| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Downloader in Registry KeyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.06.2012, 22:29
| #1 |
 |  Trojan.Downloader in Registry Key Hallo, auf meinem Rechner sind 5 infizierte Registrierungsschlüssel und eine infizierte Datei. Ich habe es durch das Programm Malwarebytes Anti-Malware gefunden. Bei der infizierten Datei habe ich den Inhalt in Quarantäne verschoben mittels Avira. Nun benötige ich eure Hilfe, denn ich weiß nicht wie ich diese Viren entfernen kann. Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tuan :: TUAN-PC [Administrator] Schutz: Aktiviert 15.06.2012 21:35:47 mbam-log-2012-06-15 (21-45-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253017 Laufzeit: 7 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Tuan\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Keine Aktion durchgeführt. (Ende) |
|
18.06.2012, 13:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Downloader in Registry Key Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
20.06.2012, 12:21
| #3 |
| | Trojan.Downloader in Registry Key so geschafft
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tuan :: TUAN-PC [Administrator] Schutz: Aktiviert 19.06.2012 20:38:37 mbam-log-2012-06-19 (23-12-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 487834 Laufzeit: 2 Stunde(n), 33 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1593b593cd52b846be5f07e71428a7f5 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-19 10:11:31 # local_time=2012-06-20 12:11:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 21528916 21528916 0 0 # compatibility_mode=4096 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 20831 177673409 0 0 # compatibility_mode=8192 67108863 100 0 99 99 0 0 # scanned=55294 # found=0 # cleaned=0 # scan_time=3209 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1593b593cd52b846be5f07e71428a7f5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-20 11:18:31 # local_time=2012-06-20 01:18:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 21568124 21568124 0 0 # compatibility_mode=4096 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 60039 177712617 0 0 # compatibility_mode=8192 67108863 100 0 39307 39307 0 0 # scanned=245034 # found=0 |
|
20.06.2012, 12:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry KeyCode:
ATTFilter Datenbank Version: v2012.06.14.07
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.06.2012, 19:43
| #5 |
| | Trojan.Downloader in Registry Key und nochmal das Ganze ^^ Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tuan :: TUAN-PC [Administrator] Schutz: Aktiviert 20.06.2012 18:18:57 mbam-log-2012-06-20 (20-39-47).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 486545 Laufzeit: 2 Stunde(n), 20 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
21.06.2012, 10:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key *hüstel* Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!
__________________ --> Trojan.Downloader in Registry Key |
|
21.06.2012, 13:16
| #7 |
| | Trojan.Downloader in Registry Key ich stelle mich gerade total dämlich an  wie schicke ich diese Funde in die Quarantäne? EDIT: habe es geschafft |
|
21.06.2012, 14:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Log dazu bitte posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 22:22
| #9 |
| | Trojan.Downloader in Registry Key Habe die Funde durch Quick-Scan in Quarantäne verschoben, aber sicherlich willst du einen vollständigen Scan. Also habe ich mir mal die Mühe gemacht. Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tuan :: TUAN-PC [Administrator] Schutz: Aktiviert 21.06.2012 20:49:37 mbam-log-2012-06-21 (20-49-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 486323 Laufzeit: 2 Stunde(n), 16 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.06.2012, 09:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 18:08
| #11 |
| | Trojan.Downloader in Registry Key OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2012 18:39:56 - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Tuan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,32% Memory free 6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583,02 Gb Total Space | 310,66 Gb Free Space | 53,28% Space Free | Partition Type: NTFS Drive D: | 13,15 Gb Total Space | 1,82 Gb Free Space | 13,85% Space Free | Partition Type: NTFS Computer Name: TUAN-PC | User Name: Tuan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 18:37:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe PRC - [2012.05.08 16:01:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:01:24 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 16:01:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 16:01:22 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.06 04:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.04.05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009.06.26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.23 15:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 13:29:41 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll MOD - [2012.06.15 22:12:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.15 15:18:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 15:18:18 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.15 15:18:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.15 15:16:08 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.13 17:00:35 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll MOD - [2012.05.13 16:58:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 16:57:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 18:45:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 18:44:08 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll MOD - [2012.05.11 18:44:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 18:43:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 18:43:21 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 18:42:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.04.06 03:09:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2012.04.05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012.04.05 21:56:24 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.02.25 03:16:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\G DATA InternetSecurity TotalCare\AVKTuner\AVKTunerService.exe -- (AVK Tuner Service) SRV - [2012.06.18 13:50:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.15 15:18:24 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 16:01:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:01:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.04.05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.02 19:44:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - [2012.05.08 16:01:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 16:01:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.06 07:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.04.06 07:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.04.06 03:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.02 23:39:43 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.02.02 23:39:42 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.02.02 23:39:42 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.10.08 19:08:47 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.08 19:08:36 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2008.06.11 22:32:34 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\DVDPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) DRV - [2008.06.06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.06.06 21:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.05.22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.05.21 13:44:10 | 001,049,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.02.29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.02.29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.01.23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2005.12.12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKLM\..\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?p=us IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109130&tt=261211_ctrl&babsrc=SP_ss&mntrId=5e90e91800000000000000ff9250e086 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.20 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109130&tt=261211_ctrl&babsrc=adbartrp&mntrId=5e90e91800000000000000ff9250e086&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Tuan\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 15:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:50:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.16 17:20:30 | 000,000,000 | ---D | M] [2010.07.13 16:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuan\AppData\Roaming\mozilla\Extensions [2012.06.13 15:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions [2011.02.13 21:54:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.16 19:05:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.19 17:27:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.06.13 15:56:59 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldheroespatcher@ea.com [2011.11.08 18:41:31 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldplay4free@ea.com [2012.05.24 18:42:05 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\ich@maltegoetz.de [2011.03.18 17:31:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\personas@christopher.beard [2011.12.30 18:25:13 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\screencaptureelite@plugin [2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\conduit.xml [2011.10.29 16:23:12 | 000,003,915 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\sweetim.xml [2012.05.02 18:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.18 15:14:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.01.29 17:47:23 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TUAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W97YN8XT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.06.24 14:37:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.06.18 13:50:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.01 17:31:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 13:50:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.29 15:53:47 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.18 13:50:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 13:50:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 13:50:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 13:50:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 13:50:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.24 23:56:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKU\S-1-5-21-449065279-793341504-1815772316-1000..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found O4 - HKU\S-1-5-21-449065279-793341504-1815772316-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found O4 - HKU\S-1-5-21-449065279-793341504-1815772316-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FF45E2-D6D8-4607-9E46-7D06E815F2D9}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tuan\Pictures\Bilder - Vietnam\fotolia_32611031_subscription_xl.jpg O24 - Desktop BackupWallPaper: C:\Users\Tuan\Pictures\Bilder - Vietnam\fotolia_32611031_subscription_xl.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.27 17:51:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - StartUpFolder: C:^Users^Tuan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 18:37:49 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe [2012.06.22 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{11D8809E-9691-4963-BADB-4E5CF4616FEE} [2012.06.22 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{676D2760-CE16-4F5C-B7C2-CA68D309DBEC} [2012.06.21 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{04C6060E-4AA8-4C88-8E1B-827501C0824A} [2012.06.21 13:59:44 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{602BC025-9956-42CF-9D59-BCB6E1CED67C} [2012.06.20 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{C1EF38C1-416C-4844-8DEB-36EDE56809DB} [2012.06.20 09:58:54 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{629806D2-B1DD-49BC-AF31-E906D34B3C03} [2012.06.20 09:57:01 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{4326AE52-BCE3-4590-B9C6-74789DDCCE76} [2012.06.20 09:56:22 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{19C742B3-19CE-4178-B059-E0708267510C} [2012.06.19 23:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.19 17:19:15 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{2FF460C1-5330-47ED-BB49-2A8B2A65A323} [2012.06.19 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{A8BE6743-DF47-4B30-95BE-0B46CC53BA76} [2012.06.18 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{A53F91B2-D669-4AD3-8FCD-32189F9EA9BF} [2012.06.17 13:19:21 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{9CB88282-9BF4-41F6-B79C-DCF941D7EF5A} [2012.06.16 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{951DFB62-ABC5-4807-8965-4EEF6741E7FB} [2012.06.15 18:10:35 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\Macromedia [2012.06.15 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{C11F68A2-E72E-4CA1-BD20-DA1628B143DB} [2012.06.14 15:51:59 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{227DAF5C-8B85-462A-B235-1AB41F308B70} [2012.06.14 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{0EC1874F-3F88-468C-9EEC-E95D71CADA72} [2012.06.13 15:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.13 15:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.13 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.13 15:09:26 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{E4CBA780-7DFA-4A3E-BD97-FF9BFF825DD1} [2012.06.13 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{96C92AAB-FF5B-4E5A-B7AE-3BFEB66889BB} [2012.06.12 14:32:33 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{59B7EBF6-5D77-4DF8-85A6-E354F807EA53} [2012.06.12 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{F86B784C-B4B0-4441-9036-A094BD93CF6A} [2012.06.11 14:14:14 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{D43C751B-8152-4CFB-856A-347623986437} [2012.06.11 14:14:04 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{0672FFD9-669E-4705-AF2C-1DC9F5A06C5C} [2012.06.10 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\Ubisoft Game Launcher [2012.06.10 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{95F5C849-C0F9-464D-9D38-9E8F4AB04A44} [2012.06.10 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{A0486032-12BA-4030-AABF-6E196D1F6027} [2012.06.10 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{2EF6181B-F4A5-40C8-A3F6-26A2A5978AEC} [2012.06.10 15:03:07 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{F8122837-E91D-4E33-BFA7-87F0BDD161FE} [2012.06.08 14:54:13 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{3C8C2B42-5AA4-447E-8F4B-FF5BA78F2A3A} [2012.06.08 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{0E6513F3-A8A4-49B4-BE8D-1D4CE4EB3D73} [2012.06.07 13:53:52 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{F815CABD-9229-4CF1-BB0C-BC293CFFC4E7} [2012.06.07 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{2C5A9D6C-B0F6-4C72-A6D5-B326CB01EA04} [2012.06.07 13:53:04 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{64EB8058-BB79-4EEF-9070-6166A53D92C3} [2012.06.06 15:11:23 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{463FDC6B-C84A-4145-9FCB-1470741B0E34} [2012.06.06 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{CC906567-80FE-4CF6-8372-01F61041773B} [2012.06.05 18:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.05 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Roaming\pdfforge [2012.06.05 18:54:19 | 000,079,360 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.06.05 18:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.06.05 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{F8B76F58-66C7-408A-8011-F111D812B869} [2012.06.05 17:46:08 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{F96724CB-55DA-4F4B-B16B-DDEC5AF7AF07} [2012.06.03 14:23:21 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{A9700C93-2802-4A3E-A111-23D4AF778A6C} [2012.06.03 14:23:11 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{E2F9609D-6AB8-44C8-9549-2BB72A0EB964} [2012.06.03 14:21:22 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{00591358-77C0-44C3-867D-CB35CAB3517D} [2012.06.03 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{D64B1FC5-0E7A-4C27-B468-96D6A30A3E45} [2012.06.02 14:54:50 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{5949A055-418A-4771-A64A-524D91B5C3BD} [2012.06.02 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{66BEB0F0-7061-41B6-BFAF-B2816BAD9A3D} [2012.06.01 20:11:35 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll [2012.06.01 20:11:33 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.06.01 16:17:37 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{564D78B3-C966-4629-9118-5C8CBE911378} [2012.06.01 16:17:27 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{8175111A-135F-4A46-AD89-C093B71ACEB9} [2012.06.01 16:13:31 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{D29C3E40-BCAF-4BAA-8967-AB453A1373A4} [2012.05.31 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{17781506-E67D-4093-9374-E731701E85F7} [2012.05.31 14:46:58 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{B4448378-CE32-4EE6-A685-098D2FF9087F} [2012.05.30 13:53:53 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{332B615F-4970-47CE-AAE7-A6E9A87180FC} [2012.05.30 13:53:43 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{2DDE9AEB-7248-4C97-B659-A38F402EF2EA} [2012.05.29 19:04:19 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Roaming\redsn0w [2012.05.29 15:43:08 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{0D31CC38-7402-4E4D-8D0B-37AD8B42DC14} [2012.05.29 15:42:48 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{717E5F3E-BAFC-4AD6-9FD1-0FBC3A0CDF46} [2012.05.29 15:41:21 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{D8FDE98E-D7BE-4319-93E1-D13D0F9A548B} [2012.05.28 14:56:14 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{036024E5-8C55-4BFB-B14D-6ACE3A0DA12C} [2012.05.28 14:56:04 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{14011417-E7C4-4E67-A9FC-AD01B1C25678} [2012.05.28 14:54:13 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{D0997A7B-C99D-4D5A-8019-04F94F5EC1AD} [2012.05.27 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{2E40EF69-C3AD-4B6D-80D7-C361BEAA80D6} [2012.05.27 13:37:26 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{5C5B9595-BA96-4584-8E9D-CC685C27D250} [2012.05.25 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{E371F7FD-0D93-442A-B211-2B851D9F8F5E} [2012.05.25 15:35:48 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{E492BBF1-1CAF-489B-9005-07E525A1D34B} [2012.05.24 18:34:47 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{A369DB24-FC4D-4196-8FD4-706EB24D6A43} [2012.05.24 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\{5ACA2ACD-C8F4-4312-B33C-021EC1F56757} ========== Files - Modified Within 30 Days ========== [2012.06.22 18:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.22 18:37:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe [2012.06.22 18:33:39 | 000,014,893 | ---- | M] () -- C:\Users\Tuan\Desktop\Lebenslauf.odt [2012.06.22 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.22 18:03:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 18:03:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 16:03:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.22 16:03:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 14:07:53 | 000,021,459 | ---- | M] () -- C:\Users\Tuan\Desktop\TU Berlin.odt [2012.06.20 21:24:32 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.20 21:24:32 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.20 21:24:32 | 000,144,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.20 21:24:32 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.20 13:44:54 | 000,139,048 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.06.20 13:44:43 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.06.20 13:42:58 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.06.15 21:29:20 | 000,041,984 | ---- | M] () -- C:\Users\Tuan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.15 15:13:28 | 000,354,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 15:29:03 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.05 18:54:26 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.05 18:54:26 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.05.29 19:20:05 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTuan.job ========== Files Created - No Company Name ========== [2012.06.21 00:30:30 | 000,014,893 | ---- | C] () -- C:\Users\Tuan\Desktop\Lebenslauf.odt [2012.06.20 21:26:43 | 000,021,459 | ---- | C] () -- C:\Users\Tuan\Desktop\TU Berlin.odt [2012.06.13 15:29:03 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.05 18:54:26 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.05 18:54:26 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.04.13 18:47:51 | 000,000,023 | ---- | C] () -- C:\Windows\clofghls.dll [2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.02.24 15:02:07 | 000,000,680 | ---- | C] () -- C:\Users\Tuan\AppData\Local\d3d9caps.dat [2012.01.24 20:02:15 | 000,000,000 | ---- | C] () -- C:\Users\Tuan\defogger_reenable [2012.01.24 00:29:17 | 000,041,984 | ---- | C] () -- C:\Users\Tuan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.03 15:49:14 | 000,001,449 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.03 15:48:24 | 000,040,960 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2011.06.28 18:57:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.06.09 14:53:22 | 000,002,146 | ---- | C] () -- C:\Users\Tuan\.recently-used.xbel [2011.06.03 17:01:06 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat [2010.10.19 18:18:44 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.09.17 12:05:07 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.07.13 16:07:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.21 20:24:31 | 000,023,888 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\UserTile.png [2009.05.18 15:12:39 | 000,000,760 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\setup_ldm.iss [2009.04.01 21:25:09 | 000,000,000 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\wklnhst.dat [2009.04.01 17:24:34 | 000,139,152 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\PnkBstrK.sys ========== LOP Check ========== [2011.05.14 16:14:34 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ashampoo [2011.07.03 20:35:32 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DisneyInteractiveStudios [2012.06.20 10:01:58 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoft [2011.02.13 21:54:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.06 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GetRightToGo [2011.03.12 14:22:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GrabPro [2011.05.24 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\gtk-2.0 [2010.09.26 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Image Zone Express [2011.06.25 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Leadertech [2011.12.29 16:21:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\LucasArts [2010.02.10 21:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\muvee Technologies [2010.12.08 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\OpenOffice.org [2012.05.16 19:05:37 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Orbit [2011.12.21 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Origin [2012.06.05 19:04:45 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\pdfforge [2009.06.21 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\PeerNetworking [2010.09.26 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Printer Info Cache [2010.11.01 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\ProgSense [2012.06.01 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\redsn0w [2011.12.23 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Syke [2009.04.01 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Template [2011.02.23 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\The Creative Assembly [2012.06.10 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ubisoft [2010.10.02 15:59:36 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\WinBatch [2012.04.13 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Windows Live Writer [2009.09.28 13:59:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Zoner [2012.06.21 23:23:45 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.04 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Adobe [2011.11.19 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Apple Computer [2011.05.14 16:14:34 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ashampoo [2009.03.23 18:38:41 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\ATI [2011.10.14 19:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Avira [2009.04.12 20:09:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\CyberLink [2011.07.03 20:35:32 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DisneyInteractiveStudios [2010.04.26 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DivX [2012.06.20 10:01:58 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoft [2011.02.13 21:54:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.06 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GetRightToGo [2009.03.27 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Google [2011.03.12 14:22:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GrabPro [2011.05.24 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\gtk-2.0 [2010.11.18 22:04:54 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Help [2009.03.23 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Hewlett-Packard [2010.09.25 22:12:16 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\HP [2011.03.25 18:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\HpUpdate [2009.03.23 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Identities [2010.09.26 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Image Zone Express [2009.04.04 20:49:56 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\InstallShield [2011.06.25 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Leadertech [2009.03.23 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Logitech [2011.12.29 16:21:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\LucasArts [2009.03.23 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Macromedia [2012.01.23 22:39:20 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Media Center Programs [2011.04.11 21:16:39 | 000,000,000 | --SD | M] -- C:\Users\Tuan\AppData\Roaming\Microsoft [2010.07.13 16:07:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Mozilla [2010.02.10 21:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\muvee Technologies [2010.12.08 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\OpenOffice.org [2012.05.16 19:05:37 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Orbit [2011.12.21 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Origin [2012.06.05 19:04:45 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\pdfforge [2009.06.21 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\PeerNetworking [2010.09.26 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Printer Info Cache [2010.11.01 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\ProgSense [2012.06.01 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\redsn0w [2010.10.19 18:40:38 | 000,000,000 | RH-D | M] -- C:\Users\Tuan\AppData\Roaming\SecuROM [2012.05.31 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Skype [2012.05.31 15:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\skypePM [2011.12.23 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Syke [2010.02.15 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\teamspeak2 [2009.04.01 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Template [2011.02.23 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\The Creative Assembly [2012.06.10 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ubisoft [2012.06.15 21:30:10 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\vlc [2010.10.02 15:59:36 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\WinBatch [2012.04.13 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Windows Live Writer [2011.06.25 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\WinRAR [2012.06.01 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\yahoo! [2009.09.28 13:59:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2010.09.26 17:24:24 | 000,010,134 | R--- | M] () -- C:\Users\Tuan\AppData\Roaming\Microsoft\Installer\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}\ARPPRODUCTICON.exe [2009.04.04 20:50:01 | 000,010,134 | R--- | M] () -- C:\Users\Tuan\AppData\Roaming\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe [2009.04.11 22:34:07 | 000,000,766 | R--- | M] () -- C:\Users\Tuan\AppData\Roaming\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe [2012.06.07 14:53:32 | 001,361,896 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe [2011.09.23 14:07:18 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.06.06 21:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D05F6E26AC960474494356FE703D61BE -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys [2008.06.06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\Windows\System32\drivers\nvstor32.sys [2008.06.06 21:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_5396a0ad\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.04.06 04:16:52 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D < End of report > und hier der Extra.txt OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.06.2012 18:39:56 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Tuan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,32% Memory free
6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,02 Gb Total Space | 310,66 Gb Free Space | 53,28% Space Free | Partition Type: NTFS
Drive D: | 13,15 Gb Total Space | 1,82 Gb Free Space | 13,85% Space Free | Partition Type: NTFS
Computer Name: TUAN-PC | User Name: Tuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-449065279-793341504-1815772316-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CA83AF-76E1-4A6A-BA87-8AF6E0A42463}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{0A71ECE8-9368-4174-B56E-F082A64BBD0E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{104CF7CD-D0B6-449C-97DD-7735DB1E9256}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C5E55EE-F9C2-4E85-AF5C-9AEC51272A57}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CC3A897-1B00-4DF9-AA2E-CA5CCD431B2D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1DFCD8C5-31F5-4319-8709-E842CFD97625}" = lport=2869 | protocol=6 | dir=in | app=system |
"{200EC7A8-865B-4087-8C8F-318B52A90041}" = lport=6112 | protocol=6 | dir=in | name=wc3 |
"{26D406D3-8DD5-4BB5-BEA9-7033B4FD421D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{274A7816-06CC-42C3-BB68-73DD14C2CE2F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{295FBD73-7DD5-46A7-920A-53C70C3A55B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BB1FC75-23FA-4860-9648-0047F1820C53}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{31E8B317-3C04-429C-831D-131CC5D1CCBB}" = lport=5358 | protocol=6 | dir=in | app=system |
"{35252EBE-6EC6-432C-91A2-273881939A4B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{3867F7BF-2CB6-4497-B5F8-778A4CD2D664}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{42A24DDB-8F9D-4E30-826D-760C1FA240DC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4442B079-7923-4794-9257-372B8E8E1DF3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{4776D466-3FFE-4B68-91AD-62EE117AC98D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{49DBD451-E09E-41FB-86CB-020232C4FF07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A5AA4CF-0CE9-4F8A-A2C0-6C7F2E59B2E4}" = rport=5358 | protocol=6 | dir=out | app=system |
"{4B326E58-050F-447E-B6D1-8D77EF6FEB4A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{4D618B4F-98FA-4E82-AF7A-44612AEFF2E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FCC3A2C-7DFD-43E3-94FB-B9378A240D49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{587A0DEF-24E8-466B-B92D-8DA10053E7F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{5922EF2E-5BDF-4F46-AECD-53C7ADE04AEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E993312-4E9E-4F24-A286-A623AF353A0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6454D5C9-211C-4383-8C26-B6BFE6EECAA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{65568F2F-BCF6-494B-AAD9-3CBEFDF018FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{680B59F5-9F90-47F4-A894-238FC76861F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{698439C6-4AD3-4EF4-A143-BF7A58733DAE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6BACF3CF-7CE8-4DAA-B96A-974909B20F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D2C2271-CF71-48D5-99E7-7238D40CDD89}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6FB909C0-A76F-44E5-B920-C32E212D1DE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72D114F1-32D2-4939-9855-342FED255F6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8168146A-FE66-44D8-8DFC-587201116DAF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{838B749D-9FE2-40A1-B928-076FEE33FFE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{87942F3D-D06B-4BF3-BCEE-6A81F61156F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C9E841C-C196-4512-A7D3-C453E8B18ECF}" = rport=137 | protocol=17 | dir=out | app=system |
"{90365249-1B88-475E-8D0C-04769AD27AA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{987734FF-8F31-4424-9598-62E0EC23E8B0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9D181466-17B1-472E-B18F-5AF7057C8911}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A6A0836B-522B-44AD-89B3-B72EBD5107AA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{AFE3FF91-A8F0-416D-9211-D91EB5D560A9}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{B3B9580D-3202-4CF8-B674-12455586B889}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B9DF5A48-DEDC-44C5-8B39-9735B294B1F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9E6B1B2-8D0C-4170-8C2B-2D42ACD48967}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBDAFE76-2C3E-45E0-AF90-A2D1BDA0698B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF7385AE-3EF4-447B-913C-C7EB57309F82}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C6057DCA-4D6D-4378-8A04-6648DAB57A35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C6738888-86B9-4FA7-BBF0-C41508EA202B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C87D8B18-3186-4CC7-A13A-9646F4C5742B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CA7DA52E-BF9F-4BFF-8D98-6897C22AA453}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CEF4F423-C6F9-428B-B61F-D86C67297D0C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D5FFE728-7E92-4E53-AA33-7BF5B0243196}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6AA6B24-D14F-43F0-BB29-782F09916743}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DC7E5988-9A0B-4DD9-8EAB-8A899BEFA8BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E08ED960-6ED1-4C76-8BE2-F75F6BBC2D04}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{E134DC62-855D-454B-8EA0-4C3B98608B0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E41D1E8C-CE68-46D3-B8CB-43D77948EF32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBDCEA3C-24AE-4CCC-97F3-855F1BCC8238}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{ECE149EF-15C7-404B-BF10-24F84CBD58B9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{EE14078B-2EFF-46BA-89AC-0F40DA453A71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE43A508-A15B-40E2-87BD-68BAE92300DD}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EE5982B8-9912-4579-A30F-094F9207F86D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{F95F8EE4-69A5-42A0-BED8-88509376880E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AFE317-1225-48BE-B54D-85A633031E5C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{07339EFC-41B7-4195-860D-7C9CA2009DE1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{083285D2-7C01-4213-AE26-99E3FDA8755D}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0AE8D622-201F-4EDA-BF1F-A374F0433CB0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{112025B5-3BBE-4AB0-82D2-44A71A1C4E29}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{119F6890-A4CC-45EC-8E41-9DBD47BB4D90}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{13A5E5CC-F3EC-422E-861B-AEEF187A8EBF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{144EF265-1132-4E1B-9743-63B4E036F295}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{157FE4D7-7CE7-40FA-952B-2A2E7FE240EA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1E0B1293-F8F7-44A6-97D1-B9EF77ACB12E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1E9D533B-492C-4285-959C-B4F561953410}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{1F974071-2089-464A-92F0-EB1EC230CF5D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{1FF62491-00A1-4666-847A-AA43F64CBCFB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2033363A-F8E0-4050-84F6-A7C9F60154FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{225AB495-31C5-48F5-A4D0-4F6969CB8D64}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{22E5947F-8647-4124-8FAF-920F3B01F9F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{256F48E3-B598-433F-B0F8-096C9AB59D3D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{276E5F1C-58C0-496F-83F7-C33AF33B76F5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{27AD5108-7C66-46AC-8EC9-EB00D4E0DD02}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{316BC786-8D6B-4865-9468-51D0AD2324F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32D5F70F-8007-4396-AEBC-59C77E60E991}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{33461631-47E2-4A41-9C08-EC0B10DD862F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{33572568-7BC9-45B3-92C0-06DCCFA271FD}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{33BB9A97-0E57-44B6-B74C-290D745F2523}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{377D2271-2555-4F71-92F0-DA2B8A0A5AA0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{38F47906-2507-448D-BF3A-36393AB43D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AF84E87-07F8-47B6-8263-77B84519331D}" = protocol=17 | dir=in | app=c:\users\tuan\downloads\sweetimsetup.exe |
"{3E0524CE-C02A-46C8-8999-CF0B2E745F9D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{3F012817-D384-472B-BD7D-5347D4A1EDDA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{41DA0DFE-B660-4271-97DA-07C434C1DEB8}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{43A4E0FE-2059-44F9-BE74-3056E9F8C646}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{44195EF7-79B9-4DEB-A973-4CC1117FDAC7}" = protocol=6 | dir=out | app=system |
"{441EAD1D-C000-4481-9069-92ADFB2019D0}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{46689F67-A3F8-4A97-85EA-70BFF89D55BB}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{4ABC2E31-486C-4DE6-BF17-813952310003}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4C42EAF5-DF67-449B-A11C-18C6D69771A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{4CE71511-654E-4AC0-84FD-800ECCB736B4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{5029C933-C153-4957-9E7D-CAEA9D48566A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{50A997B5-1DE0-4D70-A43C-D8ADBFEC76D4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{5187FFA3-889D-4541-B2BB-57262FA522B4}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{541B4969-0169-4BEE-AE6E-486FE02415F9}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{55AEF02F-B3AA-4BB6-8D73-02E5A2630F60}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{56E80A7D-DDE0-476C-9E74-47B75E4C8526}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{58E5713A-1857-42C5-A769-9DECED7F0B56}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5BE1FBE3-C8AB-4130-91B9-F313092F3C58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60100E0D-09BA-46B6-ABB3-2BDA634A5D7D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{694FC2E2-C595-445E-B3A8-65D6FA7353B2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{6DAD4258-D7A1-44CB-9B61-7D544A5F2821}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{6DD36D67-C434-4F04-96C7-63FF5960C26E}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{70163C9A-03B8-4EC9-8491-9897BCB1BE0D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{7433F4AA-C514-4CD4-AB11-BA57CBC23AE5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{7547926E-0DBA-4A6F-9780-F6E1D12FFEDB}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{7A87CBB5-397B-40AE-BB29-5DAC9376B84D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83B7E13A-B2BC-4E21-A2BF-DF89AE686C0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8779801F-1EDB-4D3A-988E-940587D28041}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{8E1893B2-68FE-4A94-AE9D-7BF0B4A102C9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{99A95C2D-06F7-4665-A850-D7534FA67002}" = protocol=6 | dir=in | app=c:\users\tuan\downloads\sweetimsetup.exe |
"{99ACA650-BDBA-47C3-9D69-57E0A90211D3}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9BFB19CC-2D5A-4CEE-A243-71A4F99EF8FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9C903254-DD7A-4381-833C-A937C04B1D8E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{9CF358EC-6672-4A5A-89F6-D4800E16B9A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D0CAB4D-20F4-4860-9B69-51DF29952B98}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9E9606E9-58BD-44F2-BE96-A6462FE2C1C2}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{9FB81535-9835-41B6-AC57-B6ECBA88DCFD}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A077F37F-2577-44AD-A708-D7EC6AEE8228}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{A1B757BD-053D-4D18-B40A-B90DBA2D2D71}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{A3657604-124E-47F5-8D50-2ECB6D3ED96D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{A45BDE44-6065-48D3-8A3B-56F5AC3D0AAE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A4E90A5A-13DD-48E0-9637-400C03A0CFD8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A715B2C8-0694-48FB-8E9C-D7C769A89AA9}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{A71C4A8D-24F2-4332-819F-A778602FC749}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A7936BD0-1018-4481-9C02-842E4A346197}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A930D9EE-FB67-4EB7-AF3C-AB9252A049E1}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{AD462B0F-324D-4A4D-9098-1E6B6769FA25}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{AE5384C1-5FB6-45C4-BFB5-51BCE24173BE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AEC9C685-3314-4C02-9E17-8A25DB7AFC3B}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{AFA98EDF-5E5B-474D-8C84-5E5AC9573846}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B4866984-D73C-4930-B0F1-5696C08AFE0D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{B67E6BD4-9DE2-4BC7-ADB7-F4AC7C6088D4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B99EEA81-500C-4EDC-97B6-F563B7836E8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BE909427-6A61-44B2-BEBF-74E49DA46E1D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{C71DF248-7E51-433D-9B40-ED09293D1C06}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C8BE48D6-C424-4154-8EEA-DA228FCF14AD}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{C8E1D8B5-2783-4A45-B289-0759B4C05BBD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CAD4FF4B-CEFF-494D-BDF4-B33F5AB39615}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{CBFD354F-3CC7-43CE-A7D0-279F1CF29FF2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CEFD8C85-17F5-446C-BB84-99D9BABD2E00}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D221F70E-7609-4C6A-B462-155C8DF77C2F}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{D282827D-97AB-4D0E-BF56-5A25FC85BA99}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D5A11503-EFF0-4B68-9E0F-DB52A7E525C8}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D78851BA-8249-4771-AC32-228391FBC878}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D8542A74-4CC0-44E0-B0DD-490A0519019C}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{DA261475-BA47-4F2C-92D1-D9D538669B35}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DB66D1D0-7A57-46C8-865B-558A01C558A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{DD26250F-1B8E-45C6-AA3A-686D8CDCB6CB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{DDB00913-370D-4A8A-9EB9-ECB667A92061}" = protocol=6 | dir=out | app=system |
"{DE278405-42FB-4474-ACAE-EA511CD6AFEB}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{E0BE78A4-4A40-4B89-9CEF-FF2C7A8D8D5A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E2298536-D4C0-4245-97D2-CA1E56BF14DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{E2C6C00B-E027-4662-8FCC-40DDBE10C7FA}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{E8313FBF-E708-4C16-B5A4-3C532ED75808}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E8CF9801-177E-4599-8BDE-9B1F416813EE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{ED188903-A491-4AD6-9A1D-38ED1014EBE0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F34B680F-74A7-4168-8B27-44DE73B478DF}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F46181DC-4ECA-4824-B5B9-71E23273DFA4}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F6A477A9-D632-45B2-BB24-8A3E406C00DC}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{F72D8D35-A5ED-4992-AA41-5AC84FA86B6B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{FD253463-7D4F-42FA-8441-13C289A369D1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{FDC04E51-C17E-4A2F-9EEC-644958893CCD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{FEF8F9C6-F336-40A8-9687-64B5AD945973}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"TCP Query User{00316C84-6B72-4B99-9502-C786818CC278}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{04441598-6DF3-467F-9EA0-1EA4894FFA62}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{1197861E-2BCF-4A30-8D52-2C70F879BFCC}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"TCP Query User{150320AD-15D2-4D4A-85AC-14954BDC7FAE}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{2CD04F5C-429E-499F-A765-F9FC043D103F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2DD2DC2E-4CEE-41C9-926A-BE55CEEBC660}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{319A48E7-8836-4C79-81F0-80150AF06823}C:\program files\warcraft iii\pickup.listchecker.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\pickup.listchecker.exe |
"TCP Query User{367724CE-FB80-4BA3-93A6-F877973E2D3C}C:\users\tuan\appdata\local\temp\6341536c99024e45b83231740485442f\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\tuan\appdata\local\temp\6341536c99024e45b83231740485442f\relicdownloader.exe |
"TCP Query User{3757FE47-4728-447A-9C0D-968108CA2A01}C:\users\tuan\downloads\games\gb\gb mp\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\tuan\downloads\games\gb\gb mp\visualboyadvance.exe |
"TCP Query User{3A9DF147-0045-4FA9-9F79-2A027929FFB0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{472E95D4-DB63-407E-A46E-16180C7E2BAF}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{4CD803E7-EA2E-4CC3-8394-1D86DB7851E7}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{5660CC62-54FB-4BBA-BC34-C666B574A2F6}C:\program files\steam\steamapps\d_phan\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\d_phan\counter-strike source\hl2.exe |
"TCP Query User{5CE24C74-F3AA-462C-B0BC-B2600439650F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6A4297FE-1DED-4F2C-B81D-BDF21F0348A5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6CF53668-5E56-4FB2-8978-111BC559CB70}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{73FEB5D6-EFC6-437F-8165-8201CDDF0F44}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A93087FF-FD22-4630-8CEC-2FBF1785C51A}C:\program files\ea sports\fifa 2003\fifa2003.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 2003\fifa2003.exe |
"TCP Query User{B4BF4740-1854-4629-856A-F3B79D147F65}C:\users\tuan\downloads\games\snes\snes9x.exe" = protocol=6 | dir=in | app=c:\users\tuan\downloads\games\snes\snes9x.exe |
"TCP Query User{BB7FF89F-9855-4FC3-AA61-8674E8C43E88}C:\program files\american conquest - fight back\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\american conquest - fight back\dmcr.exe |
"TCP Query User{CE8D4CC1-B381-40C1-8B1E-358E97783EC9}C:\program files\panzers - phase1\run\panzers.exe" = protocol=6 | dir=in | app=c:\program files\panzers - phase1\run\panzers.exe |
"TCP Query User{D22EBE74-0AB9-4771-A71E-3BCCFA4C4F52}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{E5B4E554-99D5-4947-B3AC-9B2864F0B7A0}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{E601C8B6-6FD3-4826-A0B6-8D09625331D6}C:\program files\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{F064F6C3-F4BA-4F89-ABF5-7EA0D3621189}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{01A58E33-BEED-4FC8-8780-A14E4638930A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{27AB5D13-05AF-4145-8AA0-314F988039C7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{42C1E6C0-3DCB-41DA-97F0-F7FDBB45CF01}C:\users\tuan\downloads\games\snes\snes9x.exe" = protocol=17 | dir=in | app=c:\users\tuan\downloads\games\snes\snes9x.exe |
"UDP Query User{46D24C6C-23FA-4ADC-8855-C46DCCD7099D}C:\users\tuan\downloads\games\gb\gb mp\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\tuan\downloads\games\gb\gb mp\visualboyadvance.exe |
"UDP Query User{6845EFB0-2C85-410E-B4E0-3A2D77C508D3}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6D9ABDEE-9B7F-4902-8A8F-6AC5E67D2C60}C:\users\tuan\appdata\local\temp\6341536c99024e45b83231740485442f\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\tuan\appdata\local\temp\6341536c99024e45b83231740485442f\relicdownloader.exe |
"UDP Query User{7313A7EB-A198-4C63-A4DF-EBE5D56371D4}C:\program files\panzers - phase1\run\panzers.exe" = protocol=17 | dir=in | app=c:\program files\panzers - phase1\run\panzers.exe |
"UDP Query User{738D9FFA-9B78-47E4-8831-7303805F58C4}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{76FD395E-C089-459E-B7BB-CB4659783C01}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7C38298F-5832-4780-825B-C2BB5AE683E8}C:\program files\ea sports\fifa 2003\fifa2003.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 2003\fifa2003.exe |
"UDP Query User{81A011D5-AE3C-4625-9DAD-85E751A09A24}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{88DF5D2E-488E-4EC9-80DC-243C85A7A555}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8D222F70-C368-4632-AAF5-F63952D13DF5}C:\program files\steam\steamapps\d_phan\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\d_phan\counter-strike source\hl2.exe |
"UDP Query User{8E59D023-0FCA-4D91-B51E-DADB9435B868}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{954C302D-AF3A-4780-8933-F9EA9A4F5DAA}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{9915F5CD-8DA2-46D3-A829-45F0EC9EED08}C:\program files\warcraft iii\pickup.listchecker.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\pickup.listchecker.exe |
"UDP Query User{AF50138B-1FB8-4E07-AF7E-289BE0ED7160}C:\program files\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{AFF34FEA-63DC-4C0B-98F0-0BE238C848B8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{B4131824-B879-43EC-9AD5-8B7D68C13400}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{C4250DDB-F4BE-4959-BFE0-098DBD30ACCB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C5354FF1-A3F4-4727-800C-05C9654B9EC3}C:\program files\american conquest - fight back\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\american conquest - fight back\dmcr.exe |
"UDP Query User{DA494E8E-BB6C-4984-BFB7-8ED05F3D335F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E3E57A2C-7A62-4AB7-8F95-5C8617E6BCB7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E69252DC-D227-4E9E-901B-3A0D386165AB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{ECE758AD-A621-449A-863B-CD12B0B07FC9}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play BD
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BF7E72DC-FD54-20A6-8F92-E6F27F1D579D}" = AMD Fuel
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Battlelog Web Plugins" = Battlelog Web Plugins
"CCleaner" = CCleaner
"CCWORLD" = CCWORLD
"Company of Heroes" = Company of Heroes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.0" = ESN Sonar
"Forte Free" = Forte Free 2.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.12
"Free Disc Burner_is1" = Free Disc Burner version 3.0.1
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.1
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.11.508
"Free Studio_is1" = Free Studio version 5.0.3
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.10.34.517
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"GeoGebra" = GeoGebra
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OpenAL" = OpenAL
"Origin" = Origin
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PunkBusterSvc" = PunkBuster Services
"Red Alert" = Red Alert Windows 95
"Red Alert Themes" = Red Alert Themes
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"Steam App 22600" = Worms Reloaded
"Steam App 34030" = Napoleon: Total War
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"WChat" = Westwood Online
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2010 12:27:38 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2010 08:33:38 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2010 13:40:20 | Computer Name = Tuan-PC | Source = MsiInstaller | ID = 11312
Description =
Error - 07.11.2010 10:00:07 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2010 14:02:19 | Computer Name = Tuan-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 08.11.2010 13:19:52 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2010 16:35:40 | Computer Name = Tuan-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.11.2010 08:57:07 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2010 09:42:19 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.11.2010 08:59:55 | Computer Name = Tuan-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.06.2012 10:12:03 | Computer Name = Tuan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
--- --- --- [/code] |
|
24.06.2012, 15:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&tt=261211_ctrl&babsrc=SP_ss&mntrId=5e90e91800000000000000ff9250e086
IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&tt=261211_ctrl&babsrc=adbartrp&mntrId=5e90e91800000000000000ff9250e086&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\conduit.xml
[2011.10.29 16:23:12 | 000,003,915 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\sweetim.xml
[2009.06.24 14:37:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.29 15:53:47 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKU\S-1-5-21-449065279-793341504-1815772316-1000..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKU\S-1-5-21-449065279-793341504-1815772316-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.27 17:51:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.04.13 18:47:51 | 000,000,023 | ---- | C] () -- C:\Windows\clofghls.dll
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 17:41
| #13 |
| | Trojan.Downloader in Registry KeyCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879950C1-3353-486B-893E-6E23EE9D5329}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0057537-1C1F-405C-B6EB-050826BA3A2A}\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{879950C1-3353-486B-893E-6E23EE9D5329}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879950C1-3353-486B-893E-6E23EE9D5329}\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0057537-1C1F-405C-B6EB-050826BA3A2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0057537-1C1F-405C-B6EB-050826BA3A2A}\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?AF=109130&tt=261211_ctrl&babsrc=adbartrp&mntrId=5e90e91800000000000000ff9250e086&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\conduit.xml moved successfully.
C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\sweetim.xml moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save YouTube Video\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save YouTube Video as MP3\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\clofghls.dll moved successfully.
ADS C:\ProgramData\TEMP:BD36345D deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tran Trong Chinh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Tuan
->Temp folder emptied: 12979702 bytes
->Temporary Internet Files folder emptied: 16679348 bytes
->Java cache emptied: 116773 bytes
->FireFox cache emptied: 168800143 bytes
->Flash cache emptied: 2513 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9146 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 189,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Gast
->Flash cache emptied: 0 bytes
User: Public
User: Tran Trong Chinh
->Flash cache emptied: 0 bytes
User: Tuan
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.51.0 log created on 06242012_183205
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
24.06.2012, 17:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 18:12
| #15 |
| | Trojan.Downloader in Registry Key so hochgeladen |
|
| Themen zu Trojan.Downloader in Registry Key |
| administrator, anti-malware, appdata, autostart, browser, code, dateien, dateisystem, entfernen, explorer, gen, helper, heuristiks/extra, heuristiks/shuriken, infizierte, malwarebytes, microsoft, programm, quarantäne, rechner, registry, registry key, roaming, service pack 2, software, speicher, viren, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
