| |
| |||||||
Log-Analyse und Auswertung: Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.04.2012, 17:01
| #1 |
 |  Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden hallo, wie oben schon geschrieben, hat mein antivir heute den trojaner TSW.Banker.O.26 gefunden. dabei handelt es sich um eine datei, die er im Temporary Internet Files\Content.IE5\EDX06o6T\calc[1].exe gefunden hat. ich hab nach der calc[1].exe datei gegoogelt und er findet da den bundespolizeitrojäner bei dem ich weiß, dass ich ihn schon ein oder zweimal hatte. nun hab ich ihn bei antivir in quarantäne verschoben. reicht das, oder pc plattmachen? |
|
25.04.2012, 17:44
| #2 | ||
| /// Helfer-Team    | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. ► Wenn komplette Scanergebnis von Antivir vorliegt bzw spechert hast, auch posten! Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
26.04.2012, 11:31
| #3 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden hallo, danke für die anleitung. ich denke ich habe das alles so durchgeführt wie beschrieben.
__________________malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.25.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tommy :: xxxxx-xx [Administrator] Schutz: Aktiviert 25.04.2012 20:22:54 mbam-log-2012-04-25 (20-22-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 982459 Laufzeit: 4 Stunde(n), 57 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Tommy\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\Windows.old\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old.000\Users\Daddelkiste\AppData\Local\Temp\1iwFyWx3.exe.part (PUP.UltraReach) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Downloads\SoftonicDownloader_fuer_pencil.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Downloads\SoftonicDownloader_fuer_smart-shutdown-manager.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Downloads\u96.exe (PUP.UltraReach) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tommy\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2012 01:37:38 - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Tommy\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,74% Memory free 6,68 Gb Paging File | 4,94 Gb Available in Paging File | 73,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,82 Gb Total Space | 144,75 Gb Free Space | 31,07% Space Free | Partition Type: NTFS Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Raptr\raptr.exe (Raptr, Inc) PRC - C:\Programme\Raptr\raptr_im.exe (Raptr, Inc) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann) PRC - C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\GIGABYTE\ET6\GUI.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\Tommy\AppData\Roaming\11019\components\AcroFF019.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Raptr\PyQt4.QtNetwork.pyd () MOD - C:\Programme\Raptr\PyQt4.QtCore.pyd () MOD - C:\Programme\Raptr\PyQt4.QtWebKit.pyd () MOD - C:\Programme\Raptr\PyQt4.QtGui.pyd () MOD - C:\Programme\Raptr\sip.pyd () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Programme\Raptr\libtorrent.pyd () MOD - C:\Programme\Raptr\heliotrope._purple.pyd () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\Raptr\liboscar.dll () MOD - C:\Programme\Raptr\libjabber.dll () MOD - C:\Programme\Raptr\libymsg.dll () MOD - C:\Programme\Raptr\plugins\libaim.dll () MOD - C:\Programme\Raptr\plugins\libicq.dll () MOD - C:\Programme\Raptr\plugins\libirc.dll () MOD - C:\Programme\Raptr\plugins\ssl-nss.dll () MOD - C:\Programme\Raptr\plugins\libyahoojp.dll () MOD - C:\Programme\Raptr\plugins\ssl.dll () MOD - C:\Programme\Raptr\plugins\libmsn.dll () MOD - C:\Programme\Raptr\plugins\libxmpp.dll () MOD - C:\Programme\Raptr\plugins\libyahoo.dll () MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Programme\Raptr\libxml2-2.dll () MOD - C:\Programme\Raptr\sqlite3.dll () MOD - C:\Users\Tommy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\GermanyRainRadar.dll () MOD - C:\Programme\Raptr\zlib1.dll () MOD - C:\Programme\Raptr\win32gui.pyd () MOD - C:\Programme\Raptr\win32file.pyd () MOD - C:\Programme\Raptr\win32api.pyd () MOD - C:\Programme\Raptr\win32process.pyd () MOD - C:\Programme\Raptr\gobject._gobject.pyd () MOD - C:\Programme\Raptr\win32com.shell.shell.pyd () MOD - C:\Programme\Raptr\pythoncom26.dll () MOD - C:\Programme\Raptr\pywintypes26.dll () MOD - C:\Programme\Raptr\PIL._imaging.pyd () MOD - C:\Programme\Raptr\_ssl.pyd () MOD - C:\Programme\Raptr\unicodedata.pyd () MOD - C:\Programme\Raptr\_hashlib.pyd () MOD - C:\Programme\Raptr\pyexpat.pyd () MOD - C:\Programme\Raptr\_ctypes.pyd () MOD - C:\Programme\Raptr\_sqlite3.pyd () MOD - C:\Programme\Raptr\_socket.pyd () MOD - C:\Programme\Raptr\winsound.pyd () MOD - C:\Programme\Raptr\plugins\libqq.dll () MOD - C:\Programme\GIGABYTE\ET6\Normal.dll () MOD - C:\Programme\GIGABYTE\ET6\AMD8.dll () MOD - C:\Programme\GIGABYTE\ET6\work.dll () MOD - C:\Programme\GIGABYTE\ET6\OCK.dll () MOD - C:\Programme\GIGABYTE\ET6\MFCCPU.dll () MOD - C:\Programme\GIGABYTE\ET6\GVTunner.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\GIGABYTE\ET6\platform.dll () MOD - C:\Programme\GIGABYTE\ET6\device.dll () MOD - C:\Programme\GIGABYTE\ET6\SF.dll () MOD - C:\Programme\GIGABYTE\ET6\ycc.dll () MOD - C:\Programme\GIGABYTE\ET6\HM.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\GIGABYTE\ET6\CIAMIB.dll () MOD - C:\Programme\GIGABYTE\ET6\GUI.exe () MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll () MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll () MOD - C:\Programme\GIGABYTE\ET6\Sound.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (SystoG15Service) -- C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann) SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (TDslMgrService) -- C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys () SRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys () ========== Driver Services (SafeList) ========== DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found DRV - (XDva390) -- C:\Windows\system32\XDva390.sys File not found DRV - (XDva360) -- C:\Windows\system32\XDva360.sys File not found DRV - (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) -- system32\drivers\WPRO_40_1340.sys File not found DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) 2000 DDK provider) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\sandra.sys (SiSoftware) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.20\RivaTuner32.sys () DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (WinRing0_1_2_0) -- C:\Programme\C2DtoG15\WinRing0.sys (OpenLibSys.org) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (aiptektp) -- C:\Windows\System32\drivers\aiptektp.sys (WALTOP International Corp.) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) DRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys () DRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.02.09 12:38:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 23:04:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.19 22:41:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.12 21:57:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Tommy\AppData\Roaming\11019 [2012.04.25 12:51:04 | 000,000,000 | ---D | M] [2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions [2011.04.27 01:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.03.28 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions [2012.03.28 22:12:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.24 03:36:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.08 14:04:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\conduit.xml [2012.04.07 01:18:12 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-1.xml [2010.09.18 22:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-2.xml [2010.10.21 15:45:25 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-3.xml [2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin.xml [2012.03.26 23:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.05 04:04:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.04.25 12:51:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TOMMY\APPDATA\ROAMING\11019 [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.27 17:54:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Raptr] C:\Programme\Raptr\raptrstub.exe (Raptr, Inc) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Programme\GIGABYTE\ET6\ETcall.exe () O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7C1B26-69B5-403D-8482-29F3ADB3332C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA123E6A-D0A3-4242-8A31-1B77539A2056}: DhcpNameServer = 10.77.136.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell - "" = AutoRun O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.04.26 00:44:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2012.04.25 20:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.25 20:21:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019 [2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018 [2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017 [2012.04.21 15:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016 [2012.04.18 19:49:57 | 000,000,000 | RH-D | C] -- C:\Users\Tommy\AppData\Roaming\SecuROM [2012.04.18 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM [2012.04.18 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.04.18 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015 [2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014 [2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013 [2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012 [2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010 [2012.04.12 03:07:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.12 03:07:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.12 03:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.12 03:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.12 03:07:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.12 03:07:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.12 03:06:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.12 03:06:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.04.11 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\UAs [2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009 [2012.04.11 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\xmldm [2012.04.11 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\kock [2012.04.10 11:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2012.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2012 Patch [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.26 01:38:28 | 000,641,772 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.26 01:38:28 | 000,607,366 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.26 01:38:28 | 000,132,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.26 01:38:28 | 000,109,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.26 01:31:42 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2012.04.26 01:31:42 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref [2012.04.26 01:31:26 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012.04.26 01:31:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.26 01:31:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 01:31:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 01:31:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.26 01:30:56 | 3487,850,496 | -HS- | M] () -- C:\hiberfil.sys [2012.04.26 01:29:10 | 000,000,796 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2012.04.26 01:02:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2012.04.26 00:35:03 | 000,073,216 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.25 20:21:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.25 18:01:22 | 000,000,016 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res [2012.04.25 14:07:27 | 000,000,048 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat [2012.04.24 11:10:39 | 000,226,792 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll [2012.04.24 11:10:39 | 000,007,368 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll [2012.04.24 09:21:22 | 000,000,680 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat [2012.04.18 19:15:41 | 001,047,158 | ---- | M] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg [2012.04.10 11:16:15 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.25 20:21:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.24 11:10:39 | 000,226,792 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll [2012.04.24 11:10:39 | 000,007,368 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll [2012.04.22 00:21:57 | 3487,850,496 | -HS- | C] () -- C:\hiberfil.sys [2012.04.18 19:10:52 | 001,047,158 | ---- | C] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg [2012.04.12 18:10:30 | 000,000,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat [2012.04.11 20:30:19 | 000,000,016 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res [2012.04.10 11:16:15 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012.03.13 21:47:28 | 000,017,408 | ---- | C] () -- C:\Users\Tommy\AppData\Local\WebpageIcons.db [2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011.12.05 23:29:47 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2011.12.05 23:29:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011.12.05 23:28:44 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.11.09 18:12:00 | 000,019,400 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2011.10.13 01:41:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.09.15 11:03:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.09 17:47:26 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.05.16 12:55:28 | 011,010,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Sandra.mdb [2011.04.13 15:07:49 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys [2011.04.13 15:07:49 | 000,001,856 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys [2011.04.13 15:06:50 | 000,000,202 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.04.12 13:44:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.26 14:28:19 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.26 14:28:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.02.14 13:42:58 | 000,000,552 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d8caps.dat [2011.01.06 18:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.01.06 17:45:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll [2010.12.06 03:16:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.04 03:16:50 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat [2010.10.20 12:01:05 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010.10.20 12:01:05 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2010.08.27 21:28:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010.08.27 21:28:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.07.23 18:18:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.23 18:18:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.20 16:25:39 | 000,073,216 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.19 11:10:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.18 23:16:38 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat [2010.07.18 10:56:50 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2010.07.17 23:02:49 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.17 13:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.17 13:02:17 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.07.17 12:58:09 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2012 01:37:38 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,74% Memory free
6,68 Gb Paging File | 4,94 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 144,75 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3BEC-B7BA-4BCB-B93D-F0AFA4F2FC84}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{17BF2527-3D2C-4E27-A52A-335D765C9B71}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe |
"{B4D26F88-212D-4814-AE61-E5025C3D2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9647509-994C-4A16-B4CA-EC7109561E02}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00620CC1-D498-4423-9896-CC5A77255AD5}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe |
"{01B24FCC-2E63-4DA1-84AC-9FC6D8C80AFC}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe |
"{04A02DE7-9BAB-494A-B528-1A32D0745159}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe |
"{05205A34-0373-4CB1-A7A0-AD1B184C2011}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe |
"{0631EAED-5859-4807-B74C-85F3B01193A9}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{07B84C9C-8307-4494-8DFD-1DAF134E9023}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe |
"{07DE5062-84F0-4B3D-B299-3544E3D391A7}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe |
"{0D63082B-4CB1-4B9D-ABED-B4FE72C8C464}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe |
"{1120922E-2CFF-41D9-BA00-8CE71EA9FE22}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe |
"{184BA749-E1D9-45F0-9262-555402C4F527}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{19EDD077-C8C4-4EE2-A320-DEDB7134B9DC}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{1CB0E5CE-4F79-4E8A-BDF2-D5C39D886FAB}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{1DB4FF3C-0507-47EC-B8EA-C5EF4C8D86EB}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{1E45F541-C265-4E80-AAAF-6E8AD018DC57}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe |
"{23C56C71-059B-4021-B9C8-CD76219E796A}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{28FB1055-9132-46EC-8973-A35336285829}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{324851DB-58D2-4E7B-BAF2-E0996704E922}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{35BA93CB-333C-4CF6-8725-11A17A243391}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe |
"{3A589C88-CF25-42B8-9FA1-92497C882B7A}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{3AC095A9-3247-4C63-8473-3BD770B9C20B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{3E9D0BFA-3CE7-4FB1-A21B-57ADD51A3EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{42377774-C2DE-4D34-B9F3-C32BBC1C7AD2}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{4392C986-9C66-4DC7-931C-D7C1025685F8}" = protocol=6 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe |
"{4C140D38-27DC-4D28-BAE3-1E66BF97CEF1}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{50C5997D-B2D4-4F9B-B2F8-78B56D6DEA04}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{5125455E-CE9D-4A14-B2AC-61BB4B5B38DB}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{59E4CCF8-22B5-4C4F-87EE-06A1BB88D51D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{60DFDA8D-4F6E-48B4-962B-2ADD5E106EEC}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{62757F24-4DFF-4168-9234-4D327FA7E047}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{651A1A49-015B-4C90-9DE9-832A7E8BA785}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{669BCEAE-EFCA-4731-B451-EF0D095218BB}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{6825AEE4-B11B-4EDB-8390-190C1A04BC1E}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{69B164D5-A05D-47DF-9AF2-EA1822B42267}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6F73E07A-155A-4446-A5EA-B735BDB4593B}" = protocol=17 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe |
"{710C96F9-EFDF-4BFA-93AC-173CA047F219}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{725138F0-640F-4CAC-94EE-7C148F6A877D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{791F8798-EFB2-4E96-9020-C56D4FF7BEDD}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{79E3658D-84F3-4488-B3F1-96F6EE0F796D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7AD4D544-6D73-455A-BBFF-30551F72919F}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{7B6CB3B9-CDB5-4A24-90EF-E95202F4017B}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe |
"{82E761B3-68B0-48FE-86AE-07A06B46FFFA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{85C784E8-E53A-4FF8-A799-B194D047EB17}" = protocol=6 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe |
"{86D45300-0ACD-4BE8-AB72-030A7827B356}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{880E771B-8EE5-42F4-825B-6F1BD9F39299}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe |
"{8C528F8F-F9E0-468E-A0E7-80D0C6046279}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{938512F5-34FE-4BA1-AA62-0E2441A6F1B8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{94733B01-EFEF-4380-8485-D76DA1B97A93}" = protocol=17 | dir=in | app=d:\spiele\codemasters\grid\grid.exe |
"{95F18369-3CA7-45A7-B410-D932FEA49DA2}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{96F625FD-1546-4B7F-9F13-12DBE198CA5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9C38C6AB-BA1D-40AA-9CC3-3AC823585D2B}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe |
"{9D8B252F-6326-4430-821A-316AD24CA993}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe |
"{9EB1B8D1-4A1C-4CC8-A5A7-7CABB99B6676}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{9FDAF6D9-4E5E-4374-9D95-054960D0B64C}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2 demo\dragonage2launcher.exe |
"{A15AB570-8384-4902-9D28-2FB4F6BD58AB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A1FFC0BC-265D-4E1E-AFC0-7BC8DDDF8284}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{A22B1C81-8077-4B1B-925A-2003ED70E811}" = protocol=17 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe |
"{A6B47BFD-553B-4965-BF31-017622D82FA4}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{AA526D98-2546-4B01-9B31-BD81DE179A61}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe |
"{AB1CE66E-CD26-4E23-9440-A92D9E6C173F}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{AB965C6A-AC05-4DD4-90D9-2693C880D0C5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{B1BB64BA-947C-4E8B-893B-894A6A5CF03B}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe |
"{B6AD2761-C0BA-4118-90E1-5D00BC3F05DD}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{C4E6D21C-2533-44CD-8AEA-BC3CBBB65F03}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{C6A7C227-18BC-44BA-9960-8D6CA498EF1E}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{D005B9B6-464C-4EED-9817-748AC1FE274A}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2 demo\dragonage2launcher.exe |
"{D0693EBA-B3B3-4D51-8710-B584971E25CF}" = protocol=6 | dir=in | app=d:\spiele\codemasters\grid\grid.exe |
"{D2762F96-67AE-4661-85F2-93677C02B61C}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{D2E250DE-8CED-4856-821F-A915978A3047}" = protocol=6 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe |
"{D2FEF08A-BA2F-4BFE-8495-C28381A88465}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe |
"{D8A0FC63-6DB0-4125-AF9E-1D00DB435CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB0EE392-F4C7-40CD-BC17-D20B73A179A0}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe |
"{DC9915A7-A4E1-4F03-BDB2-2D294B9706F7}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{E16414F2-4350-45CC-8098-6D9935769051}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{E359C5D5-6000-42B2-97CC-223E33D82831}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E4E9454F-0456-4B33-9BD7-483B19A1D56F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E56812BF-5C28-4F52-A7E4-55BC8D7CFC2B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{E6B40784-8AB0-4447-B716-5F0808923114}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe |
"{EB685CA2-12DF-4AC1-8522-714E9561AB02}" = protocol=17 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe |
"{EB6BA865-1719-444D-B73A-6322C6DF530B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{EDA860F6-074C-41B9-9658-EF874CC73C76}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{EDFD00CD-8896-414F-AA72-07650C4F0301}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe |
"{F08CE25F-BB41-49B3-ACCB-7616CF6A8B3C}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{F6E67672-46EE-47A7-AB25-BA1503196D01}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FA4A80D3-5AE6-4FD9-875C-7DD84059AE30}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe |
"{FECE9618-DC46-4FDC-A57C-3B22D90001C2}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe |
"TCP Query User{0EDD7BF4-BA1D-483A-BDBA-6C18E7FB5F2C}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{25FC25FB-538C-421A-BB38-DAB484798C45}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{354DF200-F50E-42F1-B226-24FD7EDC1E24}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{3A281E06-7267-4768-A385-2042F13D632D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{5A7C7967-E678-4E4B-8CDE-33DC525C3B3C}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{685EC281-A7BE-4FDD-AF58-7A53AB90279A}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe |
"TCP Query User{7BD0C7D7-F7B8-44DD-A8F0-917490ED8D41}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{882805A7-6499-4E4B-88B8-211EEE8ED5BD}D:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{A4E43130-B07D-40AA-840E-7265589F4480}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C6F24F49-73D7-4621-BAFE-891D0DE44590}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{017ABF61-7E57-4DB4-88CE-20257B965F54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2738105C-0A02-44A5-A826-626C478737A9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4938B2C2-4152-4C40-AD8C-080BFA4E97A9}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{50FC507A-C9A5-4A78-B157-1D4D8DEF50BD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{842BD1C4-91FA-4B84-9BF1-77073DFB2578}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{866B485F-8773-4E37-8A55-01D2DAB82F6D}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe |
"UDP Query User{9E5D26BC-0E59-4953-8E0E-E3E183CDDEFB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E14BE6CF-E5E0-4444-A059-21EE2136BA75}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{E6D79A89-5C1D-4F41-983C-7770670D18CC}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{EBE5FAB5-364C-465A-9C2A-FFC5B61E8772}D:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.0.1
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028302}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028303}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision(R)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.1
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneDVD2" = CloneDVD2
"Episode 1" = Back to the Future The Game - Episode 1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Ein Quantum Trost(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IP Changer 2.0" = IP Changer 2.0
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"pepakura_designer3en" = Pepakura Designer 3
"RADVideo" = RAD Video Tools
"Rainlendar2" = Rainlendar2 (remove only)
"Raptr" = Raptr
"RivaTuner" = RivaTuner v2.20
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"SopCast" = SopCast 3.3.2
"StarCraft" = StarCraft
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 31740" = Iron Grip: Marauders
"Steam App 36620" = Forsaken World
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 61720" = Might and Magic: Clash of Heroes - Demo
"Steam App 90530" = Rise of Immortals
"Steam App 99870" = Bulletstorm Demo
"Tales of Monkey Island" = Tales of Monkey Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"Volumenzähler_is1" = Volumenzähler 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"Smart Shutdown Manager" = Smart Shutdown Manager
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
ccleaner Code:
ATTFilter 3DMark 11 Futuremark Corporation 15.05.2011 375MB 1.0.1 Adobe AIR Adobe Systems Incorporated 19.07.2011 30,1MB 2.7.0.19530 Adobe Download Manager NOS Microsystems Ltd. 16.07.2010 0,47MB 1.6.2.63 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.07.2010 10.1.53.64 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 25.03.2012 11.1.102.63 Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 27.08.2010 234MB 9.1.0 Aion NCsoft 09.11.2010 6,64MB Any Video Converter 3.2.1 Any-Video-Converter.com 12.04.2011 102,9MB Apple Application Support Apple Inc. 23.07.2010 39,7MB 1.2.1 Apple Software Update Apple Inc. 23.07.2010 2,16MB 2.1.1.116 ATITool Overclocking Utility 22.12.2011 3,32MB 0.26 Avira Free Antivirus Avira 14.02.2012 94,1MB 12.0.0.898 Back to the Future The Game - Episode 1 Telltale Games 14.09.2011 423MB 1.0.0.0 Bulletstorm Demo Electronic Arts 21.09.2011 0,73MB C2DtoG15 2.0.0.1 17.07.2010 1,78MB CCleaner Piriform 25.04.2012 3,68MB 3.18 Cheat Engine 6.0 Dark Byte 08.09.2011 18,6MB CloneDVD2 Elaborate Bytes 10.12.2011 8,85MB 2.9.3.0 Der Herr der Ringe Online v03.02.04.8010 Codemasters 03.11.2010 12.825MB 03.02.04.8010 Dragon Age II Demo Electronic Arts, Inc. 25.02.2011 1.00 DSL-Manager 05.10.2011 2,43MB Easy Tune 6 B10.0528.1 GIGABYTE 17.07.2010 26,1MB 1.00.0000 Ein Quantum Trost(TM) Activision 07.01.2011 7.734MB 1.1 Energy Saver Advance B8.0610.1 GIGABYTE 16.07.2010 16,0MB 1.10.0000 Fallout 3 Bethesda Softworks 20.07.2011 5.850MB 1.00.0000 Forsaken World 05.10.2011 Fraps (remove only) 05.12.2010 1.763MB Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 23.04.2011 3,11MB Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 23.01.2012 3,41MB Google Earth Plug-in Google 16.11.2011 40,9MB 6.1.0.5001 GRID Codemasters 26.10.2011 10.362MB 1.00.0000 Half-Life 2 Valve 06.02.2011 240MB Hotspot Shield 2.52 AnchorFree 09.04.2012 6,18MB 2.52 Hotspot_Shield Toolbar 04.01.2011 9,47MB HP Customer Participation Program 8.0 HP 04.12.2011 192,2MB 8.0 HP Imaging Device Functions 8.0 HP 04.12.2011 1,54MB 8.0 HP OCR Software 8.0 HP 04.12.2011 1,53MB 8.0 HP Photosmart Essential HP 04.12.2011 10,2MB 1.12.0.46 HP Photosmart.All-In-One Driver Software 8.0 .A HP 04.12.2011 30,7MB 8.0 HP Solution Center 8.0 HP 04.12.2011 1,53MB 8.0 HP Update Hewlett-Packard 04.12.2011 3,57MB 4.000.005.006 HPSSupply Ihr Firmenname 04.12.2011 0,96MB 2.1.3.0000 ICQ Toolbar ICQ 11.04.2011 3.0.0 ICQ7.5 ICQ 12.12.2011 60,0MB 7.5 Infineon USB driver 1.0.0.6 Infineon 26.08.2010 1,46MB Intel® Matrix Storage Manager Intel Corporation 16.07.2010 37,3MB IP Changer 2.0 28.08.2010 1,38MB Iron Grip: Marauders 04.10.2011 22,9MB Java(TM) 6 Update 24 Oracle 26.02.2011 94,8MB 6.0.240 Kane & Lynch 2: Dog Days IO Interactive 31.12.2010 7.022MB LG Internet Kit LG Electronics 26.08.2010 9,81MB 3.2.0.1 LG PC Suite III LG Electronics 13.08.2011 171,7MB 1.0.0.0 LG USB Modem Drivers LG Electronics 26.08.2010 1,02MB 4.9.4 Livestream Procaster Procaster 12.04.2011 51,4MB 20.0.151 Logitech Eyetoy Webcam 16.07.2010 Logitech GamePanel Software 3.04.143 Logitech Inc. 17.07.2010 14,7MB 3.04.143 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 24.04.2012 11,7MB 1.61.0.1400 Microsoft .NET Framework 1.1 03.11.2010 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 19.07.2010 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 18.07.2010 27,8MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.08.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 31.08.2010 24,5MB 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 08.05.2011 31,3MB 3.5.88.0 Microsoft Games for Windows Marketplace Microsoft Corporation 08.05.2011 6,04MB 3.5.50.0 Microsoft Silverlight Microsoft Corporation 15.02.2012 72,5MB 4.1.10111.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 18.07.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.07.2010 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 05.12.2010 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.07.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.02.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.10.2011 12,3MB 10.0.40219 Microsoft XNA Framework Redistributable 3.0 Microsoft Corporation 06.02.2011 7,62MB 3.0.11010.0 Might and Magic: Clash of Heroes - Demo 21.09.2011 1.256MB Mozilla Firefox 11.0 (x86 de) Mozilla 25.03.2012 41,1MB 11.0 Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 28.03.2012 37,7MB 11.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.07.2010 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.07.2010 1,34MB 4.20.9876.0 NASCAR® Racing 2002 Season 12.04.2011 494MB NCsoft Launcher NCsoft 09.11.2010 6,98MB 1.5.4.2 NVIDIA 3D Vision Controller-Treiber 280.19 NVIDIA Corporation 25.09.2011 0,41MB 280.19 NVIDIA 3D Vision Treiber 280.26 NVIDIA Corporation 25.09.2011 21,3MB 280.26 NVIDIA Grafiktreiber 280.26 NVIDIA Corporation 25.09.2011 90,8MB 280.26 NVIDIA nTune NVIDIA Corporation 22.12.2011 771MB 1.00.0000 NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 10.07.2011 73,3MB 9.10.0514 NVIDIA Update 1.4.28 NVIDIA Corporation 25.09.2011 6,36MB 1.4.28 OpenAL 26.10.2011 0,77MB OpenTTD 1.1.3 OpenTTD 11.10.2011 39,2MB 1.1.3 Orcs Must Die! Demo 23.10.2011 1.178MB PDFCreator Frank Heindörfer, Philip Chinery 14.09.2011 32,2MB 1.2.3 Pepakura Designer 3 TamaSoftware 03.04.2011 7,53MB Pro Evolution Soccer 2011 KONAMI 17.04.2011 1.937MB 1.00.0000 Pro Evolution Soccer 2011 DEMO KONAMI 25.03.2011 1.416MB 1.00.0000 Pro Evolution Soccer 2012 KONAMI 01.04.2012 2.314MB 1.00.0000 Pro Evolution Soccer 2012 DEMO KONAMI 27.10.2011 1.439MB 1.00.0000 QuickTime Apple Inc. 23.07.2010 73,8MB 7.66.71.0 RAD Video Tools 13.02.2011 1,83MB Rainlendar2 (remove only) 23.01.2011 17,3MB Raptr 16.04.2012 88,6MB Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek 16.07.2010 1,38MB 1.00.0000 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 16.07.2010 21,6MB 6.0.1.5618 Red Faction Guerrilla Ihr Firmenname 21.08.2010 7.406MB 1.00.0000 Republic Heroes LucasArts 03.02.2011 5.159MB 1.00.0000 RESIDENT EVIL 5 CAPCOM CO., LTD. 24.08.2010 2.843MB 1.0.0.129 Rise of Immortals 04.10.2011 1.105MB RivaTuner v2.20 22.12.2011 27,9MB Rusty Hearts 04.10.2011 5.193MB Sam & Max - Culture Shock 1.0 Telltale Games 22.09.2011 231MB 1.0 Ship Simulator Extremes Demo 21.09.2011 1.141MB SiSoftware Sandra Lite 2011.SP2 SiSoftware 15.05.2011 74,1MB 17.50.2011.6 Skype™ 5.5 Skype Technologies S.A. 02.12.2011 17,0MB 5.5.124 Smart Shutdown Manager 05.10.2011 1,49MB SopCast 3.3.2 www.sopcast.com 22.04.2011 9,31MB 3.3.2 Spybot - Search & Destroy Safer Networking Limited 01.03.2012 62,9MB 1.6.2 Star Wars Empire at War LucasArts 20.02.2011 2.109MB 1.0 Star Wars Republic Commando 14.12.2011 1.719MB 1.0 Star Wars: The Old Republic Electronic Arts, Inc. 10.12.2011 19.867MB 1.00 StarCraft Blizzard Entertainment 18.09.2010 1.327MB Tales of Monkey Island Daedalic Entertainment 06.06.2011 1.527MB 3.0.0.0 Team Fortress 2 Valve 04.10.2011 812MB TeamSpeak 3 Client TeamSpeak Systems GmbH 03.11.2010 30,4MB The Witcher CD Projekt Red 25.03.2011 9.960MB 1.00.0000 TomTom HOME 2.8.2.2264 TomTom 12.08.2011 49,0MB 2.8.2.2264 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 26.04.2011 1,88MB 1.0.2 Two Worlds 11.04.2011 4.059MB 1.7.0 Uninstall 1.0.0.1 23.04.2011 30,8MB Unity Web Player Unity Technologies ApS 06.04.2012 0,20MB USB Flash Port Driver Infineon Technologies 26.08.2010 0,42MB 1.00.0000 Veetle TV 0.9.18 Veetle, Inc 15.12.2010 10,1MB 0.9.18 VLC media player 1.1.0 VideoLAN 17.07.2010 75,7MB 1.1.0 Volumenzähler 1.0 05.10.2011 Windows Live Essentials Microsoft Corporation 19.04.2011 43,9MB 14.0.8117.0416 Windows Live ID Sign-in Assistant Microsoft Corporation 21.04.2011 4,69MB 6.500.3165.0 Windows Live-Uploadtool Microsoft Corporation 19.04.2011 0,22MB 14.0.8014.1029 Windows Media Encoder 9-Reihe 05.01.2011 13,8MB Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) Infineon Technologies 26.08.2010 8,52MB 04/16/2009 1.0.0.6 WinRAR 26.08.2010 3,79MB Wolfenstein Activision 26.04.2011 6.180MB 1.0 World of Warcraft Blizzard Entertainment 28.02.2012 29.342MB 4.3.3.15354 Worms Armageddon 14.04.2011 34,2MB Worms Reloaded Team17 14.04.2011 2.301MB Xfire (remove only) 16.07.2010 17,8MB Zattoo4 4.0.5 Zattoo Inc. 12.03.2012 39,9MB 4.0.5 ZoneAlarm Check Point, Inc 09.12.2011 20,8MB 9.2.105.000 ZoneAlarm Toolbar Check Point Software Technologies 09.12.2011 26,3MB Code:
ATTFilter Exportierte Ereignisse:
25.04.2012 17:32 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\EDX06O6T\calc[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Banker.O.26' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559ab72d.qua'
verschoben!
24.04.2012 11:12 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe108.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e6c1f1.qua'
verschoben!
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b58c72e.qua'
verschoben!
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe108.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.04.2012 00:35 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\11014\components\AcroFF014.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdv.603528' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
22.04.2012 00:35 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe104.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Age.4' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '558b992e.qua'
verschoben!
22.04.2012 00:34 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe104.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Age.4' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.04.2012 00:34 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\11014\components\AcroFF014.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.kdv.603528' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.04.2012 00:22 [Echtzeit Scanner] Backup Engine geladen
Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden.
Die Engine und VDF werden stattdessen von der Backup Kopie geladen.
20.04.2012 10:51 [System Scanner] Malware gefunden
Die Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5493892a.qua'
verschoben!
20.04.2012 10:40 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.04.2012 10:34 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
12.04.2012 11:15 [Updater] Update nicht ausgeführt
Das Update von Computer TOMMY-PC (169.254.222.48) von
hxxp://perspeak.avira-update.com/update ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
schon mal danke  |
|
26.04.2012, 13:41
| #4 | |||
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden Systemreinigung und Prüfung: 1. Windows Defender abschalten: Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 3. Deinstalliere: Code:
ATTFilter Adware : Hotspot Shield Hotspot_Shield Toolbar SoftonicDownloader Programme/Treiber NUR direkt vom hersteller downloaden!! 5. Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Firefox: Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen. Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken. 6. unser Sorgenkind: ZoneAlarm: möchte dir 4 Gründe nennen, warum nicht zu empfehlen ist: 1., In der letzten Zeit bei viele PC`s akutes Problem verbreitet hat, wie z.B.: "Tastatur reagiert langsam, System/Internet plötzlich langsam wird, Internet funktioniert nicht, Desktopsymbole verschwunden, Programme reagieren verzögert, Abstürze usw..." 2., Bis auf die Tatsache, dass der Hersteller seine Unkosten durch "Conduit Ltd" / Adware finanziert, daher für mich sieht das nicht seriös aus, gehört in die Mülltonne !! solange ZA installiert, nach Entfernung installiert sich Conduit eh wieder... 3., Der Angreifer kann sich jeder Zeit erhöhte Rechte verschaffen, Firewall und Virenschutz manipulieren und abschalten kann! 4., wie du siehst, hat jetzt auch nicht viel geholfen bzw das vorzeitige Eindringen dieser Malware im System nicht zuverlässig verhindern können! wie entscheidest Du dich? ich würde ihn deinstallieren/Entfernen und die Win Firewall einschalten. Wirst Du sehen, wie dein Rechner schneller hoch fährt Deinstallationshilfe: Forennachricht ZoneAlarmPro 3 vollstndig deinstallieren 7. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell - "" = AutoRun
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2012.04.26 01:31:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 01:02:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\Users\Tommy\AppData\Roaming\UAs
C:\Users\Tommy\AppData\Roaming\xmldm
C:\Users\Tommy\AppData\Roaming\kock
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
8. kann ich nicht zuordnen, um was handelt es sich dabei? könnten auch von Malware stammen..?: Code:
ATTFilter [2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019
[2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009
Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 10. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 11. Tipps (unabhängig davon ob man ihn benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? -> Verwalten von Add-Ons in Internet Explorer -> Firefox mit Add-ons anpassen -> Firefox Add-Ons endgültig löschen | PcBeirat.de 12. reinige dein System mit CCleaner:
13. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
26.04.2012, 16:46
| #5 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden ups doppelpost, sry deswegen hab ich den gelöscht Geändert von Tommyfighter (26.04.2012 um 16:52 Uhr) |
|
26.04.2012, 16:48
| #6 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden 1. defender ist abgeschaltet nur bei ? Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen da hab ich kein "eigenschaften" gefunden. 2. spybot ist deistalliert 3. hotspotshield ist deinstalliert 4. mach ich in zukunft 5. da war schon immer "kein proxy" angehakt und ich hab da auch meines wissens nie was geändert. 6. ZA ist deinstalliert 7. hab ich gemacht Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Programme\Hotspot_Shield\tbHot0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Programme\Hotspot_Shield\tbHot0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
File F:\USBAutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Users\Tommy\AppData\Roaming\UAs folder moved successfully.
C:\Users\Tommy\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Tommy\AppData\Roaming\kock folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tommy\Desktop\cmd.bat deleted successfully.
C:\Users\Tommy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tommy
->Temp folder emptied: 388185242 bytes
->Temporary Internet Files folder emptied: 204847452 bytes
->Java cache emptied: 7587188 bytes
->FireFox cache emptied: 55219665 bytes
->Flash cache emptied: 81937553 bytes
User: UpdatusUser
->Temp folder emptied: 899096 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30726397 bytes
RecycleBin emptied: 776 bytes
Total Files Cleaned = 736,00 mb
OTL by OldTimer - Version 3.2.42.0 log created on 04262012_161156
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
aber in jeder der dateien findet er ne AcroFF.txt datei. in machen ist auch eine chrome.manifest datei. ka ob des was weiterhilft. 9. ist aktualisiert 10. ist auch aktualisiert 11. hab ich zur kenntnis genommen 12. habe ich durchgeführt ich hab aber nur in der registry die fehler behoben. beim cleaner selbst hab ich noch nichts gecleant. soll ich da noch? 13. OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2012 17:33:50 - Run 3 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Tommy\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,67% Memory free 6,68 Gb Paging File | 5,24 Gb Available in Paging File | 78,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,82 Gb Total Space | 145,00 Gb Free Space | 31,13% Space Free | Partition Type: NTFS Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe PRC - [2012.04.16 20:51:46 | 000,066,992 | ---- | M] (Raptr, Inc) -- C:\Programme\Raptr\raptr.exe PRC - [2012.04.16 20:51:46 | 000,043,952 | ---- | M] (Raptr, Inc) -- C:\Programme\Raptr\raptr_im.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.08.03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.12 13:44:57 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe PRC - [2010.05.08 19:58:50 | 000,560,640 | ---- | M] (Andreas Sammann) -- C:\Programme\C2DtoG15\SystoG15Svc.exe PRC - [2010.05.08 14:50:58 | 000,557,568 | ---- | M] (Andreas Sammann) -- C:\Programme\C2DtoG15\C2DtoG15.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.02.18 12:49:40 | 000,357,448 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.02.18 12:47:34 | 003,203,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.02.18 12:24:42 | 001,573,448 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgrSvc.exe PRC - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GUI.exe PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.11.26 14:51:00 | 001,085,440 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.04.25 12:51:04 | 000,238,912 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\11019\components\AcroFF019.dll MOD - [2012.04.12 03:02:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012.04.12 03:02:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.17 19:53:28 | 000,494,592 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtNetwork.pyd MOD - [2012.02.17 19:53:24 | 001,661,952 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtCore.pyd MOD - [2012.02.17 19:53:20 | 000,313,856 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtWebKit.pyd MOD - [2012.02.17 19:53:06 | 005,809,664 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtGui.pyd MOD - [2012.02.17 19:52:26 | 000,067,584 | ---- | M] () -- C:\Programme\Raptr\sip.pyd MOD - [2012.02.16 13:03:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012.02.16 12:38:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.16 12:35:59 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.11.21 04:20:46 | 001,949,696 | ---- | M] () -- C:\Programme\Raptr\libtorrent.pyd MOD - [2011.10.24 20:49:56 | 002,717,595 | ---- | M] () -- C:\Programme\Raptr\heliotrope._purple.pyd MOD - [2011.10.13 12:25:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011.10.13 12:03:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.09.09 01:47:40 | 001,183,699 | ---- | M] () -- C:\Programme\Raptr\liboscar.dll MOD - [2011.09.09 01:47:36 | 001,640,221 | ---- | M] () -- C:\Programme\Raptr\libjabber.dll MOD - [2011.09.09 01:47:32 | 001,052,194 | ---- | M] () -- C:\Programme\Raptr\libymsg.dll MOD - [2011.09.09 01:47:22 | 000,495,680 | ---- | M] () -- C:\Programme\Raptr\plugins\libaim.dll MOD - [2011.09.09 01:47:22 | 000,483,306 | ---- | M] () -- C:\Programme\Raptr\plugins\libicq.dll MOD - [2011.09.09 01:47:16 | 000,655,356 | ---- | M] () -- C:\Programme\Raptr\plugins\libirc.dll MOD - [2011.09.09 01:47:16 | 000,603,326 | ---- | M] () -- C:\Programme\Raptr\plugins\ssl-nss.dll MOD - [2011.09.09 01:47:14 | 000,497,782 | ---- | M] () -- C:\Programme\Raptr\plugins\libyahoojp.dll MOD - [2011.09.09 01:47:14 | 000,474,199 | ---- | M] () -- C:\Programme\Raptr\plugins\ssl.dll MOD - [2011.09.09 01:47:10 | 001,306,387 | ---- | M] () -- C:\Programme\Raptr\plugins\libmsn.dll MOD - [2011.09.09 01:47:04 | 000,565,461 | ---- | M] () -- C:\Programme\Raptr\plugins\libxmpp.dll MOD - [2011.09.09 01:46:56 | 000,506,276 | ---- | M] () -- C:\Programme\Raptr\plugins\libyahoo.dll MOD - [2011.08.03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.02.15 20:17:28 | 001,213,633 | ---- | M] () -- C:\Programme\Raptr\libxml2-2.dll MOD - [2011.02.15 20:17:28 | 000,417,501 | ---- | M] () -- C:\Programme\Raptr\sqlite3.dll MOD - [2011.01.06 16:35:33 | 000,007,168 | ---- | M] () -- C:\Users\Tommy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\GermanyRainRadar.dll MOD - [2010.11.23 01:06:22 | 000,055,808 | ---- | M] () -- C:\Programme\Raptr\zlib1.dll MOD - [2010.11.23 00:57:34 | 000,167,936 | ---- | M] () -- C:\Programme\Raptr\win32gui.pyd MOD - [2010.11.23 00:57:34 | 000,111,104 | ---- | M] () -- C:\Programme\Raptr\win32file.pyd MOD - [2010.11.23 00:57:34 | 000,096,256 | ---- | M] () -- C:\Programme\Raptr\win32api.pyd MOD - [2010.11.23 00:57:34 | 000,036,352 | ---- | M] () -- C:\Programme\Raptr\win32process.pyd MOD - [2010.11.23 00:57:18 | 000,141,312 | ---- | M] () -- C:\Programme\Raptr\gobject._gobject.pyd MOD - [2010.11.23 00:57:06 | 000,263,168 | ---- | M] () -- C:\Programme\Raptr\win32com.shell.shell.pyd MOD - [2010.11.23 00:56:56 | 000,354,304 | ---- | M] () -- C:\Programme\Raptr\pythoncom26.dll MOD - [2010.11.23 00:56:56 | 000,110,592 | ---- | M] () -- C:\Programme\Raptr\pywintypes26.dll MOD - [2010.11.23 00:56:26 | 000,324,608 | ---- | M] () -- C:\Programme\Raptr\PIL._imaging.pyd MOD - [2010.11.23 00:56:02 | 000,805,376 | ---- | M] () -- C:\Programme\Raptr\_ssl.pyd MOD - [2010.11.23 00:56:02 | 000,583,680 | ---- | M] () -- C:\Programme\Raptr\unicodedata.pyd MOD - [2010.11.23 00:56:02 | 000,356,864 | ---- | M] () -- C:\Programme\Raptr\_hashlib.pyd MOD - [2010.11.23 00:56:02 | 000,127,488 | ---- | M] () -- C:\Programme\Raptr\pyexpat.pyd MOD - [2010.11.23 00:56:02 | 000,087,040 | ---- | M] () -- C:\Programme\Raptr\_ctypes.pyd MOD - [2010.11.23 00:56:02 | 000,044,544 | ---- | M] () -- C:\Programme\Raptr\_sqlite3.pyd MOD - [2010.11.23 00:56:02 | 000,043,008 | ---- | M] () -- C:\Programme\Raptr\_socket.pyd MOD - [2010.11.23 00:56:02 | 000,009,216 | ---- | M] () -- C:\Programme\Raptr\winsound.pyd MOD - [2010.09.09 00:51:38 | 001,377,448 | ---- | M] () -- C:\Programme\Raptr\plugins\libqq.dll MOD - [2010.05.28 16:05:58 | 002,342,983 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\Normal.dll MOD - [2010.05.28 16:04:04 | 000,110,592 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\AMD8.dll MOD - [2010.05.28 14:15:02 | 000,344,131 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\work.dll MOD - [2010.05.27 10:08:58 | 000,139,264 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\OCK.dll MOD - [2010.05.25 14:00:34 | 000,290,816 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\MFCCPU.dll MOD - [2010.05.21 13:29:08 | 000,196,608 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GVTunner.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.03.12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\platform.dll MOD - [2010.03.12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\device.dll MOD - [2010.01.12 17:09:20 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\SF.dll MOD - [2009.12.22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\ycc.dll MOD - [2009.10.21 14:07:06 | 000,106,496 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\HM.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.05.07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\CIAMIB.dll MOD - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GUI.exe MOD - [2006.12.10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll MOD - [2003.02.14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\Sound.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.15 02:16:55 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.11.21 12:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.05.08 19:58:50 | 000,560,640 | ---- | M] (Andreas Sammann) [Auto | Running] -- C:\Programme\C2DtoG15\SystoG15Svc.exe -- (SystoG15Service) SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.10 10:24:08 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2002.01.20 19:02:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy) SRV - [2002.01.20 19:02:54 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva360.sys -- (XDva360) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.26 17:24:50 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2012.04.26 17:24:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.15 11:27:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.26 14:28:19 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.03.26 14:28:19 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.01.02 15:37:24 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2010.09.22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.11.19 17:00:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.20\RivaTuner32.sys -- (RivaTuner32) DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.07.26 22:30:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Programme\C2DtoG15\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2008.07.03 12:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2008.02.14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5) DRV - [2007.08.08 18:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) DRV - [2006.06.06 09:51:06 | 000,022,528 | ---- | M] (WALTOP International Corp.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp) DRV - [2003.10.15 18:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) DRV - [2002.01.20 19:02:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy) DRV - [2002.01.20 19:02:54 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 23:04:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:32:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.12 21:57:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Tommy\AppData\Roaming\11019 [2012.04.25 12:51:04 | 000,000,000 | ---D | M] [2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions [2011.04.27 01:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.03.28 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions [2012.03.28 22:12:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.24 03:36:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.08 14:04:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\conduit.xml [2012.04.07 01:18:12 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-1.xml [2010.09.18 22:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-2.xml [2010.10.21 15:45:25 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-3.xml [2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin.xml [2012.04.26 16:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.26 16:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.25 12:51:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TOMMY\APPDATA\ROAMING\11019 [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.26 16:26:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Raptr] C:\Programme\Raptr\raptrstub.exe (Raptr, Inc) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Programme\GIGABYTE\ET6\ETcall.exe () O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7C1B26-69B5-403D-8482-29F3ADB3332C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.04.26 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.04.26 16:31:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.26 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.04.26 16:26:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.04.26 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\xmldm [2012.04.26 16:11:56 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.26 16:05:21 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012.04.26 01:52:59 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe [2012.04.26 00:44:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2012.04.25 20:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.25 20:21:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019 [2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018 [2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017 [2012.04.21 15:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016 [2012.04.18 19:49:57 | 000,000,000 | RH-D | C] -- C:\Users\Tommy\AppData\Roaming\SecuROM [2012.04.18 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM [2012.04.18 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.04.18 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015 [2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014 [2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013 [2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012 [2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010 [2012.04.12 03:07:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.12 03:07:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.12 03:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.12 03:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.12 03:07:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.12 03:07:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.12 03:06:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.12 03:06:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009 [2012.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2012 Patch [1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.26 17:28:49 | 000,607,366 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.26 17:28:48 | 000,641,772 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.26 17:28:48 | 000,132,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.26 17:28:48 | 000,109,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.26 17:25:56 | 000,000,680 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat [2012.04.26 17:24:50 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2012.04.26 17:24:50 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref [2012.04.26 17:24:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012.04.26 17:24:14 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 17:24:14 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.26 17:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.26 17:24:06 | 3487,850,496 | -HS- | M] () -- C:\hiberfil.sys [2012.04.26 17:22:39 | 000,000,796 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2012.04.26 16:32:16 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.04.26 16:26:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.04.26 16:26:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.04.26 11:52:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.26 01:53:10 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe [2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2012.04.26 00:35:03 | 000,073,216 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.25 20:21:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.25 18:01:22 | 000,000,016 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res [2012.04.25 14:07:27 | 000,000,048 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat [2012.04.24 11:10:39 | 000,226,792 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll [2012.04.24 11:10:39 | 000,007,368 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll [2012.04.18 19:15:41 | 001,047,158 | ---- | M] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.26 16:32:16 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.04.26 16:32:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.04.26 11:52:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.25 20:21:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.24 11:10:39 | 000,226,792 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll [2012.04.24 11:10:39 | 000,007,368 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll [2012.04.22 00:21:57 | 3487,850,496 | -HS- | C] () -- C:\hiberfil.sys [2012.04.18 19:10:52 | 001,047,158 | ---- | C] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg [2012.04.12 18:10:30 | 000,000,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat [2012.04.11 20:30:19 | 000,000,016 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res [2012.03.13 21:47:28 | 000,017,408 | ---- | C] () -- C:\Users\Tommy\AppData\Local\WebpageIcons.db [2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011.12.05 23:29:47 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2011.12.05 23:29:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011.12.05 23:28:44 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.11.09 18:12:00 | 000,019,400 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2011.10.13 01:41:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.09.15 11:03:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.09 17:47:26 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.05.16 12:55:28 | 011,010,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Sandra.mdb [2011.04.13 15:07:49 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys [2011.04.13 15:07:49 | 000,001,856 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys [2011.04.13 15:06:50 | 000,000,202 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.04.12 13:44:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.26 14:28:19 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.26 14:28:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.02.14 13:42:58 | 000,000,552 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d8caps.dat [2011.01.06 18:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.01.06 17:45:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll [2010.12.06 03:16:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.04 03:16:50 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat [2010.10.20 12:01:05 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010.10.20 12:01:05 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2010.08.27 21:28:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010.08.27 21:28:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.07.23 18:18:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.23 18:18:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.20 16:25:39 | 000,073,216 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.19 11:10:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.18 23:16:38 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat [2010.07.18 10:56:50 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2010.07.17 23:02:49 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.17 13:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.17 13:02:17 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.07.17 12:58:09 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.04.11 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11009 [2012.04.12 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11010 [2012.04.12 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11012 [2012.04.13 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11013 [2012.04.17 02:00:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11014 [2012.04.17 12:02:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11015 [2012.04.22 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11016 [2012.04.23 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11017 [2012.04.24 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11018 [2012.04.25 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11019 [2011.01.08 03:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Activision [2011.04.13 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\AnvSoft [2010.07.17 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CheckPoint [2011.04.12 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner [2012.01.24 03:36:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoft [2011.04.24 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.10 01:41:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GetRightToGo [2012.04.26 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ICQ [2012.03.06 14:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Image Zone Express [2011.11.18 00:37:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LaunchPad [2010.08.27 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LG Electronics [2011.06.23 23:38:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LucasArts [2010.10.07 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org [2011.09.15 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\pdfforge [2011.02.22 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Petroglyph [2010.11.03 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Printer Info Cache [2011.10.05 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Prism [2011.09.23 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Quest3D [2012.04.26 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Raptr [2011.09.23 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Roaming [2011.07.20 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Simfy [2011.12.12 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird [2011.04.27 01:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TomTom [2012.04.22 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client [2012.04.26 16:21:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\xmldm [2012.04.26 17:22:45 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2012 17:33:50 - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,67% Memory free
6,68 Gb Paging File | 5,24 Gb Available in Paging File | 78,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 145,00 Gb Free Space | 31,13% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3BEC-B7BA-4BCB-B93D-F0AFA4F2FC84}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{17BF2527-3D2C-4E27-A52A-335D765C9B71}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe |
"{B4D26F88-212D-4814-AE61-E5025C3D2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9647509-994C-4A16-B4CA-EC7109561E02}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00620CC1-D498-4423-9896-CC5A77255AD5}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe |
"{01B24FCC-2E63-4DA1-84AC-9FC6D8C80AFC}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe |
"{04A02DE7-9BAB-494A-B528-1A32D0745159}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe |
"{05205A34-0373-4CB1-A7A0-AD1B184C2011}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe |
"{0631EAED-5859-4807-B74C-85F3B01193A9}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{07B84C9C-8307-4494-8DFD-1DAF134E9023}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe |
"{07DE5062-84F0-4B3D-B299-3544E3D391A7}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe |
"{0D63082B-4CB1-4B9D-ABED-B4FE72C8C464}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe |
"{1120922E-2CFF-41D9-BA00-8CE71EA9FE22}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe |
"{184BA749-E1D9-45F0-9262-555402C4F527}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{19EDD077-C8C4-4EE2-A320-DEDB7134B9DC}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{1CB0E5CE-4F79-4E8A-BDF2-D5C39D886FAB}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{1DB4FF3C-0507-47EC-B8EA-C5EF4C8D86EB}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{1E45F541-C265-4E80-AAAF-6E8AD018DC57}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe |
"{23C56C71-059B-4021-B9C8-CD76219E796A}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{324851DB-58D2-4E7B-BAF2-E0996704E922}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{35BA93CB-333C-4CF6-8725-11A17A243391}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe |
"{3A589C88-CF25-42B8-9FA1-92497C882B7A}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{3AC095A9-3247-4C63-8473-3BD770B9C20B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{3E9D0BFA-3CE7-4FB1-A21B-57ADD51A3EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{42377774-C2DE-4D34-B9F3-C32BBC1C7AD2}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{4392C986-9C66-4DC7-931C-D7C1025685F8}" = protocol=6 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe |
"{4C140D38-27DC-4D28-BAE3-1E66BF97CEF1}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{50C5997D-B2D4-4F9B-B2F8-78B56D6DEA04}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{59E4CCF8-22B5-4C4F-87EE-06A1BB88D51D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{60DFDA8D-4F6E-48B4-962B-2ADD5E106EEC}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{62757F24-4DFF-4168-9234-4D327FA7E047}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{651A1A49-015B-4C90-9DE9-832A7E8BA785}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{669BCEAE-EFCA-4731-B451-EF0D095218BB}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{6825AEE4-B11B-4EDB-8390-190C1A04BC1E}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{69B164D5-A05D-47DF-9AF2-EA1822B42267}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6F73E07A-155A-4446-A5EA-B735BDB4593B}" = protocol=17 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe |
"{725138F0-640F-4CAC-94EE-7C148F6A877D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe |
"{791F8798-EFB2-4E96-9020-C56D4FF7BEDD}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{79E3658D-84F3-4488-B3F1-96F6EE0F796D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7AD4D544-6D73-455A-BBFF-30551F72919F}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{7B6CB3B9-CDB5-4A24-90EF-E95202F4017B}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe |
"{82E761B3-68B0-48FE-86AE-07A06B46FFFA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{85C784E8-E53A-4FF8-A799-B194D047EB17}" = protocol=6 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe |
"{86D45300-0ACD-4BE8-AB72-030A7827B356}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{880E771B-8EE5-42F4-825B-6F1BD9F39299}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe |
"{8C528F8F-F9E0-468E-A0E7-80D0C6046279}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{938512F5-34FE-4BA1-AA62-0E2441A6F1B8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{94733B01-EFEF-4380-8485-D76DA1B97A93}" = protocol=17 | dir=in | app=d:\spiele\codemasters\grid\grid.exe |
"{95F18369-3CA7-45A7-B410-D932FEA49DA2}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{96F625FD-1546-4B7F-9F13-12DBE198CA5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9C38C6AB-BA1D-40AA-9CC3-3AC823585D2B}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe |
"{9D8B252F-6326-4430-821A-316AD24CA993}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe |
"{9EB1B8D1-4A1C-4CC8-A5A7-7CABB99B6676}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{A15AB570-8384-4902-9D28-2FB4F6BD58AB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A1FFC0BC-265D-4E1E-AFC0-7BC8DDDF8284}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe |
"{A22B1C81-8077-4B1B-925A-2003ED70E811}" = protocol=17 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe |
"{AA526D98-2546-4B01-9B31-BD81DE179A61}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe |
"{AB965C6A-AC05-4DD4-90D9-2693C880D0C5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{B1BB64BA-947C-4E8B-893B-894A6A5CF03B}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe |
"{B6AD2761-C0BA-4118-90E1-5D00BC3F05DD}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{C4E6D21C-2533-44CD-8AEA-BC3CBBB65F03}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe |
"{D0693EBA-B3B3-4D51-8710-B584971E25CF}" = protocol=6 | dir=in | app=d:\spiele\codemasters\grid\grid.exe |
"{D2762F96-67AE-4661-85F2-93677C02B61C}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{D2E250DE-8CED-4856-821F-A915978A3047}" = protocol=6 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe |
"{D2FEF08A-BA2F-4BFE-8495-C28381A88465}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe |
"{D8A0FC63-6DB0-4125-AF9E-1D00DB435CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB0EE392-F4C7-40CD-BC17-D20B73A179A0}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe |
"{DC9915A7-A4E1-4F03-BDB2-2D294B9706F7}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe |
"{E16414F2-4350-45CC-8098-6D9935769051}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{E359C5D5-6000-42B2-97CC-223E33D82831}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E4E9454F-0456-4B33-9BD7-483B19A1D56F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E56812BF-5C28-4F52-A7E4-55BC8D7CFC2B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{E6B40784-8AB0-4447-B716-5F0808923114}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe |
"{EB685CA2-12DF-4AC1-8522-714E9561AB02}" = protocol=17 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe |
"{EB6BA865-1719-444D-B73A-6322C6DF530B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{EDA860F6-074C-41B9-9658-EF874CC73C76}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{EDFD00CD-8896-414F-AA72-07650C4F0301}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe |
"{F08CE25F-BB41-49B3-ACCB-7616CF6A8B3C}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{F6E67672-46EE-47A7-AB25-BA1503196D01}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FA4A80D3-5AE6-4FD9-875C-7DD84059AE30}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe |
"{FECE9618-DC46-4FDC-A57C-3B22D90001C2}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe |
"TCP Query User{0D5EBFBC-A9A4-438C-B1D8-7207BE0D26A8}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{0EDD7BF4-BA1D-483A-BDBA-6C18E7FB5F2C}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{25FC25FB-538C-421A-BB38-DAB484798C45}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{354DF200-F50E-42F1-B226-24FD7EDC1E24}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{3A281E06-7267-4768-A385-2042F13D632D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{7BD0C7D7-F7B8-44DD-A8F0-917490ED8D41}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{A4E43130-B07D-40AA-840E-7265589F4480}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C6F24F49-73D7-4621-BAFE-891D0DE44590}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{017ABF61-7E57-4DB4-88CE-20257B965F54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2738105C-0A02-44A5-A826-626C478737A9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{50FC507A-C9A5-4A78-B157-1D4D8DEF50BD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{842BD1C4-91FA-4B84-9BF1-77073DFB2578}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9E5D26BC-0E59-4953-8E0E-E3E183CDDEFB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D3AFC773-2271-46A8-AB69-049243EC6FD5}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{E14BE6CF-E5E0-4444-A059-21EE2136BA75}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{E6D79A89-5C1D-4F41-983C-7770670D18CC}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.0.1
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028302}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028303}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision(R)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.1
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneDVD2" = CloneDVD2
"Episode 1" = Back to the Future The Game - Episode 1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Ein Quantum Trost(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IP Changer 2.0" = IP Changer 2.0
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"pepakura_designer3en" = Pepakura Designer 3
"RADVideo" = RAD Video Tools
"Rainlendar2" = Rainlendar2 (remove only)
"Raptr" = Raptr
"RivaTuner" = RivaTuner v2.20
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"SopCast" = SopCast 3.3.2
"StarCraft" = StarCraft
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 31740" = Iron Grip: Marauders
"Steam App 36620" = Forsaken World
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 61720" = Might and Magic: Clash of Heroes - Demo
"Steam App 90530" = Rise of Immortals
"Steam App 99870" = Bulletstorm Demo
"Tales of Monkey Island" = Tales of Monkey Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"Volumenzähler_is1" = Volumenzähler 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"Smart Shutdown Manager" = Smart Shutdown Manager
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
ich hoff, des passt soweit |
|
26.04.2012, 17:57
| #7 | |
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefundenZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
26.04.2012, 18:12
| #8 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden aso, ja jetzt scho. also dienststatus beendet und starttyp ist deaktiviert |
|
26.04.2012, 18:46
| #9 |
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden zu Punk 8.: ich bin mir fast 100% sicher, da Malware am Spiel ist. aber machen wir erstmal weiter: 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
27.04.2012, 01:02
| #10 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden ich habs wie beschrieben durchgeführt und alle wichtigen daten separat gesaved. nur zum ende hin sagte er, dass das programm nicht richtig ausgeführt wurde. aber er hat dann doch weitergemacht und den log gebracht. ComboFix.txt [Code] Combofix Logfile: Code:
ATTFilter ComboFix 12-04-26.01 - Tommy 27.04.2012 1:34.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.3325.1948 [GMT 2:00]
ausgeführt von:: c:\users\Tommy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Tommy\AppData\Local\assembly\tmp
c:\users\Tommy\AppData\Roaming\AcroIEHelpe.txt
c:\users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
c:\users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\bookmarks.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\clients.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\forms.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\history.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\passwords.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\prefs.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\tabs.json
c:\users\Tommy\AppData\Roaming\Roaming
c:\users\Tommy\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Tommy\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-26 bis 2012-04-26 ))))))))))))))))))))))))))))))
.
.
2012-04-26 23:46 . 2012-04-26 23:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-26 23:46 . 2012-04-26 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 14:32 . 2012-04-26 14:32 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-26 14:29 . 2012-04-26 14:29 -------- d-----w- c:\program files\Common Files\Java
2012-04-26 14:21 . 2012-04-26 14:21 -------- d-----w- c:\users\Tommy\AppData\Roaming\xmldm
2012-04-26 14:11 . 2012-04-26 14:11 -------- d-----w- C:\_OTL
2012-04-26 14:05 . 2012-04-26 14:05 -------- d-----w- c:\windows\Internet Logs
2012-04-25 18:21 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 10:51 . 2012-04-25 10:51 -------- d-----w- c:\users\Tommy\AppData\Roaming\11019
2012-04-24 09:10 . 2012-04-24 09:10 -------- d-----w- c:\users\Tommy\AppData\Roaming\11018
2012-04-24 07:24 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAE87D6D-0ACA-491D-90D6-A11AB575E210}\mpengine.dll
2012-04-23 09:58 . 2012-04-23 09:58 -------- d-----w- c:\users\Tommy\AppData\Roaming\11017
2012-04-21 13:15 . 2012-04-21 13:16 -------- d-----w- c:\programdata\Battle.net
2012-04-21 12:42 . 2012-04-21 22:34 -------- d-----w- c:\users\Tommy\AppData\Roaming\11016
2012-04-18 17:49 . 2012-04-18 17:49 -------- d--h--r- c:\users\Tommy\AppData\Roaming\SecuROM
2012-04-18 17:30 . 2012-04-18 17:31 -------- d-----w- c:\programdata\WinZip
2012-04-17 10:02 . 2012-04-17 10:02 -------- d-----w- c:\users\Tommy\AppData\Roaming\11015
2012-04-16 18:38 . 2012-04-17 00:00 -------- d-----w- c:\users\Tommy\AppData\Roaming\11014
2012-04-13 10:45 . 2012-04-13 10:45 -------- d-----w- c:\users\Tommy\AppData\Roaming\11013
2012-04-12 12:01 . 2012-04-12 13:30 -------- d-----w- c:\users\Tommy\AppData\Roaming\11012
2012-04-12 11:04 . 2012-04-12 11:04 -------- d-----w- c:\users\Tommy\AppData\Roaming\11010
2012-04-12 01:06 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:06 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 20:05 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 18:30 . 2012-04-11 18:30 -------- d-----w- c:\users\Tommy\AppData\Roaming\11009
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 22:55 . 2010-07-18 08:56 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-04-26 22:55 . 2010-07-17 11:02 17488 ----a-w- c:\windows\gdrv.sys
2012-04-26 14:26 . 2011-02-27 15:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 21:01 . 2011-09-24 16:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 19:21 . 2012-02-29 19:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-02-23 08:18 . 2010-07-17 23:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 09:27 . 2011-10-25 23:30 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-15 00:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-15 00:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-15 00:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-15 00:22 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-15 00:22 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-15 00:22 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-03-26 21:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2012-04-16 53168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-12 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - c:\program files\C2DtoG15\C2DtoG15.exe [2010-7-18 557568]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-2-29 3537304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 04:41 329656 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-07 08:19 6139904 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeCounter]
2001-07-30 12:51 278528 ----a-w- c:\program files\Volumenzaehler\BoVolume.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Free YouTube to Mp3 Converter - c:\users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-CloneCDTray - d:\bescheißen\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-IP Changer 2 - c:\program files\Plustech Inc.\IP Changer 2.0\yourapp.Exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Worms Armageddon - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-27 01:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-27 01:48:32
ComboFix-quarantined-files.txt 2012-04-26 23:48
.
Vor Suchlauf: 31 Verzeichnis(se), 154.353.491.968 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 154.257.461.248 Bytes frei
.
- - End Of File - - E170BA79B41CB3DBF375FAFDBC2488BA
Add-Remove Programs.txt Code:
ATTFilter 32 Bit HP CIO Components Installer 3DMark 11 Activision(R) Adobe AIR Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) - Deutsch AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Aion Any Video Converter 3.2.1 Apple Application Support Apple Software Update ATITool Overclocking Utility Avira Free Antivirus Back to the Future The Game - Episode 1 BufferChm Bulletstorm Demo C2DtoG15 2.0.0.1 C3100 c3100_Help CCleaner Cheat Engine 6.0 CloneDVD2 Copy CustomerResearchQFolder Der Herr der Ringe Online v03.02.04.8010 Destinations DeviceManagementQFolder DocProc DocProcQFolder Dragon Age II Demo DSL-Manager Easy Tune 6 B10.0528.1 Ein Quantum Trost(TM) Energy Saver Advance B8.0610.1 eSupportQFolder Fallout 3 Fax Forsaken World Fraps (remove only) Free Audio CD Burner version 1.4.7 Free YouTube to MP3 Converter version 3.10.15.1228 Google Earth Plug-in Google Update Helper GRID Half-Life 2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart.All-In-One Driver Software 8.0 .A HP Solution Center 8.0 HP Update HPProductAssistant HPSSupply ICQ Toolbar ICQ7.5 Infineon USB driver 1.0.0.6 Intel® Matrix Storage Manager IP Changer 2.0 Iron Grip: Marauders Java Auto Updater Java(TM) 6 Update 31 Kane & Lynch 2: Dog Days LG Internet Kit LG PC Suite III LG USB Modem Drivers Livestream Procaster Logitech Eyetoy Webcam Logitech GamePanel Software 3.04.143 Malwarebytes Anti-Malware Version 1.61.0.1400 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.0 Might and Magic: Clash of Heroes - Demo Mozilla Firefox 11.0 (x86 de) Mozilla Thunderbird 11.0.1 (x86 de) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NASCAR® Racing 2002 Season NCsoft Launcher NVIDIA 3D Vision Controller-Treiber 280.19 NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Treiber 280.26 NVIDIA Grafiktreiber 280.26 NVIDIA Install Application NVIDIA nTune NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 280.26 NVIDIA Update 1.4.28 NVIDIA Update Components OpenAL OpenTTD 1.1.3 Orcs Must Die! Demo PDFCreator Pepakura Designer 3 Pro Evolution Soccer 2011 Pro Evolution Soccer 2011 DEMO Pro Evolution Soccer 2012 Pro Evolution Soccer 2012 DEMO Quantum of Solace(TM) 1.1 Patch QuickTime RAD Video Tools Rainlendar2 (remove only) Raptr Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Red Faction Guerrilla Red Faction: Guerrilla Republic Heroes RESIDENT EVIL 5 Rise of Immortals RivaTuner v2.20 Rusty Hearts Sam & Max - Culture Shock 1.0 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Windows Media Encoder (KB2447961) Ship Simulator Extremes Demo SiSoftware Sandra Lite 2011.SP2 Skype™ 5.5 Smart Shutdown Manager SolutionCenter SopCast 3.3.2 Star Wars Empire at War Star Wars Republic Commando Star Wars: The Old Republic StarCraft Status Tales of Monkey Island Team Fortress 2 TeamSpeak 3 Client The Witcher TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Two Worlds Uninstall 1.0.0.1 Unity Web Player UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB Flash Port Driver Veetle TV 0.9.18 VLC media player 1.1.0 Volumenzähler 1.0 WebReg Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) Windows Live-Uploadtool Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Messenger Windows Media Encoder 9-Reihe WinRAR Wolfenstein World of Warcraft Worms Armageddon Worms Reloaded Xfire (remove only) Zattoo4 4.0.5 combofix-quarantined-files.txt falls das auch noch relevant ist Code:
ATTFilter 2012-04-26 23:48:03 . 2012-04-26 23:48:03 540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Worms Armageddon.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45 938 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpybotSD TeaTimer.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45 932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-IP Changer 2.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-CloneCDTray.reg.dat
2012-04-26 23:46:38 . 2012-04-26 23:46:38 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PlayNC Launcher.reg.dat
2012-04-26 23:46:37 . 2012-04-26 23:46:37 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}.reg.dat
2012-04-26 23:46:37 . 2012-04-26 23:46:37 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}.reg.dat
2012-04-26 23:44:31 . 2012-04-26 23:44:31 4,967 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-26 23:31:47 . 2012-04-26 23:34:29 82 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-24 09:10:39 . 2012-04-24 09:10:39 7,368 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll.vir
2012-04-24 09:10:39 . 2012-04-24 09:10:39 226,792 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll.vir
2012-04-11 18:30:30 . 2012-04-24 09:10:39 65 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\AcroIEHelpe.txt.vir
2012-04-11 18:30:17 . 2012-04-11 18:30:17 264 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\srvblck5.tmp.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\tabs.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\prefs.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\passwords.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\history.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\forms.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\bookmarks.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\clients.json.vir
2011-04-15 14:37:13 . 1997-05-29 14:31:26 315,904 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0407.exe.vir
2010-08-20 10:23:42 . 2010-08-20 10:23:42 243,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst.vir
2007-11-07 07:03:18 . 2007-11-07 07:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir
2003-02-21 04:16:08 . 2003-02-21 04:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\URTTEMP\regtlib.exe.vir
|
|
27.04.2012, 05:57
| #11 |
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden 1. Die combofix.exe befindet sich noch auf Deinem Desktop? Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit "Speichern unter" auf dem Desktop. Gib an "Alle Dateien" - Speichern: Code:
ATTFilter KILLALL::
File::
c:\users\Tommy\AppData\Roaming\xmldm
c:\users\Tommy\AppData\Roaming\11019
c:\users\Tommy\AppData\Roaming\11018
c:\users\Tommy\AppData\Roaming\11017
c:\users\Tommy\AppData\Roaming\11016
c:\users\Tommy\AppData\Roaming\11015
c:\users\Tommy\AppData\Roaming\11014
c:\users\Tommy\AppData\Roaming\11013
c:\users\Tommy\AppData\Roaming\11012
c:\users\Tommy\AppData\Roaming\11010
c:\users\Tommy\AppData\Roaming\11009
c:\program files\ConduitEngine\ConduitEngine.dll
 in bezug auf das obige bild, ziehe das CFScript in die combofix.exe hinein. wenn CF fertig ist, wird es eine Logdatei unter C:\ComboFix.txt erstellen, poste den inhalt. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt - Warte, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint! Bitte füge es hier als nächste Antwort ein. 2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
27.04.2012, 11:44
| #12 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden habs gemacht wie beschrieben. nur lassen sich jetzt der firefox und der internetexplorer nicht mehr normal öffnen. sie lassen sich nur öffnen, wenn ich sie als administrator ausführe. wenn ich normal draufklicke heißt es: Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde. combofix log Code:
ATTFilter Combofix Logfile: |
|
27.04.2012, 20:47
| #13 |
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden nur Firefox und der Internet Explorer, oder andere Programme auch?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
27.04.2012, 23:40
| #14 |
| | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden nun gehts wieder. firefox und ie lassen sich auch so wieder öffnen. bei anderen programmen gibts auch keine probleme |
|
28.04.2012, 09:04
| #15 |
| /// Helfer-Team | Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden 1. läuft unter XP, Vista mit (32Bit) die Objekte existieren immer noch? Code:
ATTFilter c:\users\Tommy\AppData\Roaming\xmldm
c:\users\Tommy\AppData\Roaming\11019
c:\users\Tommy\AppData\Roaming\11018
c:\users\Tommy\AppData\Roaming\11017
c:\users\Tommy\AppData\Roaming\11016
c:\users\Tommy\AppData\Roaming\11015
c:\users\Tommy\AppData\Roaming\11014
c:\users\Tommy\AppData\Roaming\11013
c:\users\Tommy\AppData\Roaming\11012
c:\users\Tommy\AppData\Roaming\11010
c:\users\Tommy\AppData\Roaming\11009
läuft unter XP, Vista mit (32Bit) erneut einen Scan mit OTL:
3. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden |
| .exe, .exe datei, antivir, bundespolizei, content.ie5, datei, files, gefunde, heute, inter, interne, internet, pferd, plattmachen, quarantäne, reich, temporary, troja, trojaner, trojanisches, trojanisches pferd, zweimal |
.
Linear-Darstellung
