-4A37-93D8-7EB8AEA502A9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{D6F3B25A-48AF-4B54-8298-0F219EEBA230}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{D6FA2052-1C03-430F-B480-FAD1D43679EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{D7BD6B0F-09C9-4B9B-A8BE-2E3E65E5E42F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{D947B9CD-64B3-49F1-B8F6-856F03571427}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{D962C855-3B7C-4ECE-B95F-A55CE8C2F17A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{DC8C88FE-9079-48FA-91C4-0FFB40EF4D2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{E08FF2B0-9362-44C5-8801-1E7F8D1C95E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E1750BD1-76F8-4747-9862-7339C5218F5F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7880A3D-7FB5-44A9-931E-53E86218B5C3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{ECB0EC8A-43D3-4253-92C5-668758B42DB1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EDA72334-42B8-4A59-B242-4221BA0DDF63}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{EF6E22D2-FD51-4444-9033-392C61A5D968}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
"{F51AC396-43F0-4AD2-9473-E09DF1EF5A7D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\half-life\hl.exe |
"{F88493D9-06BF-4397-BD5C-01BBF350AB45}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FBCC273D-2065-4565-A3BC-F3070F93D42F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{FC5C89A8-F11D-4065-8929-6B476AFB87AD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"TCP Query User{18161B6E-3A24-4788-A734-DDDF3176EEDB}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{1AA006B2-7C2E-4538-9820-7E7339B223AC}C:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{29DC6428-F9E8-48EB-AC2E-FA2CD320BC96}C:\program files\rockstar games\grand theft auto san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto san andreas\gta_sa.exe |
"TCP Query User{2A6B2C5B-FD65-4226-9257-D59C9D6774FA}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{3320CF4B-D497-4D22-96B3-7A9D98D663CB}C:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"TCP Query User{4041C401-0293-473C-B3A9-C9DA2ECBFA0E}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4D74BEC7-F801-44BE-96E0-B7C1A594CAC8}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{53EC5168-3A52-485B-8394-9F33707BACB5}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{5BB1FF50-3017-4F80-9D24-63011675B8E3}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{679977E4-2AC4-45B9-9107-0469FA80C005}C:\program files\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{6E5653EA-BE1A-4C73-9357-12029F3A6872}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{76189F7E-E5E3-41D1-AF3E-8969B64F9BE0}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{805172D9-39EE-44FC-94E4-67EECE1ECB0E}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{8591BE5E-75DC-4C94-A6C2-9585BE91EE5A}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{864D5279-5505-4BFF-896B-C8B102A65962}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe |
"TCP Query User{94138270-23AC-4E8D-B24F-DB1C0312234B}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{9D8EC4D2-365C-437D-89AB-7300719FF640}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{9ED396AC-A787-4ECA-8088-4B71568915B6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{A57C949C-AE29-4EC3-8881-51BC66265D0A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B329068B-B902-4294-A97F-3F20F2B78BCC}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{B432A3AF-6378-42D7-8364-BB2B1B706B71}C:\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"TCP Query User{B5A42999-5743-4AE8-85BF-00669EC5B67E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{B671B057-E7C7-4EF4-ACC8-79BF372DB8B5}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BCFFFD6F-09B8-46C1-9964-33635F9CB544}C:\users\brauny\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\brauny\desktop\eclipse\eclipse.exe |
"TCP Query User{D218DCD3-8247-478F-A1CA-A4ABD9A68584}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DE70397A-8854-4AC0-A621-8019B3B7E8AA}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{E85C4A32-E2D2-4A85-BDDC-FFA43B1374EE}C:\users\brauny\appdata\local\temp\rarsfx0\bin\itunnel.exe" = protocol=6 | dir=in | app=c:\users\brauny\appdata\local\temp\rarsfx0\bin\itunnel.exe |
"TCP Query User{F776D3CE-1F4C-4F4E-ACC3-8A8356B67E89}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{FEB675A6-74A6-44C2-8718-5E0F4B850A18}C:\users\brauny\desktop\ct\ct.exe" = protocol=6 | dir=in | app=c:\users\brauny\desktop\ct\ct.exe |
"UDP Query User{024D4F33-77DE-4BF7-B3B8-EAB2AADCB811}C:\program files\rockstar games\grand theft auto san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto san andreas\gta_sa.exe |
"UDP Query User{05513F99-A24B-4C36-88B8-AF4E8802715B}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{08571A0E-C037-4CA0-AB0C-CAE13CE896A0}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{13894C47-AA77-496E-BC11-733DA26429C7}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{18AC984A-8463-4891-8E49-D248177FB87C}C:\users\brauny\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\brauny\desktop\eclipse\eclipse.exe |
"UDP Query User{1BEDDE14-ABFF-4E1A-8D26-E0F8E9B6235E}C:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"UDP Query User{26DE328B-8607-4C10-8A9D-E9094A0DD6AB}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{2DDF1E6B-6F0F-4B0E-A2C9-86D606E244EB}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{366D9428-16C9-4825-8B09-B80A6916F13D}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{41A90D3D-2D2B-4D17-BFAD-CED92466644E}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{551B0A2D-429A-4E44-BA16-C6ECE2BF0A09}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{5DEF2138-3AB0-466B-9F37-B95B0EA611F4}C:\program files\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{5EF5E195-F5D1-47FA-9D00-3711D7858E0B}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{5FDA2E70-AD7F-42F2-8D09-0038BBE1CE0B}C:\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"UDP Query User{67720259-EFE8-42EA-BCA6-216065E635A2}C:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{6A091C08-047F-46E9-80BB-C7000A8C3CD9}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe |
"UDP Query User{70FBC301-2486-4F03-9CE1-FD136EF0A293}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{738B0A2E-2D5B-4D34-96CB-85C7B7E4FDBB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8FD9C430-F963-4D0F-8722-7CBDE77693F2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{B0E45CD1-FCA9-42C3-91C1-913E3760E0D2}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{BC68634A-505C-40EF-B240-F928523FE5F1}C:\users\brauny\appdata\local\temp\rarsfx0\bin\itunnel.exe" = protocol=17 | dir=in | app=c:\users\brauny\appdata\local\temp\rarsfx0\bin\itunnel.exe |
"UDP Query User{BE5E341A-5D2A-493D-8C41-C2EC498E4271}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C6822CF8-3CC4-4F86-BE83-B2CCD09E7706}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{D546277D-1655-4119-A7AC-FB747000D680}C:\users\brauny\desktop\ct\ct.exe" = protocol=17 | dir=in | app=c:\users\brauny\desktop\ct\ct.exe |
"UDP Query User{F1B126F9-6CFF-49F0-8B0A-1535551C6B6F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F1C454DA-6F4F-4A4C-9D2F-5A0C74FCF3A7}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{F91FE453-6819-455D-9AB7-39294B54BE4B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{FBCE94F7-CA80-4F0C-9A08-8A60A3025400}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{FD820BEB-0DC1-4C9C-B438-515D4C44CAC7}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{28142407-ACAD-4ECD-A6B6-9FA8471F6062}" = Scarface: The World is Yours
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{355BB049-8C99-4FBF-A220-89ABC9EFF501}" = Mobile Master
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{552442BD-8398-46F0-ACF1-02F8E1843458}" = G Data TotalProtection 2012
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AutoItv3" = AutoIt v3.3.6.1
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"Company of Heroes" = Company of Heroes
"Conquest of Paradise Client" = Conquest of Paradise Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"DesktopIconAmazon" = Desktop Icon für Amazon
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EVEMon" = EVEMon
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FEXtraderPro" = FEXtrader Pro
"Guild Wars" = GUILD WARS
"HyperCam 3" = HyperCam 3
"InstallShield_{28142407-ACAD-4ECD-A6B6-9FA8471F6062}" = Scarface: The World is Yours
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Master" = Mobile Master 7.9.8
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MTA:SA 1.1" = MTA:SA v1.1.1
"MTA:SA 1.2" = MTA:SA v1.2.0-full-03585-0-000
"MySSID_is1" = Vtune 7.11
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 22350" = Brink
"Steam App 22380" = Fallout: New Vegas
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42910" = Magicka
"Steam App 49600" = Beat Hazard
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 8500" = EVE Online: Incarna
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"winscp3_is1" = WinSCP 4.3.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2012 11:16:02 | Computer Name = Hackz | Source = Google Update | ID = 20
Description =
Error - 22.02.2012 12:04:16 | Computer Name = Hackz | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2012 12:07:01 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 12:07:01 | Computer Name = Hackz | Source = Perflib | ID = 1010
Description =
Error - 22.02.2012 12:07:03 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 12:07:03 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 12:07:04 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 12:07:04 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 12:07:05 | Computer Name = Hackz | Source = Perflib | ID = 1008
Description =
Error - 22.02.2012 13:18:38 | Computer Name = Hackz | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 06.06.2011 07:20:11 | Computer Name = Hackz | Source = Service Control Manager | ID = 7022
Description =
Error - 06.06.2011 09:43:15 | Computer Name = Hackz | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.06.2011 um 15:41:12 unerwartet heruntergefahren.
Error - 08.06.2011 10:05:04 | Computer Name = Hackz | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.06.2011 um 16:03:12 unerwartet heruntergefahren.
Error - 11.06.2011 04:04:24 | Computer Name = Hackz | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.06.2011 um 09:55:34 unerwartet heruntergefahren.
Error - 15.06.2011 10:08:33 | Computer Name = Hackz | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.06.2011 um 16:05:39 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter OTL logfile created on: 22.02.2012 20:49:36 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Brauny\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 55,76% Memory free 6,69 Gb Paging File | 4,87 Gb Available in Paging File | 72,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 581,17 Gb Total Space | 209,45 Gb Free Space | 36,04% Space Free | Partition Type: NTFS Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32 Computer Name: HACKZ | User Name: Brauny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Brauny\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Windows\KbdLockService.exe (G DATA Software Sp. z o.o.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Brauny\AppData\Local\Apps\2.0\80LERQLB.KJD\84GR8PMA.82K\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe (Curse) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalProtection\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Mobile Master\MMAgent.exe (Jumping Bytes) PRC - C:\Programme\Mobile Master\MMScan.exe (Jumping Bytes) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\G Data\TotalProtection\GUI\GDSC.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) PRC - C:\Programme\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalProtection\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\G Data\TotalProtection\AVK\AVK.exe (G Data Software AG) PRC - C:\Programme\Vtune\TBPANEL.exe () PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\e87794355a40edbcc63e4e9ac4d0dd80\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Programme\Steam\bin\libcef.dll () MOD - C:\Programme\Steam\bin\avcodec-52.dll () MOD - C:\Programme\Steam\bin\chromehtml.dll () MOD - C:\Programme\Steam\bin\avformat-52.dll () MOD - C:\Programme\Steam\bin\avutil-50.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\Vtune\TBPANEL.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll () MOD - C:\Programme\Vtune\TBMANAGE.DLL () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (KbdLockService) -- C:\Windows\KbdLockService.exe (G DATA Software Sp. z o.o.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GDBackupSvc) -- C:\Program Files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe (G Data Software AG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TSNxGService) -- C:\Program Files\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) SRV - (AVKService) -- C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (GDTunerSvc) -- C:\Program Files\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (TS4NT) -- C:\Windows\System32\Drivers\TS4nt.sys (G Data Software) DRV - (AlfaFF) -- C:\Windows\System32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (GLogin) -- C:\Windows\System32\Drivers\GLogin.sys (G Data Software) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (camdrv41) -- C:\Windows\System32\drivers\camdrv41.sys () DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 14 B5 E4 F2 A9 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Brauny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brauny\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brauny\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brauny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 23:21:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 12:51:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2011.09.04 14:00:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Brauny\AppData\Roaming\Mozilla\Firefox\Profiles\ejtql9s3.default\extensions\firejump@firejump.net [2011.03.22 14:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brauny\AppData\Roaming\mozilla\Extensions [2012.02.13 19:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\ejtql9s3.default\extensions [2011.03.24 17:53:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\ejtql9s3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.19 17:10:03 | 000,001,018 | ---- | M] () -- C:\Users\Brauny\AppData\Roaming\Mozilla\Firefox\Profiles\ejtql9s3.default\searchplugins\facebook.xml [2012.01.24 00:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.24 01:11:35 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.01.24 01:11:35 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.10.08 20:47:04 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru () (No name found) -- C:\USERS\BRAUNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EJTQL9S3.DEFAULT\EXTENSIONS\EXTENSION@4CHAN.ORG.XPI () (No name found) -- C:\USERS\BRAUNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EJTQL9S3.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.02.17 23:21:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.12.28 00:01:22 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.02.04 19:15:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.02.04 19:15:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.04 19:15:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.04 19:15:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.04 19:15:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.04 19:15:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brauny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brauny\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Brauny\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brauny\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Brauny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Brauny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Brauny\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Brauny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Brauny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Google Mail = C:\Users\Brauny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalProtection\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalProtection\WebFilter\AvkWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\Brauny\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [High Definition Audio Component] "C:\Users\Brauny\AppData\Roaming\WinXo2.exe" File not found O4 - HKCU..\Run: [MMAgent] C:\Programme\Mobile Master\MMAgent.exe (Jumping Bytes) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - Startup: C:\Users\Brauny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E667D33-2F84-46BD-8C69-1D6A5630001C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53A239D-485B-4C52-8567-FA95DCFCCBA2}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Brauny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Brauny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.22 20:57:39 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Brauny\Desktop\dds.com [2012.02.22 20:48:56 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Brauny\Desktop\OTL(1).exe [2012.02.22 20:48:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Brauny\Desktop\OTL.exe [2012.02.20 17:10:31 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\sptr [2012.02.17 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.17 15:41:51 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.02.17 15:41:51 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.02.17 15:41:51 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.02.16 16:16:12 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2012.02.16 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Local\G DATA [2012.02.16 03:07:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.16 03:07:13 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.16 03:07:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.16 03:07:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.16 03:07:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.16 03:07:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.15 15:09:15 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.02.09 22:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.02.09 22:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.02.08 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\4chan [2012.02.01 23:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.01.31 19:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Fly for Paradise [2012.01.29 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Roaming\TeamViewer [2012.01.27 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Local\Fallout3 [2012.01.27 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks [2012.01.25 20:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Access [2012.01.25 20:13:31 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbar332.dll [2012.01.24 00:35:55 | 000,049,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.01.24 00:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2012 [2012.01.24 00:33:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\BioAPIFFDB [2012.01.24 00:33:41 | 000,103,928 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\TS4nt.sys [2012.01.24 00:33:34 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2012.01.24 00:33:34 | 000,050,320 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2012.01.24 00:33:34 | 000,024,208 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll [2012.01.24 00:33:00 | 000,176,128 | ---- | C] (G DATA Software Sp. z o.o.) -- C:\Windows\KbdLockService.exe [2012.01.24 00:33:00 | 000,034,816 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GLogin.sys [2012.01.24 00:32:22 | 000,079,992 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.01.24 00:32:22 | 000,041,336 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2012.01.24 00:32:21 | 000,040,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.01.24 00:32:15 | 000,054,648 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.01.24 00:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software [2012.01.24 00:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.01.24 00:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\G Data [2012.01.24 00:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.22 21:02:38 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 21:02:38 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 20:57:51 | 000,302,592 | ---- | M] () -- C:\Users\Brauny\Desktop\ebxmnq5v.exe [2012.02.22 20:57:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Brauny\Desktop\dds.com [2012.02.22 20:57:24 | 000,050,477 | ---- | M] () -- C:\Users\Brauny\Desktop\Defogger.exe [2012.02.22 20:55:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-415370385-3153832315-414712936-1000UA.job [2012.02.22 20:48:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Brauny\Desktop\OTL(1).exe [2012.02.22 20:48:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Brauny\Desktop\OTL.exe [2012.02.22 18:30:06 | 011,540,768 | ---- | M] () -- C:\Users\Brauny\Desktop\evepremiumpatch341054-342397_m.exe [2012.02.22 18:18:39 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-415370385-3153832315-414712936-1000UA.job [2012.02.22 17:10:44 | 000,557,058 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.02.22 17:10:44 | 000,037,115 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.02.22 17:02:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.22 17:02:32 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012.02.21 23:17:32 | 000,356,037 | ---- | M] () -- C:\Users\Brauny\Desktop\Geld-verdienen-Guide.rar [2012.02.21 21:18:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-415370385-3153832315-414712936-1000Core.job [2012.02.21 17:18:12 | 000,055,057 | ---- | M] () -- C:\Users\Brauny\Desktop\366v62.jpg [2012.02.21 17:18:12 | 000,001,505 | ---- | M] () -- C:\Users\Brauny\.recently-used.xbel [2012.02.21 13:55:07 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-415370385-3153832315-414712936-1000Core.job [2012.02.20 17:09:53 | 000,242,536 | ---- | M] () -- C:\Users\Brauny\Desktop\sptr_all1114.zip [2012.02.19 00:07:30 | 000,012,488 | ---- | M] () -- C:\Users\Brauny\Desktop\1329600741696.jpg [2012.02.17 23:24:37 | 000,084,089 | ---- | M] () -- C:\Users\Brauny\Desktop\acYARR_RLY.gif [2012.02.17 15:41:32 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.02.17 15:41:32 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.02.16 16:16:12 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2012.02.16 12:58:41 | 000,002,051 | ---- | M] () -- C:\Users\Brauny\Desktop\Google Chrome.lnk [2012.02.16 03:32:47 | 000,247,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.16 03:03:46 | 000,631,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.16 03:03:46 | 000,118,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.16 03:03:45 | 000,671,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.16 03:03:45 | 000,144,334 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.14 22:08:32 | 009,315,920 | ---- | M] () -- C:\Users\Brauny\lutscher.wav [2012.02.08 20:47:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.06 19:21:00 | 000,409,763 | ---- | M] () -- C:\Users\Brauny\Desktop\Geld verdienen Guide.pdf [2012.02.01 21:08:44 | 007,760,720 | ---- | M] () -- C:\Users\Brauny\ts3_recording_12_02_01_21_7_59.wav [2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.27 14:44:12 | 000,001,012 | ---- | M] () -- C:\Users\Brauny\Desktop\Fallout3 - Verknüpfung.lnk [2012.01.24 01:11:40 | 000,041,336 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2012.01.24 01:11:36 | 000,079,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.01.24 01:11:36 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.01.24 01:11:35 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.01.24 00:35:55 | 000,049,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.01.24 00:33:41 | 000,103,928 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\TS4nt.sys [2012.01.24 00:33:34 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2012.01.24 00:33:34 | 000,050,320 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2012.01.24 00:33:34 | 000,024,208 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll [2012.01.24 00:33:00 | 000,176,128 | ---- | M] (G DATA Software Sp. z o.o.) -- C:\Windows\KbdLockService.exe [2012.01.24 00:33:00 | 000,034,816 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GLogin.sys [2012.01.24 00:25:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.22 20:57:46 | 000,302,592 | ---- | C] () -- C:\Users\Brauny\Desktop\ebxmnq5v.exe [2012.02.22 20:57:23 | 000,050,477 | ---- | C] () -- C:\Users\Brauny\Desktop\Defogger.exe [2012.02.22 18:29:18 | 011,540,768 | ---- | C] () -- C:\Users\Brauny\Desktop\evepremiumpatch341054-342397_m.exe [2012.02.21 23:17:43 | 000,409,763 | ---- | C] () -- C:\Users\Brauny\Desktop\Geld verdienen Guide.pdf [2012.02.21 23:17:30 | 000,356,037 | ---- | C] () -- C:\Users\Brauny\Desktop\Geld-verdienen-Guide.rar [2012.02.21 17:18:12 | 000,001,505 | ---- | C] () -- C:\Users\Brauny\.recently-used.xbel [2012.02.21 17:17:27 | 000,055,057 | ---- | C] () -- C:\Users\Brauny\Desktop\366v62.jpg [2012.02.20 17:09:49 | 000,242,536 | ---- | C] () -- C:\Users\Brauny\Desktop\sptr_all1114.zip [2012.02.19 00:07:24 | 000,012,488 | ---- | C] () -- C:\Users\Brauny\Desktop\1329600741696.jpg [2012.02.17 23:24:32 | 000,084,089 | ---- | C] () -- C:\Users\Brauny\Desktop\acYARR_RLY.gif [2012.02.14 22:07:42 | 009,315,920 | ---- | C] () -- C:\Users\Brauny\lutscher.wav [2012.02.02 13:28:57 | 000,557,058 | ---- | C] () -- C:\Windows\System32\sig.bin [2012.02.02 13:28:57 | 000,037,115 | ---- | C] () -- C:\Windows\System32\nmp.map [2012.02.01 21:08:02 | 007,760,720 | ---- | C] () -- C:\Users\Brauny\ts3_recording_12_02_01_21_7_59.wav [2012.01.27 14:44:12 | 000,001,012 | ---- | C] () -- C:\Users\Brauny\Desktop\Fallout3 - Verknüpfung.lnk [2012.01.25 20:13:34 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe [2011.12.18 13:05:18 | 000,000,600 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\winscp.rnd [2011.10.21 18:44:59 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.10.14 15:40:29 | 000,146,252 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\Key [2011.10.14 15:39:59 | 000,004,096 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\svchost.exe [2011.10.14 15:39:59 | 000,004,096 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\dllhost.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.04 13:42:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.07.19 16:11:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.07.19 16:11:10 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.07.19 16:10:34 | 000,002,528 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\$_hpcst$.hpc [2011.06.09 20:07:42 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.25 19:10:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.25 14:58:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.03.25 14:58:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.25 14:57:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.03.22 14:36:37 | 000,011,264 | ---- | C] () -- C:\Users\Brauny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.21 22:36:54 | 000,000,680 | ---- | C] () -- C:\Users\Brauny\AppData\Local\d3d9caps.dat < End of report > |
|
22.02.2012, 22:29
| #4 |
| | Bei anklicken von einem Link weitergeleitet zu einer Abofalle Da nicht alles in den ersten Post gepasst hat, hier der Rest. Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Brauny at 22:11:09 on 2012-02-22
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\G Data\TotalProtection\AVKTray\AVKTray.exe
C:\Program Files\G Data\TotalProtection\Firewall\GDFirewallTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mobile Master\MMAgent.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Mobile Master\MMScan.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\KbdLockService.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\G Data\TotalProtection\TSNxG\TSNxGService.exe
C:\Users\Brauny\AppData\Local\Apps\2.0\80LERQLB.KJD\84GR8PMA.82K\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\conime.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brauny\Desktop\prime95.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brauny\Desktop\dds.com
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalprotection\webfilter\AVKWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: G Data BankGuard: {ba3295cf-17ed-4f49-9e95-d999a0adbfdc} - c:\program files\common files\g data\avkproxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\totalprotection\webfilter\AVKWebIE.dll
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [MMAgent] c:\program files\mobile master\MMAgent.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Facebook Update] "c:\users\brauny\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [High Definition Audio Component] "c:\users\brauny\appdata\roaming\WinXo2.exe"
uRun: [Google Update] "c:\users\brauny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Prime95] c:\users\brauny\desktop\prime95.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NPSStartup]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [G Data AntiVirus Tray Application] c:\program files\g data\totalprotection\avktray\AVKTray.exe
mRun: [TSNxG4Tray] "c:\program files\g data\totalprotection\tsnxg\TSNxGTray.exe" /system
mRun: [GDFirewallTray] c:\program files\g data\totalprotection\firewall\GDFirewallTray.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9E667D33-2F84-46BD-8C69-1D6A5630001C} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F53A239D-485B-4C52-8567-FA95DCFCCBA2} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brauny\appdata\roaming\mozilla\firefox\profiles\ejtql9s3.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\brauny\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\brauny\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\brauny\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? camdrv41;Philips SPC 900NC PC Camera
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GDBackupSvc;G Data Backup Service
R? GDTunerSvc;G Data Tuner Service
R? RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
R? RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter
R? ss_bbus;SAMSUNG USB Mobile Device (WDM)
R? ss_bmdfl;SAMSUNG USB Mobile Modem (Filter)
R? ss_bmdm;SAMSUNG USB Mobile Modem
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdobeARMservice;Adobe Acrobat Update Service
S? AlfaFF;AlfaFF
S? AVKProxy;G Data AntiVirus Proxy
S? AVKService;G Data Scheduler
S? AVKWCtl;G Data Dateisystem W„chter
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? FontCache;Windows-Dienst fr Schriftartencache
S? FsUsbExDisk;FsUsbExDisk
S? FsUsbExService;FsUsbExService
S? GDBehave;GDBehave
S? GDFwSvc;G Data Personal Firewall
S? GDMnIcpt;GDMnIcpt
S? GDPkIcpt;GDPkIcpt
S? GDScan;G Data Scanner
S? gdwfpcd;G Data WFP CD
S? GLogin;GLogin
S? GRD;G Data Rootkit Detector Driver
S? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine
S? HookCentre;HookCentre
S? KbdLockService;G DATA Keyboard Protector Service
S? nvUpdatusService;NVIDIA Update Service Daemon
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? TeamViewer6;TeamViewer 6
S? TS4NT;TS4nt driver
S? TSNxGService;G Data Datensafe Service
.
=============== Created Last 30 ================
.
2012-02-21 10:12:37 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4ac998ef-350b-44a9-840b-692a218bfd9d}\mpengine.dll
2012-02-16 15:16:12 30416 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-02-16 15:15:44 -------- d-----w- c:\users\brauny\appdata\local\G DATA
2012-02-15 14:09:43 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 14:09:15 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-09 21:21:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-02 12:28:57 557058 ----a-w- c:\windows\system32\sig.bin
2012-01-31 18:12:51 -------- d-----w- c:\program files\Fly for Paradise
2012-01-29 18:59:13 -------- d-----w- c:\users\brauny\appdata\roaming\TeamViewer
2012-01-27 13:23:44 -------- d-----w- c:\users\brauny\appdata\local\Fallout3
2012-01-27 13:15:14 -------- d-----w- c:\program files\Bethesda Softworks
2012-01-27 13:11:12 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-01-27 13:11:12 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-01-27 13:11:11 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-01-27 13:11:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-01-27 13:11:10 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-01-27 13:11:02 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-01-27 13:10:58 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-01-25 19:13:34 36864 ----a-w- c:\windows\system32\LckFldService.exe
2012-01-25 19:13:31 368912 ----a-w- c:\windows\system32\vbar332.dll
2012-01-25 19:05:58 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 19:05:58 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 19:05:57 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 19:05:57 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 19:05:57 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-25 19:05:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-24 00:11:32 212472 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AVKWebFilterFF6.dll
2012-01-23 23:35:55 49016 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-01-23 23:33:43 -------- d-----w- c:\windows\system32\BioAPIFFDB
2012-01-23 23:33:41 103928 ----a-w- c:\windows\system32\drivers\TS4nt.sys
2012-01-23 23:33:34 50320 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2012-01-23 23:33:34 331776 ----a-w- c:\windows\system32\DrvCrypt.dll
2012-01-23 23:33:34 24208 ----a-w- c:\windows\system32\AlfaFF.dll
2012-01-23 23:33:00 34816 ----a-w- c:\windows\system32\drivers\GLogin.sys
2012-01-23 23:33:00 176128 ----a-w- c:\windows\KbdLockService.exe
2012-01-23 23:32:51 51192 ----a-w- c:\program files\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\components\BanksafeXPCOM.dll
2012-01-23 23:32:51 218104 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\avkwebfilterff.dll
2012-01-23 23:32:51 212472 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF2.dll
2012-01-23 23:32:22 79992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-01-23 23:32:22 41336 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-01-23 23:32:21 40440 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-01-23 23:32:15 54648 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2012-01-23 23:30:07 -------- d-----w- c:\programdata\G DATA Software
2012-01-23 23:30:00 -------- d-----w- c:\programdata\G DATA
2012-01-23 23:30:00 -------- d-----w- c:\program files\G Data
2012-01-23 23:30:00 -------- d-----w- c:\program files\common files\G Data
.
==================== Find3M ====================
.
2012-02-08 19:47:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 12:57:14 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-10 12:57:10 567696 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-29 12:54:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-29 12:54:55 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-11-28 15:27:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 22:11:45,12 ===============
Code:
ATTFilter .
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2) - Deutsch
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
µTorrent
AutoIt v3.3.6.1
Beat Hazard
Belkin N Wireless USB Adapter Setup
Bonjour
Brink
Bus-Simulator 2009
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes: Tales of Valor
Conquest of Paradise Client
Curse Client
DAEMON Tools Lite
Desktop Icon für Amazon
Dev-C++ 5 beta 9 release (4.9.9.2)
Dota 2
Dungeon Defenders
EVE Online: Incarna
EVEMon
EVEREST Home Edition v2.20
Facebook Video Calling 1.1.0.13
Facebook Video Calling 1.1.1.1
Fallout 3
Fallout: New Vegas
FEXtrader Pro
FireJump 1.0
G Data TotalProtection 2012
GIMP 2.6.11
Google Chrome
Grand Theft Auto IV
Grand Theft Auto San Andreas
GUILD WARS
Hex-Editor MX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 3
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Java(TM) 7 Update 3
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2 SDK
JavaFX 2.0.3
JDownloader 0.9
Killing Floor
LogMeIn Hamachi
Magicka
Microsoft .NET Framework 3.5 Language Pack - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mobile Master
Mobile Master 7.9.8
Mozilla Firefox 10.0.2 (x86 de)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTA:SA v1.1.1
MTA:SA v1.2.0-full-03585-0-000
Nur Deinstallierung der CopyTrans Suite möglich.
NVIDIA 3D Vision Controller-Treiber 285.62
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 285.62
NVIDIA Grafiktreiber 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 285.62
NVIDIA Update 1.5.20
NVIDIA Update Components
OpenOffice.org 3.3
PC Connectivity Solution
Python 3.2
Quake Live Mozilla Plugin
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
SamsungConnectivityCableDriver
Scarface: The World is Yours
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
Skype™ 5.5
StarCraft II
Steam
swMSM
System Requirements Lab
Tag - IGF Professional 2008
TeamSpeak 3 Client
TeamViewer 6
Terraria
Thief: Deadly Shadows
TubeBox!
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Vtune 7.11
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live ID Sign-in Assistant
WinRAR 4.00 (32-Bit)
WinSCP 4.3.5
.
==== End Of File ===========================
|
|
22.02.2012, 22:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bei anklicken von einem Link weitergeleitet zu einer Abofalle Diese Logs brauch ich zwar auch, aber ich wollte erstmal wissen welchen Schädling da dein Scanner gefunden hat
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.02.2012, 22:56
| #6 |
| | Bei anklicken von einem Link weitergeleitet zu einer Abofalle Ist angesprungen als ich auf den Link von einem Kommentar unter hxxp://9gag.com/gag/2836760 gegangen bin. (wurde wie gesagt geblockt, nur bin ich mir dabei ja unsicher da auf einmal merkwürdige Seiten erscheinen) Code:
ATTFilter Virenprüfung von Web-Inhalten
Adresse: hxxp://d.shareaholic.com/dough/1.0/oven/?referrer=hxxp://www.facebook.com/l.php?u=http%3A%2F%2Fwww.atlnightspots.com%2F2011%2Fboy-dies-after-masturbating-42-times&h=lAQEoJ4JI
Status: Der Zugriff wurde verweigert.
|
|
23.02.2012, 09:30
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bei anklicken von einem Link weitergeleitet zu einer Abofalle Na, das ist nur eine VIrenwarnung über eine potentiell gefärhliche Website. Noch gbt es keine Anhaltspunkte, dass Schädlinge auf deinem Rechner sind Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bei anklicken von einem Link weitergeleitet zu einer Abofalle |
| blockiert, domain, eingefangen, erneut, gdata, google, heute, hoffe, klicke, klicken, langsam, link, meldung, registrierte, rootkits, scan, scanne, scannen, seite, sorge, total, unbekannt, virus, weitergeleitet, wirklich |
Linear-Darstellung
