| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Atraps.Gen festgestelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.04.2012, 20:51
| #1 |
 |  TR/Atraps.Gen festgestellt Guten Tag seit Kurzem habe ich den Trojaner TR/Atraps.Gen durch das Programm Avira festgestellt und komme erst jetzt dazu gegen ihn etwas zu unternehmen (PC wird auch von anderen benutzt) Der Trojaner hat einige Tage nichts getan, aber jetzt funktioniert der PC nicht mehr richtig (ich schreibe gerade über Laptop). -Windows braucht länger zum Starten. -Internet funktioniert gar nicht mehr auf dem PC. -Anti-Viren-Programme werden geblockt. System: Vista 32-bit Jetzt wollte ich eine Hilfsanfrage starten und habe wie gefordert zuerst die drei Schritte (defogger, dds, Gmer) gemacht. Leider funktionerte nur ersteres. dds startet erst gar nicht und GMER stürzt mitten im Scan ab. Daher im Anhang nur der Bericht von defogger. Ansonsten noch ein Bericht über einen kompletten Scan von Avira sowie ein kompletter Scan von Malwarebytes. Keine Ahnung warum im Avira Bericht der Trojaner nicht drin steht wo er doch 3 Dateien infiziert hatte. C:\Windows\System32\aptwx5day.dll C:\Windows\System32\d3dytd1vd.dll C:\Windows\System32\xptn0r8k.dll hatte er befallen. Hoffe ich habe alles soweit. Vielen Dank für eine schnelle Antwort MfG |
|
30.04.2012, 14:57
| #2 |
| /// Malware-holic   | TR/Atraps.Gen festgestellt hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
30.04.2012, 18:24
| #3 |
| | TR/Atraps.Gen festgestellt Erstmal vielen Dank, dass du dich hier meldest
__________________Hier OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2012 19:04:10 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free 10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.04.20 10:33:24 | 000,497,152 | ---- | M] (LOL Replay) -- C:\Programme\LOLReplay\LOLRecorder.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 00:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe ========== Modules (No Company Name) ========== MOD - [2012.04.20 10:33:22 | 000,265,728 | ---- | M] () -- C:\Programme\LOLReplay\LOLUtils.dll MOD - [2012.03.05 14:45:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2012.01.31 12:37:24 | 012,907,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\03c1786328450d3eb3129a6ee9c161d0\System.Windows.Forms.ni.dll MOD - [2012.01.31 12:37:17 | 001,653,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6abcaa7df5e346b0912197bcf7fcab15\System.Drawing.ni.dll MOD - [2012.01.31 12:37:10 | 005,764,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1d2279b148a6fb152f2a45b7d31fff2d\System.Xml.ni.dll MOD - [2012.01.31 12:37:06 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0360226da2794a6b15a262f3e48709ef\System.Configuration.ni.dll MOD - [2012.01.31 12:37:04 | 008,367,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9b3afa5f4ba74c561f0fa1bfceba7e0\System.ni.dll MOD - [2012.01.31 12:35:58 | 015,424,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3cdbdfe526ccd9eef32943313ea0231d\PresentationFramework.ni.dll MOD - [2012.01.31 12:35:44 | 013,094,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4861ab3c08650851bc270cebd6745e99\PresentationCore.ni.dll MOD - [2012.01.31 12:35:32 | 003,568,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a17ee74a7d2abf0a25e989efe881f3c\WindowsBase.ni.dll MOD - [2012.01.31 12:32:16 | 002,517,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5f3a699a62a098beef04f48514c47a58\System.Core.ni.dll MOD - [2012.01.29 14:10:59 | 000,406,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cd5c2f950025f574dde718eb20af161\PresentationFramework.Aero.ni.dll MOD - [2009.08.21 16:47:12 | 004,361,056 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009.03.29 22:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 22:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.20 17:08:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.08.21 16:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009.08.21 16:39:22 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.21 16:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- d:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) [Auto | Running] -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe -- (SmartSurferManager) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2005.09.23 17:45:46 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.10.13 08:00:27 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.31 13:15:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.31 13:15:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.01.15 19:36:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.12.25 13:02:13 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PzWDM.sys -- (PzWDM) DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.02.12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2005.09.23 17:38:44 | 000,316,928 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) DRV - [2003.01.14 11:41:10 | 000,273,664 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\AGFUCAPI.sys -- (agfucapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19764&mntrId=2cec11f30000000000000007776409320932 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.09 10:26:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 18:39:29 | 000,000,000 | ---D | M] [2011.03.06 11:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.04.27 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions [2012.03.03 11:19:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.27 17:16:56 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.04.03 19:35:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\engine@conduit.com [2011.09.30 15:05:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\ffxtlbr@babylon.com [2011.11.15 18:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.09 10:26:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.06 13:14:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.09 10:26:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.24 17:54:18 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.04.09 10:26:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.09 10:26:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.09 10:26:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.09 10:26:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.09 10:26:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3059536D-C6FF-4A7F-BBB5-ED3FF977FDCB}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.01.06 17:31:24 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm) - E:\Autorun.exe -- [ CDFS ] O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell - "" = AutoRun O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell - "" = AutoRun O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell\AutoRun\command - "" = N:\AutoRun.exe O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = J:\PopCDRun.exe O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = M:\SETUP.EXE O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm) O33 - MountPoints2\{ce9aac69-fba5-11de-9c88-0021853ffcbf}\Shell\AutoRun\command - "" = avira.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.30 19:03:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.27 17:54:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.04.27 17:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.27 17:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.27 17:53:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.27 17:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.27 17:53:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe [2012.04.20 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Thief - Deadly Shadows [2012.04.20 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Thief - Deadly Shadows [2012.04.20 19:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Thief - Deadly Shadows [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.30 19:07:13 | 000,690,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.30 19:07:13 | 000,647,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.30 19:07:13 | 000,152,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.30 19:07:13 | 000,125,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:58:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.28 21:42:09 | 000,428,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.28 20:09:14 | 000,002,855 | ---- | M] () -- C:\Users\***\Desktop\dds.PIF [2012.04.28 19:59:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.04.27 17:55:04 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.27 17:53:23 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe [2012.04.20 16:52:15 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.04.20 16:52:15 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.04.17 19:58:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.04.17 19:58:39 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.04.17 19:58:25 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.28 21:41:57 | 000,428,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.28 20:09:14 | 000,002,855 | ---- | C] () -- C:\Users\***\Desktop\dds.PIF [2012.04.28 19:59:02 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.04.27 17:53:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.31 22:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.12.31 22:39:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.04.21 18:45:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.04.21 18:45:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.04.21 18:45:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.21 18:18:10 | 000,070,308 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.04.14 11:30:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.02.17 18:50:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll [2010.11.20 19:49:45 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.30 20:18:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE [2010.10.13 08:00:27 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys [2010.06.20 18:01:57 | 000,000,674 | ---- | C] () -- C:\Windows\eReg.dat ========== LOP Check ========== [2010.04.22 16:04:41 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.08.12 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.09.24 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2011.06.18 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2 [2010.08.29 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.10.17 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kanes Rache [2010.10.18 17:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.06.19 10:10:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2012.01.13 13:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.06.19 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2009.04.23 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FFSJ [2011.04.09 13:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2011.09.24 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.01.13 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft [2008.12.25 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.06.08 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.11.27 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.11.11 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.12.04 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT [2010.05.07 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2010.09.07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation [2012.01.13 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartSurfer [2011.04.10 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2011.04.08 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2011.04.06 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.01.13 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.05.30 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2008.12.30 14:42:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEBDE [2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.04.28 17:08:52 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%. > < %PROGRAMFILES%.exe > < %LOCALAPPDATA%.exe > < %systemroot%. mp s > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%system32.dll lockedfiles > < %USERPROFILE%. > < %USERPROFILE%Local SettingsTemp.exe > < %USERPROFILE%Local SettingsTemp.dll > < %USERPROFILE%Application Data.exe > < HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystemsWindows rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 56044 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Und hier Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.04.2012 19:04:10 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free
10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Program Files\Combat Arms EU\CombatArms.exe" = D:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"D:\Program Files\Combat Arms EU\Engine.exe" = D:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0395D966-5124-478E-BB1A-8B4013589898}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0B074541-DCE1-4E13-A596-68BEED113198}" = lport=445 | protocol=6 | dir=in | app=system |
"{10F249D5-4925-42C8-80D6-3CF020C64A26}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B4B318C-5D00-4B7C-B555-5AD364E35294}" = lport=138 | protocol=17 | dir=in | app=system |
"{253E8AC0-9FE5-41DA-AB24-217766B9A325}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{4D1D05ED-B8D4-46B4-A374-AF5EFA0F132D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B392386-BE32-4967-9959-93E3011523ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E8CFE6B-AC05-4145-A698-38C3CD790973}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{742E9F08-44F0-4629-9A0F-A77D6FEDD002}" = lport=139 | protocol=6 | dir=in | app=system |
"{7809D06C-8CE5-4D82-979B-A094B276F251}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8832AD9B-0AB8-435D-81D8-3960A46C167F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8BEBDF46-68CA-4FF4-9CDC-881FC3E70293}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6E254F5-51E1-4ABF-982E-68C7F9662FA2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{AD8B79A8-420B-48F1-9D32-0781539D8C9F}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4043FFD-6C9B-4150-9810-E0BA7C5443C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE759ACE-AE52-42DB-BEAD-6D18B099C819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039C1103-3FC4-4AD5-896B-1219957CD743}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{08E48ED4-342A-45C8-BC40-EAE14BA7B2ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B277B2C-D8AC-48CA-8679-7E5D77C52124}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0D69C4EF-4967-4C70-A4BA-3DB7665E6ADD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0FEF0ED0-299A-4D82-A366-C1E60F52F52F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{1103BF39-4F8C-485D-B751-F72419842DAD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11AC2C7A-3E65-4336-9A71-DD3CE55CE40E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1253CDD9-4F31-4E22-BEB9-92EAD6A26237}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{131D4B7F-5AB1-4D73-8755-ADA03C1BAADD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{15B13F34-82D0-4BAD-8CA3-1051C3D21046}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{1997CB96-7552-494E-BAA8-467343A8C1E9}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{19C85426-B25C-4597-9CC4-9F3D53524B1D}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{1B50BEE7-6785-4CB6-92CE-8038E30918A0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{1D463E1B-9315-4D0A-A66F-C845DC330165}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A730283-FE19-4920-944E-460DC4831394}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2EF8AE37-3F12-4733-ACE7-7ADDF31B0815}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{3832F267-0C1A-42F7-83A7-F828F250BF5B}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{3B24459D-2515-4813-8297-46673257B304}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3B468A51-7935-4C53-AAA4-EA22421CA4BC}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{3DFFA4A8-816F-4402-A5F9-7851407B1FD1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3FDBA2EF-A5A1-493E-9145-42CD5C964550}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40BD987E-FE24-4487-96D8-04AF788401F8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{43BC04D6-FD7A-48BD-921F-8B9100060A01}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{45D91E8A-1E30-4360-A413-1E3ACAD9D493}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{47570617-57E5-48BE-9234-DA55A32B318C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{51CEB41A-2E02-43C5-B7F8-E9AE03D67C93}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{541EFD1F-1790-495B-8AD0-FFBD29A4E14A}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{550F0D9C-2759-4034-B1C3-01B51E52FC4A}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{595C85C0-B813-4C14-A99D-1AD49240EA1D}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{59C549CD-F2FA-495F-B7BE-B49821FBB645}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{5B8C4E44-0F97-4F04-A232-0A465A807757}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5F4F4A9E-5999-400C-858C-E9A722D22980}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{5F78F51E-243A-4197-90F6-3D17CDC36086}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{62131C02-BEE1-46DC-BA2C-4B0691537111}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{678054F7-B923-4565-945D-BFECFA7AAD1A}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe |
"{6A0918DD-2C36-466D-B99F-C59C6816E7B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7215D894-967B-4F77-A690-302DCD0D5E35}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{72C1AC9B-2689-4A51-926D-FAC9F6055B1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{73B7353A-B379-4A54-AF13-FECEA99D5C96}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{7624909E-7878-44ED-9203-F1C94E410B91}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe |
"{76B9D823-7611-40A7-9A8B-F72E5E5305BF}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{778F3C38-07A5-467C-B8CE-E47B284D329C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{782E9C2C-1C57-4E41-924F-BB981004259E}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{79E1F77C-80EA-4D7C-9E67-33AFB1C6290A}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"{7AA113C5-3152-47BA-BC28-41F4A16098B3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{7F388A50-DEE1-4D6C-897A-0C62CD1097E4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{84245EDF-A8E6-47C1-AB7B-BDBA4787D5F3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{845F6259-2F67-4530-9F6C-F023D8EB7738}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe |
"{84A116CE-8287-4ECA-9E9F-5F826164DB8F}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{8BFBD4C6-3B61-4522-9A8C-6F22E5B5953C}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{8C8CDF9D-029F-4AEE-8E95-0E035F88C0CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E2D8158-45EE-49BC-BC9A-8182D43B67AE}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{95561682-1890-4704-A8B9-F77323AD4182}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{98833D45-2301-4C74-92C1-9EBB8C5ED320}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe |
"{989B4984-63C8-4D00-B907-279B216C1DC4}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{99F92906-07D2-4DB2-A25F-505A0A24412D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9BD1C6DF-F6DA-41FB-BE31-D0D6755E994A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9E07DAD7-1696-4603-A3AD-80B17E6A793D}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{9FEFF40F-2749-4BA5-BDB9-79C053D953D6}" = protocol=17 | dir=in | app=d:\program files\combat arms eu\nmservice.exe |
"{A12A4BF5-1F09-42A9-B2EA-CCE3B13C1F72}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{A37A02E1-E77A-4D76-BE10-C28206868CA8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A44EB374-80E8-4870-B089-840883709F32}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{ABAE2BA1-34DE-49CE-9BE6-8F340DCEB44D}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{AD6BBDD6-E5F0-40E0-AFF9-F95A78513F51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{B3AC6BCD-064E-40D2-B58D-5664911D3ACE}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B8D8B61B-C60E-4414-B1D1-B999AFC9938A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{B921883F-F2B0-4737-A7C0-448097BAA241}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{BB1B4D66-0268-43DA-ACC4-E9A296A90BC1}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{BC2C7675-A3C9-4404-B507-BC12B442ED1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BF8D7381-1CAC-4536-ABF9-BBE643D5445C}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C06F3282-ADAD-44EB-9CF0-09D22259CB68}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |
"{C0C6188A-9971-4C9D-B87B-8721CB2C5C73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C4F9D52A-509C-4B91-B73E-098F9B14CE50}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{C50969D3-EFC4-41A4-970E-3D413C3E757B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7236144-A2B3-4047-A2BF-3754EA89DA77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C8193F27-1869-4179-A128-73F41FD6B798}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{CC9CFEB2-EC4D-41BA-A7E0-A116226A8247}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{D095E801-56C6-4D0B-9313-73952CA1A3F5}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D4BFACC7-FC45-4912-A5A2-B680BB76ABB3}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{DDE41A50-73A3-4609-9220-D46869DB953E}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DF693DEC-C2D3-4B98-B119-C1D715DF5CBB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E35E42A5-AA14-4A89-9FCD-533FB37AF8DC}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"{E3F4D504-2189-49BA-B5E6-87D292B49AE0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E46C46D3-12F1-4EA2-9A38-889B27F4A025}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E5A54859-9308-45D7-AD37-575F2A1A37CB}" = protocol=6 | dir=in | app=d:\program files\combat arms eu\nmservice.exe |
"{E9D1C5E7-BD9D-4F38-83BA-518A07D81B9D}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{F02DC6E8-4781-4672-B9D0-105D98D8B775}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{F2A0DCA4-DD2A-40A2-AD26-9937CFD318F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F5FE6640-9394-4816-B83C-4B6437EFE7E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{F610FEF9-52B1-46A8-B803-5247BBDAE6A0}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F86EDB41-43F4-4A78-B7BC-3563BF63EC75}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F9CCC119-6AD7-46BA-8C2E-C64A8A25846D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FBFDED03-C66D-421D-947B-6AE0877045EE}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{FC2AB6EB-CC82-45BA-B5D4-27A1F3A7E087}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{029A61C0-ACAC-4212-8EC7-4F478732E2E1}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{043BD321-CE6C-4640-910C-DB86B853F2F6}C:\program files\frozen synapse\frozensynapse.exe" = protocol=6 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe |
"TCP Query User{0465769C-4FAB-49FE-90A4-352DB536A932}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{452ECE8F-ABEC-43B0-8835-63212324EF3B}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe |
"TCP Query User{5B25FB28-0650-4EBA-AB8B-C246EF8F9823}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{8170F916-555C-49EC-8D72-3CCEE083855B}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{83360715-7875-4E12-8793-889BA8CF0625}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8E497A54-DCE9-4DA6-A8D2-11AC938F0FF3}C:\program files\defcon\defcon (2).exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon (2).exe |
"TCP Query User{8F274C24-81E0-40B1-AF16-FEA02AF085D9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8FF86361-C44C-4894-BAC1-DB56FDAD0217}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{90EF570A-9779-4689-8DB1-5936C09A852D}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe |
"TCP Query User{941725AC-8AEB-4DAB-B229-BA54DCA20C0E}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe |
"TCP Query User{989714AC-C7AD-4911-97C4-4DA41857C7D2}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{A7BF466F-2F30-4491-8E95-A91873A89050}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{A9CEEB4A-5DB2-4C79-BB2D-106488A5343B}D:\program files\combat arms eu\engine.exe" = protocol=6 | dir=in | app=d:\program files\combat arms eu\engine.exe |
"TCP Query User{AF6C71AA-8274-4619-B604-FAA0ABF2E414}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{B1D7CAFA-635D-4750-9743-08F8FFBC00B7}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe |
"TCP Query User{B8785842-9A50-41E7-AE7B-9911EBAC0EBB}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{BCEB1D43-6598-4C28-9886-CFAA21210F93}D:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{BEF1A818-E3C7-4BDC-AC4C-629DE0E607B7}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{D1621A1C-5231-47B2-A48D-ED4EC4680496}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{E1576CF9-6384-47BD-9C92-57571CDB2E0D}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"TCP Query User{E38BF9B6-E7F5-4E00-91B9-D0348227FEBF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{E45E443E-7D8E-4C28-A005-3B26735B7E8B}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{E5B8197E-BA10-4000-92E7-1F0491F0239A}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe |
"TCP Query User{EA7F38C1-3CB8-41FD-A183-D6EF9B1F5815}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{01A068DB-7E74-4F1D-892E-0D5B3A79949E}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe |
"UDP Query User{1B90522C-A771-4D5C-B119-EF405CE17E33}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{1CB2256E-4A91-496F-8FE3-FF3B30AF1010}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{340801C1-0314-495C-8610-D9D14F626040}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4911193B-D101-4BB3-A7E9-2908890099EF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{56C708EC-F91D-4A65-A693-57E7E80E31F1}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{70BBFE8B-9737-44B3-9826-A7F70B238F69}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{7528C4CE-B7C1-4C5C-9E6D-4C437024689B}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{84B52E3C-3667-48A2-BC89-DC7988DF5AF2}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe |
"UDP Query User{895FC838-40BC-4F07-9680-D0A081C563B1}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{89A6AC7A-6D5B-4B8A-B306-6615B121F8B3}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{8BE9652E-9D57-4C29-9F60-303D1537D6B4}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe |
"UDP Query User{94DE0A5A-A223-4F58-BB7A-7B71FE5F9A4C}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe |
"UDP Query User{98276506-1E2D-4E76-8185-F10966BA3556}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{9FDA8560-9621-45B5-8D91-6C4A2C18FDD4}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{AC2320E8-85BF-4055-9C71-D72031036690}C:\program files\frozen synapse\frozensynapse.exe" = protocol=17 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe |
"UDP Query User{ADFF1377-669B-4252-9A2F-C3B55C4508E1}C:\program files\defcon\defcon (2).exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon (2).exe |
"UDP Query User{B8877521-C136-4092-9766-E9ABA6DD725E}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{BCFD42F1-F777-4B89-B130-36EB50F2786E}D:\program files\combat arms eu\engine.exe" = protocol=17 | dir=in | app=d:\program files\combat arms eu\engine.exe |
"UDP Query User{CDDA0730-3594-4EDA-AAEF-75D583076612}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"UDP Query User{D03B47B5-D1D7-4317-A706-ED9EB43891AD}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D0AF568D-2AD3-47F1-B054-53AC294F468B}D:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{E013F960-8DC9-4F40-8663-B241E8E94D9A}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{E7FAEFC8-D3E2-4FC0-A54F-AAAAF3F275AE}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{F74E6033-3798-4196-85D3-088C62B2F51C}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe |
"UDP Query User{FFD36144-5F41-41F3-8965-9E57EE4BC523}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06029DFB-9E17-410D-A1FE-7EB5F1A1E3FD}" = HOT ALBUM MYBOX
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0D5FAD7E-C1A2-4753-8A28-346A5CD42813}" = Defense Grid: The Awakening
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Herz des Winters
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E2FAB2F-9004-40D6-8BF8-DB2F2DA16DEC}" = Crashday Patch#2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaos
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{9FB2CE8C-E86C-4368-B3C9-F472898F926E}" = Desert Storm
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3620221-A9E3-43AD-BDB9-985C88E85AC1}" = Silent Storm
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B785CA1C-3EA0-4EFC-91BC-330EC34555BA}" = GhostMaster
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D99DFFE0-EBB5-4A3E-8430-7995353E6870}" = Stranded 2
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E074FB23-D61B-4C6A-AD15-AB9695ED2EF7}" = Red Faction® II
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Black Prophecy_is1" = Black Prophecy
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Clonk Planet" = Clonk Planet
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike Source 1.9.1" = Counter-Strike Source 1.9.1
"Cultures - Die Entdeckung Vinlands" = Cultures - Die Entdeckung Vinlands
"Defcon_is1" = Defcon v1.6
"Diablo II" = Diablo II
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"EVE" = EVE Online (remove only)
"Fallout 2" = Fallout 2
"Fallout New Vegas_is1" = Fallout New Vegas
"Fraps" = Fraps (remove only)
"FRITZ! 2.0" = AVM FRITZ!
"Glary Utilities_is1" = Glary Utilities 2.41.0.1358
"Greed Corp_is1" = Greed Corp
"Icewind Dale" = Icewind Dale
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark X1100 Series" = Lexmark X1100 Series
"Little Fighter 2" = Little Fighter 2 version 2.0a
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.MONDO" = Microsoft Office Mondo 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PokerStars.net" = PokerStars.net
"Prototype_is1" = Prototype
"PunkBusterSvc" = PunkBuster Services
"Rekkaturvat" = Truck Dismount (remove only)
"RollerCoaster Tycoon Setup" = Roll
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"S4Uninst" = Die Siedler IV
"Sid Meier's Colonization" = Sid Meier's Colonization 1.0
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = Defcon-5 WEP KeyGen
"ST6UNST #2" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\)
"ST6UNST #3" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\) #3
"StarCraft" = StarCraft
"Steam App 550" = Left 4 Dead 2
"The KMPlayer" = The KMPlayer (remove only)
"ThiefDeinstallKey" = Dark Project: Der Meisterdieb
"Thunder Brigade" = Thunder Brigade
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Vindictus EU" = Vindictus EU
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{8D722BFA-5764-4A36-85D1-839F991CF641}" = Space Siege Demo
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"StarOffice 7" = StarOffice 7
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
Mein Name wurde übrigens durch *** ersetzt. |
|
01.05.2012, 15:17
| #4 |
| /// Malware-holic | TR/Atraps.Gen festgestellt hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. führe jetzt lsp fix aus: LSPfix - Freeware - DE - Download.CHIP.eu teste ob alle browser funktionieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2012, 18:17
| #5 |
| | TR/Atraps.Gen festgestellt Leider kam die Antwort ein wenig spät, sodass ich jenes erst am Sonntag ausführen kann. Melde mich dann aber sofort |
|
01.05.2012, 18:20
| #6 |
| /// Malware-holic | TR/Atraps.Gen festgestellt heut ist feiertag, das ist dir hoffendlich schon klar :-) da können antworten schon mal dauern.
__________________ --> TR/Atraps.Gen festgestellt |
|
06.05.2012, 11:22
| #7 |
| | TR/Atraps.Gen festgestellt wie könnte ich nur meinen Helfer anprangern, also ich bitte dich^^ sollte natürlich kein Vorwurf sein. Hier der OTL-Bericht: All processes killed ========== OTL ========== Service Update-Service stopped successfully! Service Update-Service deleted successfully! C:\Windows\System32\UpdSvc.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: *** ->Flash cache emptied: 3130812 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 41404 bytes ->Temporary Internet Files folder emptied: 1098260 bytes ->Java cache emptied: 1623987 bytes ->FireFox cache emptied: 49759010 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 757760 bytes %systemroot%\System32 .tmp files removed: 1598848 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 52,00 mb OTL by OldTimer - Version 3.2.42.2 log created on 05062012_120724 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Und Lsp-Fix hat keine Probleme gefunden, aber dennoch gehen die Browser nicht (Firefox, IE), aber das liegt auch daran, dass allgemein der Rechner sich nicht mit dem Internet verbinden kann. |
|
06.05.2012, 16:08
| #8 |
| /// Malware-holic | TR/Atraps.Gen festgestellt start ausführen, tippe: cmd.exe strg+shift+enter nachfrage von uac bestätigen netsh winsock reset eingeben enter wenn keine fehlermeldung aufkommt: exit enter neustart, internet testen. ansonsten bescheid geben welche meldung auftritt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2012, 08:37
| #9 |
| | TR/Atraps.Gen festgestellt wenn ich netsh winsock reset eingebe, bräuchte ich erhöhte Rechte. Aber bevor ich das ausprobiert hatte, ging das Internet wieder ganz normal. Gestern nach Lsp-Fix ging es noch nicht. |
|
07.05.2012, 15:38
| #10 |
| /// Malware-holic | TR/Atraps.Gen festgestellt deswegen solltest du die eingabeaufforderung genauso starten, wie ichs gesagt hatte. geht das internet für alle instalierten browser? internet explorer auch?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2012, 15:58
| #11 |
| | TR/Atraps.Gen festgestellt achso ich soll nach im Ausführen-Fenster Strg+Shift+Enter benutzen diese Nachfrage von uac kam aber nicht. Und ja alle Browser funktionieren. Jetzt kommt aber ein weiteres Problem dazu. Ein neuer Trojaner namens TR/Crypt.ZPack.Gen2 wurde direkt nach dem Start gefunden. Dabei hatte ich den PC nur dann an, wenn ich deinen Anweisungen gefolgt bin. |
|
07.05.2012, 16:47
| #12 |
| /// Malware-holic | TR/Atraps.Gen festgestellt und woher soll ich wissen wo er gefunden wurde wenn edu es nicht schreibst?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2012, 17:05
| #13 |
| | TR/Atraps.Gen festgestellt achja sorry da war was. Der Trojaner ist in der wie schon zuvor befallenen Datei Windows/System32/xptn0r8k.tsp |
|
07.05.2012, 20:12
| #14 | |
| /// Malware-holic | TR/Atraps.Gen festgestellt hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.05.2012, 08:47
| #15 |
| | TR/Atraps.Gen festgestellt So hier die Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-08.01 - *** 08.05.2012 9:31.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1936 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\FFSJ
c:\users\***\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\IsUn0407.exe
c:\windows\system32\Msvcrt.1
c:\windows\unin0407.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-08 bis 2012-05-08 ))))))))))))))))))))))))))))))
.
.
2012-05-06 10:07 . 2012-05-06 10:07 -------- d-----w- C:\_OTL
2012-04-27 15:54 . 2012-04-27 15:54 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-04-27 15:53 . 2012-04-27 15:53 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 15:53 . 2012-04-27 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-27 15:53 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 17:39 . 2012-04-20 17:43 -------- d-----w- c:\program files\Thief - Deadly Shadows
2012-04-11 08:45 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAA02FE7-316E-4557-B32B-AE944BEB9E9F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 17:58 . 2009-01-17 10:56 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-17 17:58 . 2011-04-14 11:31 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-17 17:58 . 2009-01-17 10:55 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-17 17:58 . 2009-01-17 10:55 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-23 08:18 . 2011-03-06 09:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 17:55 . 2011-03-09 08:57 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2012-02-14 17:55 . 2011-03-09 08:57 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-02-14 10:27 . 2009-01-17 10:54 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 10:24 . 2009-01-17 10:55 138056 ----a-w- c:\users\***\AppData\Roaming\PnkBstrK.sys
2012-04-09 08:26 . 2011-04-03 07:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2012-4-20 497152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-01-09 17:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2012-02-14 17:53 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-01-25 17:49 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Skytel"=Skytel.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-08 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-01-13 08:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3059536D-C6FF-4A7F-BBB5-ED3FF977FDCB}: NameServer = 192.168.120.252,192.168.120.253
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8ns316pj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AIRSTRIKE3D - c:\program files\Blimb Entertainment\AIRSTRIKE3D\uninstall.exe
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-ThiefDeinstallKey - c:\windows\IsUn0407.exe
AddRemove-Thunder Brigade - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-08 09:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3751203636-424131746-382816556-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,58,63,00,c1,45,a0,4f,5c,b9,36,61,c5,6b,64,cf,ee,63,f5,bf,da,2e,b5,
af,f5,48,05,12,e4,63,9d,fe,85,79,7c,2b,e2,76,39,7d,67,05,d4,41,d9,05,e8,ac,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-3751203636-424131746-382816556-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,9f,db,22,e8,90,85,48,ce,ea,92,3d,2f,a0,2a,c9,c1,8a,ab,62,83,
bc,ed,4d,37,98,e5,b0,3e,c9,95,90,07,ae,fb,05,4e,c7,b7,03,f2,73,52,15,ee,d7,\
"rkeysecu"=hex:09,59,1b,f3,86,2b,14,fd,c5,97,8f,90,41,c3,69,23
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4944)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-05-08 09:41:34
ComboFix-quarantined-files.txt 2012-05-08 07:41
.
Vor Suchlauf: 24 Verzeichnis(se), 38.227.046.400 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 38.640.611.328 Bytes frei
.
- - End Of File - - BD65581A823619650B99515CF6F00E16
Nach dem Neustart kam keine Fehlermeldung |
|
| Themen zu TR/Atraps.Gen festgestellt |
| ahnung, anderen, anhang, avira, bericht, brauch, dateien, festgestellt, frage, funktioniert, gmer, guten, infiziert, laptop, länger, nicht mehr, nichts, programm, richtig, scan, startet, system32, tr/atraps.gen, trojaner, trojaner tr/atraps.gen, vista, warum |
Linear-Darstellung
