|
Log-Analyse und Auswertung: Bezahlen Sie 50 Euro VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.04.2012, 05:19 | #1 |
| Bezahlen Sie 50 Euro Virus Huhu, ich habe mir erfolgreich den "50euro virus" eingefangen. Beim hochfahren erscheint folgende Meldung "Durch das Besuchen von Seiten mit infizierten und pornographischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen können. Um das System wiederherstellen zu können müssen Sie ein zusätzliches Sicherheitsupdate herunterladen." usw. ich habe bisher Mbam unteranderem drüber laufen lassen was das Problem aber nicht beheben konnte z.b erst garnichts gefunden hat. Ich nutze Windows Vista ich verlink dann einfach mal die OTL/MbAm logs die zustande gekommen sind, und hoffe auf schnelle Hilfe. Mbam: Code:
ATTFilter Datenbank Version: v2012.04.03.12 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Andreas :: ANDREAS-PC [Administrator] Schutz: Deaktiviert 04.04.2012 04:08:36 mbam-log-2012-04-04 (04-08-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 404387 Laufzeit: 1 Stunde(n), 31 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 04.04.2012 05:45:02 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Andreas\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,63 Mb Total Physical Memory | 479,04 Mb Available Physical Memory | 46,84% Memory free 5,85 Gb Paging File | 5,53 Gb Available in Paging File | 94,63% Paging File free Paging file location(s): c:\pagefile.sys 5000 50000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 228,00 Gb Total Space | 41,55 Gb Free Space | 18,22% Space Free | Partition Type: NTFS Drive D: | 4,88 Gb Total Space | 3,83 Gb Free Space | 78,46% Space Free | Partition Type: NTFS Drive E: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.04 03:37:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL (1).exe PRC - [2011.04.29 22:47:06 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.03.25 18:12:34 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.05 23:06:21 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lmfuxda.sys -- (sfxgk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.08 16:01:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.10 18:33:00 | 009,899,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.08.01 12:51:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.09.24 11:09:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://localhost:9000/application.pac ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Andreas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Programme\PPLive\PPVA\DownloaderManager.dll (PPLive Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [Octoshape Streaming Services] C:\Users\Andreas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [PPLiveVA] "C:\Program Files\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [SkypePM] C:\Users\Andreas\AppData\Local\Skype\SkypePM.exe () O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [WLAN Optimizer] C:\wlan\WLANOptimizerNET.exe () O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://dl.pplive.com/PluginSetup.cab (PPLive Lite Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B448EF5-2471-49FA-849D-F9723F24C1BE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{858134C6-3420-4720-8ED5-3984947DB80A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.10.31 16:59:10 | 000,000,062 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{17583c7a-6812-11de-b331-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{17583c7a-6812-11de-b331-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.04.04 03:07:00 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.04.04 02:37:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2012.04.04 02:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.04 02:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.04 02:37:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.04 02:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.30 15:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta [2012.03.30 14:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Andreas\*.tmp files -> C:\Users\Andreas\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.04 04:02:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.04 03:59:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.04 03:59:06 | 000,056,597 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.04.04 03:58:41 | 000,056,597 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.04.04 03:58:37 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.04 03:58:36 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 03:58:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 02:37:44 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.04 01:07:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.04 01:03:13 | 000,009,216 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.03 19:57:25 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.04.03 16:16:50 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.03 04:06:22 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-03 04_06_19.933823.dmp [2012.04.03 00:14:59 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.04.01 22:06:17 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-01 22_06_08.937000.dmp [2012.03.30 15:09:17 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk [2012.03.27 16:48:30 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.27 16:48:30 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.27 16:48:30 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.27 16:48:30 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.22 20:32:43 | 000,000,218 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel [2012.03.18 04:21:40 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-18 03_21_38.519165.dmp [2012.03.17 05:51:25 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-17 04_51_21.117556.dmp [2012.03.08 04:43:58 | 000,029,930 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-08 03_43_53.506798.dmp [2012.03.06 03:40:17 | 000,029,930 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-06 02_40_15.542595.dmp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Andreas\*.tmp files -> C:\Users\Andreas\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.04 02:37:44 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.03 04:06:19 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-03 04_06_19.933823.dmp [2012.04.01 22:06:09 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-01 22_06_08.937000.dmp [2012.03.22 20:32:43 | 000,000,218 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel [2012.03.18 04:21:38 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-18 03_21_38.519165.dmp [2012.03.17 05:51:21 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-17 04_51_21.117556.dmp [2012.03.08 04:43:53 | 000,029,930 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-08 03_43_53.506798.dmp [2012.03.06 03:40:15 | 000,029,930 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-06 02_40_15.542595.dmp [2011.05.13 07:13:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.08.29 13:15:36 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini ========== LOP Check ========== [2011.12.16 08:54:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2012.04.04 05:39:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.purple [2010.06.07 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\GetRightToGo [2011.07.20 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\go [2012.03.22 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2011.08.30 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2011.05.13 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LolClient [2009.08.30 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MobMapUpdater [2009.07.24 14:03:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Octoshape [2012.03.02 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PPlive [2010.01.11 14:12:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PPLiveVA [2012.02.23 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RayV [2011.05.20 22:24:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RIFT [2010.03.29 13:28:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software [2009.07.04 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\T-Online [2010.12.23 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\temp [2010.06.04 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client [2012.04.04 04:00:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uTorrent [2012.04.02 08:43:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.07.04 15:48:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.05.12 03:08:29 | 000,000,000 | ---D | M] -- C:\5005716aef2c296e24 [2011.03.18 14:28:57 | 000,000,000 | ---D | M] -- C:\8dc4267ed2d4a53231a657781e21 [2010.01.18 20:08:41 | 000,000,000 | ---D | M] -- C:\b5fba0127b5719937a99d51462e5 [2009.10.19 02:24:46 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.08 19:31:22 | 000,000,000 | ---D | M] -- C:\c17c3aaadcd8786af295 [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.04 15:42:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.22 04:22:16 | 000,000,000 | ---D | M] -- C:\extensions [2012.04.04 03:07:00 | 000,000,000 | -HSD | M] -- C:\found.000 [2009.10.04 13:30:49 | 000,000,000 | ---D | M] -- C:\MPS [2010.02.12 22:50:48 | 000,000,000 | ---D | M] -- C:\Nostale(DE) [2009.07.05 11:23:01 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.08 21:45:06 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.04.04 02:37:42 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.04 02:37:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.07.04 15:42:42 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.13 07:16:40 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.04.03 12:45:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.07.04 15:47:24 | 000,000,000 | R--D | M] -- C:\Users [2012.04.04 01:52:53 | 000,000,000 | ---D | M] -- C:\Windows [2009.07.21 22:33:31 | 000,000,000 | ---D | M] -- C:\wlan < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2009.07.04 17:59:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.07.04 17:59:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.07.04 17:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.07.04 18:34:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2009.07.04 18:34:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.07.04 17:59:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-03 10:46:46 ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.04.2012 05:45:02 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Andreas\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,63 Mb Total Physical Memory | 479,04 Mb Available Physical Memory | 46,84% Memory free 5,85 Gb Paging File | 5,53 Gb Available in Paging File | 94,63% Paging File free Paging file location(s): c:\pagefile.sys 5000 50000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 228,00 Gb Total Space | 41,55 Gb Free Space | 18,22% Space Free | Partition Type: NTFS Drive D: | 4,88 Gb Total Space | 3,83 Gb Free Space | 78,46% Space Free | Partition Type: NTFS Drive E: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{8FFE8322-13AC-4403-8F1A-726F0DD4EB70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C25CE208-7B7C-4B25-ACF8-F8E3415E7255}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{E2DEBECE-5B56-494D-8658-7F78ABFD2416}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004D7DC6-7240-4A55-9366-C07CDB9FB776}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{03CBED55-929D-4CCA-BC62-634505C6A3A5}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{08C6900C-FA22-428D-A434-8426150BFB68}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{09CF78E3-34EE-4B09-9E53-AE3C9585B2CC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{0AEE840B-9DA4-4F97-847F-F470BEF4407F}" = protocol=6 | dir=in | app=c:\program files\ppliveva\flvpick.exe | "{12C85A4E-897D-43E5-BB6D-3EE161E0CF4A}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{14278FB0-AE2C-41BB-81E6-600F94E362CB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{1ADB1BB1-76F4-4942-B244-F10FA37AB9EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\condition zero\hl.exe | "{1D398178-ED00-4DF1-84F2-CB231031CEED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{244313BF-8AFA-43BC-B2B3-2DDD7C9EBC60}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{246A8711-44C7-44C7-AB16-79D44E4B9AA8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{261FBFE1-9668-42BB-9198-4DB2372585AD}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{28A50693-BCE7-4F3B-A041-04F71D8C43CD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2AFF1FE4-7490-405C-AFA2-26B7E9B68E46}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe | "{30BF2997-F8E3-41A8-956A-4E08962C4A1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\counter-strike\hl.exe | "{35FBDC7A-0BBA-4963-8CD3-8D0F1A6E761C}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe | "{360258D3-1516-444E-B172-0020A8A6244B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3909084A-E8FE-4FA8-9C71-5F3B3CA861B6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe | "{393BC8C7-8B0C-4E19-99C3-A9604BCE8B72}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{41A8DEC7-2A83-4ED2-B2A3-09677AA9A316}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe | "{42DA1158-E687-448E-9C17-7A32B4CD6B6A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\condition zero\hl.exe | "{59D53B1E-D21C-4FF8-B676-3F7ACD26BF25}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | "{5F715359-B0F0-4BC1-A25D-41A067A547D3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{5FAE5D29-09BC-491E-8C6E-304C1B8A6CB7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{6797ADEC-BDC3-4483-9155-57EBE88F32BC}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe | "{68AD8DA7-251F-4D01-A82E-8B8110C33854}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\counter-strike\hl.exe | "{69649116-01D1-40C9-9A3B-2F1B5B874895}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe | "{6B068B9F-F381-42DF-9426-82B335B27B47}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | "{6C32AA48-EF7E-4BD9-B7B9-DA3668AE3196}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{77961037-598A-40C3-B116-B081097F7464}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{7A05518A-9EDC-47CF-A520-24423492387C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe | "{7E91C643-A72C-46FB-847E-B8484F08C497}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | "{801DE2B7-1A7A-4C5B-A8F1-126E6698E1EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{80294C5E-CC55-4D09-8429-8F4FCAB12A1E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | "{82096B20-82E8-4D7F-9E92-6A160E85F1DE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85338DAF-5E65-488D-A397-B75AC2DC7EFF}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe | "{86A9C0F1-DB49-454B-AC5A-CF842BB0B165}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{8845F68C-FCCC-45AF-BA67-A71181FD4852}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe | "{94246754-B723-439E-8259-3235B1144451}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{9F2D18F8-067D-4B69-8276-D8408D097A4F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe | "{A158E2C5-80F5-48CC-A9F8-BA24AF416DCF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{AC21AD46-14CE-47AD-BAC6-5A49693834D6}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{B045860F-DE02-4965-8BDF-F586347BEA2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{B2749CE2-E61E-4B06-8BE6-EA414C5C6AB8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B28C081E-F9AB-41AE-A4A4-8A0FDBD769F0}" = protocol=17 | dir=in | app=c:\program files\ppliveva\flvpick.exe | "{B36D5544-42F8-4166-BEDF-E1769A37D0C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{B911672A-B118-441A-B7C4-E53231F3C325}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{BC52F4D0-1FFF-4457-BA0A-D444E33931E8}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe | "{BCDD17A7-29F2-4E7C-8ECB-06E7DD805C6B}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe | "{C47207E7-B233-4301-9DBE-7C722AFD77EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\melanie2004\counter-strike\hl.exe | "{C941E4AF-A80E-4268-88E3-C4931C3E7880}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe | "{CFC31F80-85DF-46A3-883C-D972B13154F4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe | "{D11E5350-BB17-45C0-B0D6-28FF136F8939}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe | "{D9EF17E3-4690-439F-A099-BCCB9B33DFF2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{E5207215-F8E2-471C-91C2-73D01A7D82BE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{E8D77D94-33E6-40FA-9A6F-AF96A7142886}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe | "{EC8B4DDD-DF12-4010-B1AA-F14215FFDDEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{EDFC2CA0-92D4-4C2B-A1FA-E3FB8AD20739}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe | "{EE424C5A-ED2C-4100-BF1D-3D39828AE626}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{EFB748C6-B967-4324-81A0-B24C6FB3C7C9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{F052BB4A-7BF2-4F33-A7CD-1712A70448C6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{F10A2171-04ED-4ACC-889A-B282BDEC5BEB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\melanie2004\counter-strike\hl.exe | "{F4A4651B-FB50-49D8-914D-B45B9AF1CC85}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{F65EF16A-01CF-4EE5-B050-140324925460}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{FAC40AD5-543C-42CA-AB1A-1B71D5A8F2C0}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{FAC50E94-D38A-4A9D-B03A-44218DF37AA7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{FEEA4EBB-BE7F-4F3A-B049-A5EB7AFDDE40}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe | "TCP Query User{22FA7934-E30C-412B-A449-22728595CB21}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | "TCP Query User{23652DD9-BBD0-4547-8D98-5AAB040F21F6}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | "TCP Query User{2D77E043-A879-4A80-855A-9AD9CD5EBC8B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{32B5919D-7990-4126-97CA-B9053E70A5C4}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "TCP Query User{470AECD9-24D0-4E03-B175-96EA48D750A0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{4B027B4D-924B-4981-B1EB-8435CF9B939F}C:\program files\ppliveva\ppliveva.exe" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe | "TCP Query User{4EEE9939-9446-4889-A133-546CCBC697ED}C:\users\public\games\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\backgrounddownloader.exe | "TCP Query User{4FEB22C1-7DBF-48F1-9A40-0896C529FB3F}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "TCP Query User{533995BC-AB26-4BB5-9EE9-B06DCFC6E78E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{589D8010-1C34-4199-9302-6B4575263BA4}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "TCP Query User{62405626-1AEB-4F1B-B128-AA231AE80C46}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe | "TCP Query User{7282BDEA-8A2E-4C41-9C91-CD1A0884A509}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{7C0C96DD-9383-4AA3-AD0E-AD73A3C8A9AE}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe | "TCP Query User{95263022-0649-4DDF-B1E6-672591570032}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9B743E09-E55A-4A2D-97DD-554301D9F3A5}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | "TCP Query User{A3FA12FC-5EC9-4914-A793-9070A6711080}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{B614B8B2-20ED-488F-AC1C-ECC1FF74087F}C:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{C178895F-F3AC-4CAC-BCB9-34A440D72915}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{C7D8D12B-66CF-4371-B5C8-2CE602D7491B}C:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{CE6F61A4-61E8-444F-AE18-3DE941C2AFDA}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "TCP Query User{E49417DA-A605-422B-B1B8-CF16EF7A5044}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | "TCP Query User{E77E1818-3FE4-426C-B220-98954C99B947}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{09D06C88-23D0-406D-95EE-916472FA7B4D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{1826856A-65A5-4B6E-A490-4D80300EA7EB}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | "UDP Query User{2A901B33-49FC-4C9A-A4F4-7FD3E4FB846C}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | "UDP Query User{2AE85661-30F2-4206-B3AB-8AFFBBF8DCD3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2C1F090C-1705-4DC5-B2EA-280814E0D5A3}C:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{43A41AD7-F657-4B7E-A3D1-33ACE2432CF4}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe | "UDP Query User{47DBD353-D365-4B1A-B4F2-CB8BE4FA6A7F}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | "UDP Query User{592C9ACF-D962-4C20-A7BB-526C76D675AD}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{8216DE82-D51F-4208-A44B-97DB5C195640}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{82748B8E-4A77-493A-91CC-6418751B2A9F}C:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{85A3CA30-B840-4D0D-9288-326CE6877DA6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{86719018-711B-4EAC-968B-0A96B5339DA7}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{A51075F2-08AB-4832-BF61-52D8EEA71CE0}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{AB40C850-045C-4858-B751-1A62EB056944}C:\program files\ppliveva\ppliveva.exe" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe | "UDP Query User{B52DA6E5-3FAE-48D3-80DC-5A5A848D7552}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{D585998D-811B-4983-8A3A-4891AC42B2D5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{D9ABD20B-2D47-4302-8B60-0A44026A4684}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "UDP Query User{DE64EBA3-6C19-4524-B4EB-7AF1CB89BA0A}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "UDP Query User{EB22F7B9-F981-4F88-BA51-C97EB0A853C7}C:\users\public\games\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\backgrounddownloader.exe | "UDP Query User{EDE35EE0-6194-4A8E-AC8B-6701A90D6086}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe | "UDP Query User{EF45EB2F-3611-4F20-8E2C-BC269C131382}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | "UDP Query User{FDA37C26-770B-49DA-BF28-D6A3B9A635B8}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0DE6C47F-57C9-43FB-930B-2094428BEBB3}_is1" = TTDPatch 2.5 beta 9 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter "{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21 "{2E1C262F-B7FC-4046-B1F8-F49648BFC10E}" = KoFuMa 21 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1C659AF-C761-47A8-BAFD-5FD2BE1ED419}" = Wildlife Park 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "conduitEngine" = Conduit Engine "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Docking Station" = Docking Station "EA Installer.1475696318" = EA Installer "ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove) "Google Chrome" = Google Chrome "ICQToolbar" = ICQ Toolbar "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "mIRC" = mIRC "MobMap_is1" = MobMap 3.43 "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenTTD" = OpenTTD 1.1.0 "Pidgin" = Pidgin "PPLiveVA" = PP¼ÓËÙÆ÷(0.6.5.0007) "RayV" = RayV TV "RollerCoaster Tycoon Setup" = Roll "softonic-de3 Toolbar" = softonic-de3 Toolbar "Steam App 10" = Counter-Strike "Steam App 500" = Left 4 Dead "Steam App 80" = Condition Zero "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Trojan Remover_is1" = Trojan Remover 6.8.1 "uTorrent" = µTorrent "uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.0.2 "vShare" = vShare Plugin "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "World of Warcraft Beta" = World of Warcraft Beta "World of Warcraft Public Test" = World of Warcraft Public Test "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Game Organizer" = EasyBits GO "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Octoshape Streaming Services" = Octoshape Streaming Services "PPLiveVA" = PPLive Video Accelerator ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.01.2011 18:35:53 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6, Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9, Prozess-ID 0x654, Anwendungsstartzeit 01cbbeffba0abfb2. Error - 29.01.2011 11:15:52 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.01.2011 11:15:52 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.01.2011 11:18:17 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung PPLive.exe, Version 2.0.0.2, Zeitstempel 0x4ae91a79, fehlerhaftes Modul vodsp.dll, Version 3.3.3.9, Zeitstempel 0x4abc681f, Ausnahmecode 0xc0000005, Fehleroffset 0x00149157, Prozess-ID 0xb8c, Anwendungsstartzeit 01cbbfc749283bc2. Error - 29.01.2011 20:31:35 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6, Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9, Prozess-ID 0x1370, Anwendungsstartzeit 01cbbfe209308432. Error - 30.01.2011 06:39:34 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.01.2011 06:39:34 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.01.2011 06:41:32 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung PPLive.exe, Version 2.0.0.2, Zeitstempel 0x4ae91a79, fehlerhaftes Modul vodsp.dll, Version 3.3.3.9, Zeitstempel 0x4abc681f, Ausnahmecode 0xc0000005, Fehleroffset 0x00149157, Prozess-ID 0xb44, Anwendungsstartzeit 01cbc069db8f0e16. Error - 30.01.2011 09:35:51 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6, Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9, Prozess-ID 0x115c, Anwendungsstartzeit 01cbc07046f1ef06. Error - 30.01.2011 18:37:15 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6, Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9, Prozess-ID 0x10c8, Anwendungsstartzeit 01cbc09059555ea6. [ System Events ] Error - 03.04.2012 22:01:33 | Computer Name = Andreas-PC | Source = sfsync04 | ID = 262145 Description = Error - 03.04.2012 22:02:14 | Computer Name = Andreas-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 04.04.2012 um 04:00:46 unerwartet heruntergefahren. Error - 03.04.2012 22:02:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = Error - 03.04.2012 22:02:40 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = Error - 03.04.2012 22:02:46 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = Error - 03.04.2012 22:03:11 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = Error - 03.04.2012 22:03:37 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001 Description = Error - 03.04.2012 22:03:37 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7026 Description = Error - 03.04.2012 22:07:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = Error - 03.04.2012 22:07:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005 Description = < End of report > |
04.04.2012, 08:38 | #2 |
/// Malware-holic | Bezahlen Sie 50 Euro Virus hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. [CODE] :OTL O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [SkypePM] C:\Users\Andreas\AppData\Local\Skype\SkypePM.exe () :Files C:\Users\Andreas\AppData\Local\Skype :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
Themen zu Bezahlen Sie 50 Euro Virus |
alternate, antivir, autorun, avira, bho, blackscreen, blockiert, browser, conduit, curse, dateisystem, desktop, error, euro, excel, firefox, gmx.de, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, object, plug-in, problem, registry, required, rundll, scan, searchscopes, security, security scan, software, super, svchost.exe, teamspeak, virus, vista, windows, zahlungsaufruf |