| |
| |||||||
Log-Analyse und Auswertung: Flirt Fever - VerschlüsselungstrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2012, 00:59
| #1 |
| |  Flirt Fever - Verschlüsselungstrojaner Guten Tag, mich hat leider - wie andere auch - der Verschlüsselungstrojaner über die Flirt Fever E-Mail befallen. Ich war leider so naiv und habe den Anhang geöffnet. Danach habe ich im abgesicherten Modus Malewarebytes gestartet, und nach einem Neustart dann im normalen Modus defogger und OTL. Bei dem Decrypthelper habe ich allerdings nicht verstanden, was genau ich damit machen sollte. Ich hatte vorweg, im abgesicherten Modus mein AntiVir, Spybot Search & Destroy sowie CCleaner durchlaufen lassen, da ich hoffte es könnte helfen. Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.01.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Patrick :: PATRICK-PC [Administrator] 02.06.2012 00:06:25 mbam-log-2012-06-02 (00-06-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 405649 Laufzeit: 37 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|869A3F89 (Trojan.Agent.RNSGen) -> Daten: C:\Users\Patrick\AppData\Roaming\Pqvfaknffrp\83AD0036869A3F892AD7.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Program Files (x86)\Orcs Must Die!\TDU5k.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. K:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Patrick\AppData\Roaming\Pqvfaknffrp\83AD0036869A3F892AD7.exe (Trojan.Agent.RNSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 02.06.2012 01:11:42 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = K:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,30% Memory free 12,00 Gb Paging File | 9,73 Gb Available in Paging File | 81,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,86 Gb Total Space | 669,49 Gb Free Space | 73,02% Space Free | Partition Type: NTFS Drive D: | 897,33 Gb Total Space | 496,80 Gb Free Space | 55,36% Space Free | Partition Type: NTFS Drive K: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,44% Space Free | Partition Type: FAT Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 19:00:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- K:\OTL.exe PRC - [2012.05.08 17:09:02 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:09:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.29 04:03:48 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe PRC - [2012.02.29 04:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe PRC - [2012.02.01 23:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2012.02.01 23:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.15 13:49:12 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files (x86)\QipGuard\QipGuard.exe PRC - [2011.11.10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.08.25 16:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.08.02 16:50:05 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.04.20 16:34:18 | 000,816,904 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LogitechUpdate.exe PRC - [2009.04.20 16:34:00 | 000,300,296 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LuLnchr.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2012.06.02 00:49:47 | 000,160,256 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\ZumoLocalGateway.dll1255946800437631776.lib MOD - [2012.06.02 00:49:45 | 000,314,368 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\WindowsFolderWatcher.dll6637574685847655293.lib MOD - [2012.06.02 00:49:27 | 000,205,824 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\WindowsAPI.dll7741190133332363967.lib MOD - [2012.06.01 18:39:09 | 000,509,440 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll MOD - [2012.05.20 10:48:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.05.20 10:48:10 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.05.20 10:48:10 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012.05.20 10:48:10 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.05.20 10:48:10 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.02.29 04:03:48 | 002,009,600 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll MOD - [2012.02.29 04:03:48 | 001,694,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll MOD - [2012.02.29 04:03:48 | 001,563,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll MOD - [2012.02.29 04:03:48 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll MOD - [2012.02.29 04:03:48 | 001,376,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll MOD - [2012.02.29 04:03:48 | 000,531,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll MOD - [2012.02.29 04:03:48 | 000,363,008 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll MOD - [2012.02.29 04:03:48 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll MOD - [2012.02.29 04:03:48 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll MOD - [2012.02.29 04:03:48 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll MOD - [2012.02.29 04:03:48 | 000,163,328 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll MOD - [2012.02.29 04:03:48 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll MOD - [2012.02.29 04:03:48 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll MOD - [2012.02.29 04:03:48 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll MOD - [2012.02.29 04:03:48 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll MOD - [2012.02.29 04:03:48 | 000,122,368 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll MOD - [2012.02.29 04:03:48 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll MOD - [2012.02.29 04:03:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll MOD - [2012.02.29 04:03:48 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll MOD - [2012.02.29 04:03:48 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll MOD - [2012.02.29 04:03:48 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll MOD - [2012.02.29 04:03:48 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll MOD - [2012.02.29 04:03:48 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll MOD - [2012.02.29 04:03:48 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll MOD - [2012.02.29 04:03:48 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll MOD - [2012.02.29 04:03:48 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll MOD - [2012.02.29 04:03:48 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll MOD - [2012.02.29 04:03:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll MOD - [2012.02.29 04:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll MOD - [2012.02.29 04:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll MOD - [2012.02.29 04:03:48 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll MOD - [2012.02.29 04:03:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll MOD - [2012.02.29 04:03:48 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll MOD - [2012.02.29 04:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll MOD - [2012.02.29 04:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll MOD - [2012.02.29 04:03:48 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll MOD - [2012.02.29 04:03:48 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll MOD - [2012.02.29 04:03:48 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll MOD - [2012.02.29 04:03:48 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll MOD - [2012.02.29 04:03:48 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll MOD - [2012.02.29 04:03:48 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll MOD - [2012.02.29 04:03:48 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll MOD - [2012.02.29 04:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll MOD - [2012.02.29 04:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll MOD - [2012.02.29 04:03:48 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll MOD - [2012.02.29 04:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll MOD - [2012.02.29 04:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll MOD - [2012.02.29 04:03:48 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll MOD - [2012.02.29 04:03:48 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll MOD - [2012.02.29 04:03:48 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll MOD - [2012.02.29 04:03:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll MOD - [2012.02.29 04:03:48 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll MOD - [2012.02.29 04:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll MOD - [2012.02.29 04:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll MOD - [2012.02.29 04:03:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll MOD - [2012.02.29 04:03:48 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll MOD - [2012.02.29 04:03:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll MOD - [2012.02.29 04:03:48 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll MOD - [2012.02.29 04:03:48 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll MOD - [2012.02.29 04:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll MOD - [2012.02.29 04:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll MOD - [2012.02.29 04:03:48 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll MOD - [2012.02.29 04:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll MOD - [2012.02.29 04:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll MOD - [2012.02.29 04:03:48 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll MOD - [2012.02.29 04:03:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll MOD - [2012.02.29 04:03:48 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll MOD - [2012.02.29 04:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll MOD - [2012.02.29 04:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll MOD - [2012.02.29 04:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll MOD - [2012.02.29 04:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll MOD - [2012.02.29 04:03:48 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll MOD - [2012.02.29 04:03:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll MOD - [2012.02.29 04:03:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libshift.dll MOD - [2012.02.29 04:03:48 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll MOD - [2012.02.29 04:03:46 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll MOD - [2012.02.29 04:03:46 | 000,682,496 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll MOD - [2012.02.29 04:03:46 | 000,563,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll MOD - [2012.02.29 04:03:46 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll MOD - [2012.02.29 04:03:46 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll MOD - [2012.02.29 04:03:46 | 000,248,352 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll MOD - [2012.02.29 04:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe MOD - [2012.02.29 04:03:46 | 000,199,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll MOD - [2012.02.29 04:03:46 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll MOD - [2012.02.29 04:03:46 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll MOD - [2012.02.29 04:03:46 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll MOD - [2012.02.29 04:03:46 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll MOD - [2012.02.29 04:03:46 | 000,123,947 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll MOD - [2012.02.29 04:03:46 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll MOD - [2012.02.29 04:03:46 | 000,079,872 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll MOD - [2012.02.29 04:03:46 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll MOD - [2012.02.29 04:03:46 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll MOD - [2012.02.29 04:03:46 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll MOD - [2012.02.29 04:03:46 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll MOD - [2012.02.29 04:03:46 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll MOD - [2012.02.29 04:03:46 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll MOD - [2012.02.29 04:03:46 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll MOD - [2012.02.01 23:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.02.10 23:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV - [2012.05.08 17:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 17:09:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.05 20:13:53 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.05 11:05:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.16 16:02:22 | 000,087,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2012.02.01 23:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.15 13:49:12 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 17:09:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 17:09:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.25 14:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012.01.25 14:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2012.01.25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2012.01.25 14:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2012.01.01 00:19:35 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.10 11:38:33 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.12.10 11:36:41 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.11.08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.02.10 23:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.10 22:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.11.19 01:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.17 02:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.25 14:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.05.25 14:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.05.25 14:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex) DRV:64bit: - [2009.05.25 14:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm) DRV:64bit: - [2009.05.25 14:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.05.25 14:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl) DRV:64bit: - [2009.05.25 14:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2007.11.02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2007.01.12 19:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 73 A2 96 2F 4E CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll () IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "QIP Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.05 11:05:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.29 22:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.05.03 19:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\2umfvmkn.default\extensions [2011.10.23 10:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\2umfvmkn.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2012.03.29 22:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\2umfvmkn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.03 14:51:28 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\2umfvmkn.default\extensions\DTToolbar@toolbarnet.com [2012.03.18 11:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.06 11:25:52 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UMFVMKN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.03 12:31:24 | 000,061,854 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2UMFVMKN.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI [2012.05.05 11:05:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.01 18:25:14 | 000,437,695 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15052 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll () O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP) O4 - HKCU..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk () O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AE0EFFB-6A91-4910-B334-FA54DA49273A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{91d17ddc-f186-11e0-b9e2-0022683a8c2a}\Shell - "" = AutoRun O33 - MountPoints2\{91d17ddc-f186-11e0-b9e2-0022683a8c2a}\Shell\AutoRun\command - "" = L:\Startme.exe O33 - MountPoints2\{f1f320b7-686d-11e1-9d8d-0022683a8c2a}\Shell - "" = AutoRun O33 - MountPoints2\{f1f320b7-686d-11e1-9d8d-0022683a8c2a}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.02 00:05:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2012.06.02 00:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.02 00:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.02 00:05:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.02 00:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.01 15:42:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Pqvfaknffrp [2012.05.27 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2AFCE69A-0AC5-46BC-B914-794BFFF7693E} [2012.05.27 15:35:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{007165E4-8B71-4CEE-BAE7-18C5CA589E52} [2012.05.25 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4DB45160-C520-4B3B-8B30-99F176B25495} [2012.05.25 18:23:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6CF23D58-1243-4F48-8015-95428223178A} [2012.05.19 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Studium [2012.05.17 07:26:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Diablo III [2012.05.17 06:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.17 06:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.17 06:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.14 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo-III-8370-deDE-Installer [2012.05.13 18:10:08 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6E3BA545-2695-401F-A2D8-DBFABF723ACA} [2012.05.13 18:09:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9AA8C992-B881-4D15-912A-CAF3CD89CB5C} [2012.05.05 11:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.05 11:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.02 01:14:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.02 01:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.02 00:56:14 | 000,000,168 | ---- | M] () -- C:\Users\Patrick\defogger_reenable [2012.06.02 00:55:49 | 000,010,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 00:55:49 | 000,010,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 00:54:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.02 00:54:21 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.02 00:54:21 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.02 00:54:21 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.02 00:54:21 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.02 00:48:33 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.02 00:48:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.02 00:47:50 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys [2012.06.02 00:05:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 15:59:43 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.06.01 12:33:35 | 000,006,733 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2012.05.31 17:58:53 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.05.17 07:09:50 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.13 11:10:34 | 000,298,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323 [2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322 [2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321 [2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320 [2012.05.08 17:09:02 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 17:09:02 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.02 00:56:13 | 000,000,168 | ---- | C] () -- C:\Users\Patrick\defogger_reenable [2012.06.02 00:05:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 15:59:43 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325 [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324 [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323 [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322 [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321 [2012.06.01 15:43:32 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320 [2012.05.17 06:55:43 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.03.19 23:18:45 | 000,000,555 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.17 14:00:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.12.17 13:59:33 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.12.15 21:54:47 | 000,013,824 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.31 18:00:49 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.07.31 12:21:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.07.31 12:21:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.07.31 12:21:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.07.30 13:31:17 | 000,080,105 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.07.30 11:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.07.31 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Acreon [2011.07.31 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Canneverbe Limited [2012.01.14 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\com.w3i.FlipToast [2012.05.15 17:52:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2012.05.30 15:29:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.12.30 20:58:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2011.08.13 12:22:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LibreOffice [2012.06.02 00:50:22 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MotoCast [2012.03.18 11:59:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Motorola [2012.03.11 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mp3tag [2011.07.31 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\NCH Swift Sound [2012.06.02 00:46:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Pqvfaknffrp [2011.11.10 21:14:34 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\QIP [2012.01.01 00:42:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Trine2 [2011.07.31 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ts3overlay [2012.02.19 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Windows Live Writer [2011.10.28 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\XMedia Recode [2012.01.03 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Yamb [2012.04.20 13:02:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.06.2012 01:11:42 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = K:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,30% Memory free
12,00 Gb Paging File | 9,73 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 669,49 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
Drive D: | 897,33 Gb Total Space | 496,80 Gb Free Space | 55,36% Space Free | Partition Type: NTFS
Drive K: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,44% Space Free | Partition Type: FAT
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023EE2F8-98FB-4F5D-A678-94349DFF4BBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF8A19B-BA8C-41C6-9395-3D6F10D4BD07}" = rport=139 | protocol=6 | dir=out | app=system |
"{1581AB0E-BECA-408C-B96A-C27C5F879C52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15897219-BDE2-4BE3-B4AC-858C2350D8D2}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1A5BA827-E07C-406D-AAB7-493904D1038D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2762F818-A965-4893-86C9-9FE35C580A2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{290E9D15-59A3-4901-B604-4D590F7B97AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D42910C-980F-4317-9652-E88EFF8701E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{52DF6FBD-5B1E-4C95-8E44-B2F2FEFAC7E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B05B2B7-D4E0-4CF5-BE4D-B171C28DDC7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{6E98AD18-A164-42B4-9152-23B55875B140}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91EBDCF8-C05D-4E57-A116-FB3752359196}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9657D48C-2A8D-4011-B067-82456DA84752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FEAEACC-FCC3-4B82-95B6-ACFD8B89767D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A108F313-3451-4785-8089-9881255A1D67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B097DAAD-747B-48A7-A3A2-D9EB6D4489E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6A87CBD-DF9F-4D58-8EA9-A2EE09E7C014}" = lport=139 | protocol=6 | dir=in | app=system |
"{C4E762FD-10EF-468D-B12F-49F770539B8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C58FF7D8-6EF9-4FB5-B67A-76C0B8A9815D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6910B03-E352-4D4C-8DD8-9CBB9739DE7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBBB27CE-FAFB-459E-A146-AF3BBB5FB9F7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D6D22F5D-FF0D-47F6-ABA0-0F0274CA0EBC}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7063663-D89F-4BA5-B1C9-02C0597845D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8F82FCE-C3C7-4C17-B528-BDED7784A8BE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA4B575D-D03A-4D53-B369-32C1E45A6317}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBA2C97B-BB35-42F9-9FDC-A86B3314DD70}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{FF2E65BB-D0C2-4EB0-8944-26DADFBA3106}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D9F4D7-1A69-420D-B532-ECFEB17CAEFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{02C7D6E4-9CAC-437B-B339-35F45F4F2390}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{0A4A909F-0D32-4CCC-8A7D-92D30DFE6C69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BC6ECE3-CC3E-4C85-A890-5E287BE13DFE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{0D26BC0E-9D3B-41F5-9FF2-83AA019D4ACC}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{0D55E10D-FADC-458A-893E-E29909A477AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0F0C03A7-77CF-48D0-A52F-8C095755799A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{12DEFA4B-496B-4410-8F2B-5FAEC0505033}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{12E44087-CA49-4169-B80E-A4AFA0601EEF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{1712CABE-5D8C-40F0-BCC6-EA88CC62289B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{2076B151-8032-4B1F-A875-C517FCD1B3AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{32D99754-F8AE-4A37-AEE9-D832F8A4EB0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{369AF985-6CB3-4383-BA0F-6248DE215FA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3CCC2516-6204-4448-8971-BFF9E5DA0BBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4095254F-806A-444C-B823-2AB9DDABB1BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4E2C6A97-8701-4D17-8468-F4F7F7810F00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E9B4A1-C893-4C8A-A591-2F00368572A6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{55DE89FD-7310-4723-82AC-E7C5160AB5B7}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{5A094250-D15E-4C10-B143-77DDFAD36F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6149B047-5D19-4E87-B850-DA9E597BCC0E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{61FBE922-537E-4CDF-B936-A17842F90129}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6368AA7F-6BC9-4D0F-BCAB-11BBECC45566}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"{6CD6353E-2E82-4F93-B642-A246161FE34D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{7081F25C-899C-4842-A7D9-A87D09AFB63D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{7389437E-9710-42CB-B3A0-6B93E43AA5AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E95DA79-DAF3-4296-B888-048243ED8348}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{887FF78E-9DFF-4FB3-9E77-FA08E782AB20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92AAE793-BAFA-4DAB-9C40-68C870D1C5B8}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{960F2DCE-2E10-4F20-B98E-8C0AE7F7A5EE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{965C1764-61A6-4660-836A-639CD2CB8559}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{96FFDE3B-559A-4036-8FE9-88FD7E6D7486}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9E290566-0D0D-47F1-9E61-9A307F3DA783}" = protocol=6 | dir=out | app=system |
"{9F72F75C-0A62-4529-B898-2E7EC8195B41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3D9CC9F-ED73-4D66-865C-85827EA66AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"{A5DAB899-C038-48F1-8CCC-3F762DBCAE02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8D42B72-A803-4B50-9773-309B66AD53B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A9A6E59A-EA12-472D-8FAE-8C7290852ED5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0BBE175-F83D-4501-8629-1F2E10EFAE33}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{C165280E-8E17-4903-B040-C5AF36D340E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4502FC3-B133-43D2-B18E-01ABE856764E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8A3730C-ECDB-43BF-AE65-A8A60F0B56F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF70D7B5-E059-4BF8-9964-92FE2576D329}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{D52351A6-5AC3-4DAF-869B-1BFCCCF0A35A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D77DBAD7-9F75-4224-B6ED-9BA06AC8263B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E44A02CE-3B54-4D26-BE71-563AC56FB4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{E5949F7D-C2BC-4B22-81C8-92DF8668139E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{EA52A78B-0AED-4EDA-BEC5-5BAA182AB691}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{ECF9ED5D-8C60-4AC2-A721-1ABB4CEB218C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{F5C5135A-5183-42B9-9C5A-785108E2BDFC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"{F62DDD25-05B6-49A4-A77B-3F0DA3A6322B}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{F8EC40A8-6CA3-446D-8908-C8942E596B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC647D34-DB91-4477-8C86-DC2D2ABBABAA}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FF9680AC-D00C-4F2A-ABE4-0F00C6302B66}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{0C5FD592-7A9B-49AE-A472-73F7241146AF}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"TCP Query User{2D153182-08D8-4598-BC70-558495E6658B}D:\pc\tralala\warcraft3 1.24\war3.exe" = protocol=6 | dir=in | app=d:\pc\tralala\warcraft3 1.24\war3.exe |
"TCP Query User{3E950D9D-3258-4793-A1BB-BC80F6074E8F}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{79C99FB1-0901-4388-9B67-045B66926CF7}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{A6AF41E4-B3AB-46A6-AB19-771CF2B14E6C}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BCD411C4-EFA2-40FF-B9C9-64750B51E7EA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D20FC450-49FB-4C0A-82DF-26E794D6B62D}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"UDP Query User{084BE7C1-D054-4FB4-A41C-AB406D5574D7}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2510460C-A0D0-4638-A14E-3961D77747B0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{64D2C4DE-6321-4DF1-9F2B-DDB3EF10AA40}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"UDP Query User{66D0278D-CF12-40EA-BCE5-1568614A5E39}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"UDP Query User{80B5C36C-BA5C-44B3-A80A-1AEFF10AA07D}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{AF2CAC5C-5162-468D-8BCB-7DCE0967321D}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B7C39BE4-2BAC-4613-8827-39C6E2DAE5EE}D:\pc\tralala\warcraft3 1.24\war3.exe" = protocol=17 | dir=in | app=d:\pc\tralala\warcraft3 1.24\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1238B565-1705-8CA8-A9D6-902E83D820E7}" = ATI Problem Report Wizard
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{203649B0-9F30-635E-8646-05397AC5733E}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{29D2FBFB-4442-A5F1-BC52-1F9823A87050}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A91EF186-FD10-2304-CF55-54D6D4D68774}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0244D509-BBE7-606B-FA8B-DE3CBDF1AF79}" = CCC Help Japanese
"{03B8945D-62DC-27FF-275D-7C50B56884C2}" = CCC Help Russian
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{073F55D9-31E6-3B6D-8CAC-B3CA4D668FAE}" = CCC Help English
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1787DBDD-6AF8-9736-320B-8CC7438DBEF2}" = Catalyst Control Center Graphics Full New
"{181E4336-3E08-6A55-4FA4-DBB787075F0C}" = ccc-core-static
"{1B2B8586-EAAA-BBC6-3AEF-E3AC86023BD0}" = CCC Help Chinese Standard
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2727FBEF-3155-11D4-8F73-0050DA0F6297}" = Die Sims Das volle Leben
"{27B1C4CB-3235-F9C4-E364-CB0DD8BF7B57}" = Catalyst Control Center Graphics Previews Common
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35811A85-8249-F639-B7C1-0CD3429A270F}" = CCC Help Hungarian
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38911382-C19A-8DF3-6F51-83FD8316F478}" = Catalyst Control Center Graphics Previews Vista
"{41CB3211-1A93-AA9D-A989-E493AAF460BB}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF1FA94-73B1-5554-A4F8-75109603E44E}" = Catalyst Control Center Graphics Light
"{5158FC91-2F7C-F58C-AE43-6D80216EFA60}" = Catalyst Control Center InstallProxy
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{5508E5F0-0C47-7D45-E106-BE7AEE74EFF7}" = CCC Help German
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BEE2389-54E8-3388-4B36-0DA2CAB89192}" = CCC Help Portuguese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{829BB197-7997-9222-5055-6AFFAA0C28B2}" = CCC Help Finnish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{899D9CF4-2377-BC4B-76FC-D77AA853A7F5}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91C6252E-F4AD-090D-5D44-61309B9E8A3D}" = Catalyst Control Center Localization All
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0746ABB-5C5E-07E5-75AF-9CBC7A1C8580}" = CCC Help Chinese Traditional
"{A214FB64-0105-2515-C4C9-8716776E28AB}" = HydraVision
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1F89DF1-687E-B881-F98C-D3DB65BC1A53}" = CCC Help Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BBC10673-55A5-C56E-7DBF-E948AC590AD5}" = Catalyst Control Center Graphics Full Existing
"{BD389887-B9E9-0C55-01A6-4F00245007A1}" = CCC Help Korean
"{BEA7E86F-3383-DBB0-6C64-5A7882A81676}" = CCC Help French
"{C1C63D7A-0C0F-3893-81D8-61CAF9AEDA5B}" = CCC Help Danish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CDD87E2F-4B84-467C-3C8A-1AADA68F0E4C}" = CCC Help Dutch
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B9784C-ECF3-1A28-F55F-80FA66D1FA7B}" = CCC Help Italian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E70C2B2B-F92E-052B-5892-298B66E4F62D}" = CCC Help Greek
"{EB4D2306-90E6-1CE8-190F-E2B451D61C05}" = CCC Help Swedish
"{EF8C7184-49FB-5698-593B-E0A218B8FE0D}" = CCC Help Polish
"{F023DE77-C23E-D125-9EE6-1268027E180C}" = Catalyst Control Center Core Implementation
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA718B1C-2430-DC05-FE00-22431C74A98D}" = CCC Help Thai
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3890C4-86E6-61B8-BB11-67562E826E18}" = CCC Help Spanish
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"StarCraft II" = StarCraft II
"Steam App 39160" = Dungeon Siege III
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"T4EPlayer" = T4E Player
"Trine 2_is1" = Trine 2
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
"X3TerranConflict_is1" = X3 Terran Conflict v3.1.1
"XMedia Recode" = XMedia Recode 3.0.1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2012" = QIP 2012 4.0.7221
"QipGuard" = QIP Internet Guardian
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2012 12:38:28 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 01.06.2012 12:38:29 | Computer Name = Patrick-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 01.06.2012 18:48:39 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NServiceEntry.exe, Version: 1.0.13.0,
Zeitstempel: 0x4bcd478e Name des fehlerhaften Moduls: NServiceEntry.exe, Version:
1.0.13.0, Zeitstempel: 0x4bcd478e Ausnahmecode: 0x40000015 Fehleroffset: 0x0000859e
ID
des fehlerhaften Prozesses: 0x7ec Startzeit der fehlerhaften Anwendung: 0x01cd4048a34ba8c0
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
Berichtskennung:
ed6460a0-ac3b-11e1-bf44-0022683a8c2a
[ System Events ]
Error - 01.06.2012 18:38:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:40:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:40:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:40:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:45:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:45:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:45:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 18:48:18 | Computer Name = Patrick-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 01.06.2012 18:48:18 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 01.06.2012 18:49:34 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DeviceMonitorService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Falls noch etwas fehlt ergänze ich dies gerne. Für das schicken der verseuchten Mail möchte ich anmerken, dass ich Mozilla Firefox und Web.de für meine E-Mails nutze. Bitte um weitere Anweisungen. Mit freundlichen Grüßen Zhaphadon |
|
03.06.2012, 07:10
| #2 | ||
| /// Helfer-Team    | Flirt Fever - Verschlüsselungstrojaner Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
gruß kira
__________________ Geändert von kira (03.06.2012 um 07:41 Uhr) |
|
03.06.2012, 11:29
| #3 | |
| | Flirt Fever - Verschlüsselungstrojaner Hallo kira,
__________________viele meiner Bilder sind, durch dass von dir beschriebene Zufallsprinzip, verschlüsselt: Zitat:
 Außerdem kann ich Videos nicht mehr öffnen. Mit dem VLC Player spielt er sich gar nicht erst ab und mit dem WMP kann er sie entweder nicht öffnen (obwohl es normale .avi Formate sind) oder er spielt irgendein verzerrten oder verschnellten Ton ohne Bild ab. Edit: Die Zip-Dateien in meinen Download-Ordner lassen sich ebenfalls nicht mehr entpacken. Ich seh allerdings weder bei den Videos noch bei den Zip-Dateien irgendwelche unnormalen Endungen. Mit freundlichen Grüßen Zhaphadon Geändert von Zhaphadon (03.06.2012 um 12:07 Uhr) |
|
03.06.2012, 16:05
| #4 |
| /// Helfer-Team | Flirt Fever - Verschlüsselungstrojaner das ist natürlich schlecht, aber man kann hoffen: Also folgende Möglichkeiten kommen in Frage, die Du ausprobieren kannst um deine Daten wiederherstellen können: - sichere erst deine wichtige Daten (z.B auf leere USB-Stick) bzw den gesamten Ordner wo sie liegen (Dokumente, Bilder etc) - Rechner vom Internet und Netzwerk trennen (natürlich erst die Programme herunterladen bzw bereit halten!) -> Daten wiederherstellen mit ShadowExplorer -> Vorgängerversionen von Dateien und Ordnern aus Windows-Schattenkopien wiederherstellen -> Verschlüsselungstrojaner: Dateien aus Schattenkopien wiederherstellen -> Outlook reparieren -> So reparieren Sie beschädigte Word-Dokumente aber ob alle wichtige Daten wiederherstellbar sind oder was..welche genau...das kann man nicht vorher einschätzen kann ich Dir nur viel Glück wünschen auf jeden Fall melde dich und berichte ob es Dir gelingen ist die Daten wieder zu entschlüsseln oder nicht? Nämlich dann die Malware sollten wir auch endgültig vom system entfernen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (03.06.2012 um 16:11 Uhr) |
|
03.06.2012, 17:32
| #5 |
| | Flirt Fever - Verschlüsselungstrojaner Ist der Shadowexplorer die einzige Möglichkeit? Meine ganzen Bilder und Videos sind auf meinem D Laufwerk und dort wurden keine Schattenkopien erstellt. Edit:Muss ich eigentlich jetzt meine komplettes C Laufwerk so wieder herstellen? Was ich meine: alle Dateien suchen die er verschlusselt hat? Mit freundlichen Grüßen Zhaphadon Geändert von Zhaphadon (03.06.2012 um 17:57 Uhr) |
|
04.06.2012, 06:15
| #6 |
| /// Helfer-Team | Flirt Fever - Verschlüsselungstrojaner das ist natürlich schlecht..Leider gibt es momentan keine andere Lösung. zur Info: Wir sind intensiv mit der Lösung beschäftigt, wird das aber noch einige Zeit in Anspruch nehmen. Bisher leider kein Schema entdecken können, wie die Virenprogrammierern mit den Daten umgegangen sind (vlt einfach nur gestört und umbenannt?). Leider mußt du damit rechnen, diese Änderung vlt so gut wie nie rückgängig zu machen können. Zwar stehen versch. Entschlüsselungsprogramme von namhaften Virenprogramm Herstellern uns zur Verfügung, allerdings waren eben bisher alle Versuche erfolglos ► Da sieht man wieder einmal wie wichtig ist, um die regelmäßige Sicherung ihrer wichtigen Dateien zu kümmern bzw extern sichern. am besten 2x an verschiedenen Orten sichern! (externe Festplatte, USB-Stick, CD/DVD)! - Externe Datenträger NUR bei Bedarf anschließen, also NICHT an den PC permanent anschließen! Also kommen folgende Möglichkeiten in Frage: 1. Wenn die Daten Dir wichtig sind: am besten solltest die Festplatte so behalten wie es ist (aufheben in den aktuellen Zustand) - zumindest solange, bis es eine Lösung gibt) - ein neue kaufen und nur Windows drauf installieren damit Du am PC arbeiten kannst! 2. Wenn Dir die Daten nicht wichtig sind, so kann ich Dir eher empfehlen die Festplatte formatieren und Windows neu einrichten
__________________ --> Flirt Fever - Verschlüsselungstrojaner |
|
| Themen zu Flirt Fever - Verschlüsselungstrojaner |
| antivir, avira, bho, dateisystem, desktop, downloader, e-mail, error, fever, firefox, flash player, flirt, flirt fever, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, installation, jdownloader, langs, logfile, mozilla, plug-in, popup, problem, registry, rundll, safer networking, scan, searchscopes, security, software, super, svchost.exe, teamspeak, trojaner, udp, verschlüsselung, version=1.0 |
Linear-Darstellung
