| |
| |||||||
Log-Analyse und Auswertung: Externe HD hat den VerschlüsselungstrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2012, 14:38
| #1 |
| |  Externe HD hat den Verschlüsselungstrojaner Hallo  Ich wurde auch ein Opfer von diesen Verschlüsselungstrojaner (UKASH). Ich habe schon gestern eine Systemwiederherstellung von Laufwerk C: gemacht. Musste aber feststellen das mein Externe HD immer noch nicht lesbar ist, siehe Screen-Shot auf dieser externen HD befinden sich alle wichtigen Infos. wie kann ich diese wieder herstellen das ich die Dateien wieder lesen kann. Bitte helft mir. Warfare Bild:  Malwarebytes: Anhang 36322 OTL & Extras: Anhang 36323 Geändert von Warfare65 (17.06.2012 um 14:55 Uhr) |
|
17.06.2012, 18:27
| #2 |
| |  OTL & Extras & mbam-logsCode:
ATTFilter OTL logfile created on: 17.06.2012 14:57:40 - Run 3 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Warfare\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 54,96% Memory free 8,00 Gb Paging File | 5,85 Gb Available in Paging File | 73,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 114,94 Gb Total Space | 50,75 Gb Free Space | 44,15% Space Free | Partition Type: NTFS Drive E: | 21,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 931,51 Gb Total Space | 252,38 Gb Free Space | 27,09% Space Free | Partition Type: NTFS Computer Name: WARFARE-PC | User Name: Warfare | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Warfare\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited) PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Preventon Technologies Limited) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS) PRC - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll () MOD - C:\Users\Warfare\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AV Engine Scanning Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe () SRV - (AV Watch Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\drivers\avfsfilter.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ewsercd) -- C:\Windows\SysNative\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=64077473&t=de1332385977.1330764348.bf7efd7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 13 A4 09 6B E1 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {378E88C5-5D58-4753-9C38-533F5E41BA9B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0FC594E6-877C-433A-B09A-BDDA338FCE74}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{378E88C5-5D58-4753-9C38-533F5E41BA9B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{F6658E1C-7078-43EE-951A-5E6BA0B50A3C}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Warfare\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 08:20:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.22 18:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warfare\AppData\Roaming\mozilla\Extensions [2012.05.20 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warfare\AppData\Roaming\mozilla\Firefox\Profiles\shabcuki.default\extensions [2011.07.06 06:43:38 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Warfare\AppData\Roaming\mozilla\Firefox\Profiles\shabcuki.default\extensions\DefaultManager@Microsoft [2011.11.03 10:59:03 | 000,000,933 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\11-suche.xml [2011.11.03 10:59:04 | 000,002,419 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\englische-ergebnisse.xml [2011.08.11 23:00:39 | 000,010,525 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\gmx-suche.xml [2012.06.13 22:51:16 | 000,001,056 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\icqplugin.xml [2011.11.03 10:59:03 | 000,002,457 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\lastminute.xml [2012.05.20 15:17:01 | 000,005,489 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\webde-suche.xml [2011.11.09 16:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.06 09:48:25 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\WARFARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHABCUKI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.20 15:16:59 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\WARFARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHABCUKI.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.16 08:20:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.09 10:30:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.09 10:30:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.09 10:30:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.22 20:10:41 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2011.11.09 10:30:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.09 10:30:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.09 10:30:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Warfare\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF0BCC49-7330-4970-A3F2-1C60341ADCDB}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C889EE2D-B913-4291-8AE5-8D9F32278D48}: NameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009.05.17 01:26:42 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1156ee98-3168-11e0-b1d4-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{1156ee98-3168-11e0-b1d4-001a4d50a21c}\Shell\AutoRun\command - "" = G:\Setupx.exe O33 - MountPoints2\{3816b30f-dfd3-11e0-9549-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{3816b30f-dfd3-11e0-9549-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{3a3fc955-91bd-11e0-954f-001e101f4da1}\Shell - "" = AutoRun O33 - MountPoints2\{3a3fc955-91bd-11e0-954f-001e101f4da1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{408d2b0e-6229-11e1-bdfc-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{408d2b0e-6229-11e1-bdfc-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{408d2b19-6229-11e1-bdfc-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{408d2b19-6229-11e1-bdfc-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{4947c6bd-458e-11e0-9872-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{4947c6bd-458e-11e0-9872-001e101fb45e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{4947c6dc-458e-11e0-9872-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{4947c6dc-458e-11e0-9872-001e101fb45e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{50be4018-3bf3-11e0-9b9b-001e101f82a7}\Shell - "" = AutoRun O33 - MountPoints2\{50be4018-3bf3-11e0-9b9b-001e101f82a7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{577653cf-6211-11e1-a060-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{577653cf-6211-11e1-a060-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{577653f4-6211-11e1-a060-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{577653f4-6211-11e1-a060-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{77d63c85-375a-11e0-9790-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{77d63c85-375a-11e0-9790-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{7ec472e4-906f-11e0-a629-001e101fe70e}\Shell - "" = AutoRun O33 - MountPoints2\{7ec472e4-906f-11e0-a629-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{811f9161-ce86-11e0-97d6-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{811f9161-ce86-11e0-97d6-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{9764322a-78e6-11e0-a189-001e101f57d0}\Shell - "" = AutoRun O33 - MountPoints2\{9764322a-78e6-11e0-a189-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{97643238-78e6-11e0-a189-001e101f57d0}\Shell - "" = AutoRun O33 - MountPoints2\{97643238-78e6-11e0-a189-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{97a1e789-1dac-11e1-b34f-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{97a1e789-1dac-11e1-b34f-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{9bc45787-6238-11e1-90a0-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{9bc45787-6238-11e1-90a0-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{a86a9ea7-7a43-11e0-8a22-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{a86a9ea7-7a43-11e0-8a22-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{ad032663-38ba-11e0-8388-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{ad032663-38ba-11e0-8388-001e101f8924}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{c60687de-78a0-11e0-9d11-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{c60687de-78a0-11e0-9d11-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{c8677eee-36f5-11e0-9400-001e101fe70e}\Shell - "" = AutoRun O33 - MountPoints2\{c8677eee-36f5-11e0-9400-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{d17a1b49-9d4a-11e0-82d3-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{d17a1b49-9d4a-11e0-82d3-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{d17a1b54-9d4a-11e0-82d3-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{d17a1b54-9d4a-11e0-82d3-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{d741c33b-5314-11e1-9dc8-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{d741c33b-5314-11e1-9dc8-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{dd7e0f2f-a1b7-11e0-807b-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{dd7e0f2f-a1b7-11e0-807b-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\{df84d1ca-e76a-11e0-9cf3-001e101fb4df}\Shell - "" = AutoRun O33 - MountPoints2\{df84d1ca-e76a-11e0-9cf3-001e101fb4df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{ed40318c-30c0-11e0-bf5c-001a4d50a21c}\Shell - "" = AutoRun O33 - MountPoints2\{ed40318c-30c0-11e0-bf5c-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.EXE O33 - MountPoints2\D\Shell\verb0\command - "" = \SETUP.EXE O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.17 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Malwarebytes [2012.06.17 13:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.17 13:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.17 13:50:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.17 13:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.17 13:42:27 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\JPEGsnoop [2012.06.17 12:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.17 10:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2012.06.17 10:42:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Warfare\Desktop\OTL.exe [2012.06.17 10:42:25 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Fighters [2012.06.17 10:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters [2012.06.17 10:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite [2012.06.17 10:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters [2012.06.17 10:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2012.06.17 10:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2012.06.17 10:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2012.06.17 09:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.06.17 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2012.06.16 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.16 08:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.14 05:42:41 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Apple Computer [2012.06.13 23:20:12 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Local\Macromedia [2012.06.13 23:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.06.13 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.06.13 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.06.13 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.13 23:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.13 23:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.13 23:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.06.13 23:14:14 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Local\Apple [2012.06.13 23:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.06.13 23:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.06.13 23:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.06.13 21:18:38 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\Outlook-Dateien [2012.05.20 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\Star Wars - The Old Republic [2012.05.20 08:54:24 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\HeroBlade Logs [2012.05.20 08:37:44 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\InterVideo [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Warfare\Documents\*.tmp files -> C:\Users\Warfare\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.17 14:48:48 | 014,492,672 | ---- | M] () -- C:\Users\Warfare\Documents\Outlook.pst [2012.06.17 14:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.17 14:27:46 | 000,000,000 | ---- | M] () -- C:\Users\Warfare\defogger_reenable [2012.06.17 14:10:21 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.17 14:10:21 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.17 14:07:52 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.17 14:05:20 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.17 14:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.17 14:04:50 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.06.17 13:50:58 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.17 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Warfare\Desktop\Neue Bitmap.bmp [2012.06.17 11:52:54 | 000,011,816 | ---- | M] () -- C:\Users\Warfare\Documents\cc_20120617_115242.reg [2012.06.17 10:43:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Warfare\Desktop\OTL.exe [2012.06.17 10:42:22 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2012.06.17 08:12:35 | 000,003,424 | ---- | M] () -- C:\bootsqm.dat [2012.06.14 19:49:32 | 001,643,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 19:49:32 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 19:49:32 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 19:49:32 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 19:49:32 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 19:12:57 | 000,484,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.30 11:48:18 | 000,013,720 | ---- | M] () -- C:\Windows\SysNative\drivers\avfsfilter.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Warfare\Documents\*.tmp files -> C:\Users\Warfare\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.17 14:27:46 | 000,000,000 | ---- | C] () -- C:\Users\Warfare\defogger_reenable [2012.06.17 13:50:58 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.17 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Warfare\Desktop\Neue Bitmap.bmp [2012.06.17 11:52:51 | 000,011,816 | ---- | C] () -- C:\Users\Warfare\Documents\cc_20120617_115242.reg [2012.06.17 10:42:22 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2012.06.17 08:12:35 | 000,003,424 | ---- | C] () -- C:\bootsqm.dat [2012.06.13 23:14:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.06.13 23:11:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.13 21:20:35 | 014,492,672 | ---- | C] () -- C:\Users\Warfare\Documents\Outlook.pst [2012.06.13 21:07:45 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys [2012.05.30 11:48:18 | 000,013,720 | ---- | C] () -- C:\Windows\SysNative\drivers\avfsfilter.sys [2012.02.27 11:51:17 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.02.27 11:36:51 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2011.10.11 21:15:08 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.07.01 13:07:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.28 07:07:38 | 000,013,824 | ---- | C] () -- C:\Users\Warfare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.08 11:02:55 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2011.04.29 16:56:22 | 001,599,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.03.25 15:42:04 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{42C8934A-382D-4E78-85E8-6043EC9B17BC}.dat [2011.02.26 21:25:01 | 000,007,610 | ---- | C] () -- C:\Users\Warfare\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2011.05.20 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.02 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\elsterformular [2012.06.17 10:42:53 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Fighters [2012.03.17 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\ICQ [2011.03.12 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\InterVideo [2012.06.17 13:42:27 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\JPEGsnoop [2011.07.02 21:46:36 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Lexware [2012.06.17 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\NetSpeedMonitor [2011.10.11 18:05:54 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\ProtectDisc [2011.06.28 07:05:37 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Samsung [2011.06.18 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telefónica [2011.02.13 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telekom [2011.02.13 01:31:28 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telekom Internet Manager [2012.06.13 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\TS3Client [2012.03.28 16:49:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A0F9C283 End of report Code:
ATTFilter OTL Extras logfile created on: 17.06.2012 13:06:21 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Warfare\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,36% Memory free
8,00 Gb Paging File | 5,31 Gb Available in Paging File | 66,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,94 Gb Total Space | 50,87 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive E: | 21,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,51 Gb Total Space | 252,38 Gb Free Space | 27,09% Space Free | Partition Type: NTFS
Computer Name: WARFARE-PC | User Name: Warfare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC4F52-AD66-4A70-9274-E474D9B5C70C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1EBE44D1-0ED5-4F96-B74E-421789043792}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D16AA8F-D40B-48E8-A6ED-4817FD276556}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D7FBABB-576C-4D03-883F-93D1D4373A3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3961053F-3873-4244-AAB5-B2C7F0913D83}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3BADB66D-78E2-40B5-A403-57D1723069C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{42ABD6E8-4B30-402C-AD27-BB0781A517E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DB6B258-9626-4C0E-810C-3ECFF1C3CB51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66D70630-B7D5-4351-85FA-608CE194A3BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67EF37FE-5471-48DA-8773-0F3014E507E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{7795E123-2B05-428A-8989-8ADC54D0C1C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{826064B9-083F-4165-B26B-B7E5CCDF6299}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8BAA0D7A-4A25-4AD9-AE8B-2DE851EAC3BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DC1D282-F73C-45F1-9812-A9465B0CDB71}" = rport=137 | protocol=17 | dir=out | app=system |
"{B65F25E6-A100-4CF6-84A3-BCE4F8AF8B3B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CE437454-8893-4EF3-807D-78CA48F346C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D67917C4-B0D4-4C9B-9809-F5D48CE2E943}" = lport=49266 | protocol=6 | dir=in | name=akamai netsession interface |
"{EFF5B703-6E4F-4D3B-8DEA-C91C35C7DE8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2FD14BD-F4FB-41FB-9685-84981EA35FDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00220555-5309-40FD-A1B7-B857F8CADD12}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{045D3BE1-EED7-4171-AFC6-AF1D9B64D7E5}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"{08248938-AB1D-4EC3-92A9-CFE4C567296A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{102D0CD3-068F-4851-A68E-796DEF1625D7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{1D8126CE-54E5-4E10-BF5F-0D056A402636}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EE25F5A-0E52-4818-A9D2-D1ECD1C9E58D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{250F2730-1F4D-4572-B26F-8C34370C9EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{25234D62-57F2-4BD5-9430-38625E56317A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{27FCDCEF-8748-46C5-8F7D-787FDF3DFDBB}" = protocol=6 | dir=in | app=c:\users\warfare\appdata\local\apps\2.0\43p4woh6.60n\o6bh9226.31n\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{440CC541-DDE6-410D-8A9F-D3F5C017CB17}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{580C892C-9EC3-4022-BDAB-0756B1A143C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{683080B8-8998-4FB2-8B15-0A17B1788D25}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6A96B4B6-8F0F-4DA6-AF38-440D7B1DF2D2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6B25795C-21C5-4D35-A4B9-73193322A29E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E64EA09-BFF0-4BDA-B865-D2C5D1F4BAD6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{6FEEEFE4-7F27-44A0-9847-B389BB17B937}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{85C984C2-B987-42B7-9CBF-492DDDCA45E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{9AC01B37-C031-4035-9B4E-59C35A8DE8E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9B60C666-097C-4E8E-8629-33C3A0795326}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{A40EC9BA-C400-4409-B671-9B3C4A931BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{A874DF1B-ACE1-41A8-92FA-44AB832D68DE}" = protocol=17 | dir=in | app=c:\users\warfare\appdata\local\apps\2.0\43p4woh6.60n\o6bh9226.31n\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{AF0E3A09-A97B-433D-AB23-9BBBA5A01931}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C70A0CE0-DED3-4723-9D9C-53475E2A16BB}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"{C82F2631-9CD5-4497-B370-ACDEAABB23C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C96DF054-57C5-4F17-BC91-4E68C2C5BE90}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CA8D95C2-2981-44B5-B127-2BC7A07E849D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CBBFB401-E476-48E6-840E-23E3A54E11EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6041F91-5AEA-4A17-8047-EB16B06F5A77}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DFBC3AA6-B9C0-45EC-94A3-46D088385267}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E78FD64B-5F8A-4875-B475-F8D065E2698A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{ECB8FC23-E142-43F3-947B-E80B30EAA321}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{FF109719-7CAE-4DC7-9A2D-BB614A630DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{1BCB0CB9-6B88-46C0-BCBB-65FF95CDB458}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{A4B41B05-5245-45BA-89B9-183B998DCE42}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{A68F8365-D5F3-4BC8-BA24-6EECE8ED129B}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe |
"UDP Query User{25B4A70C-DA04-490A-A37A-C6F32F56D2C5}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe |
"UDP Query User{787E8FE7-D0C0-49DB-9E50-B2F3525C5F95}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{BE051F04-0A7F-4B90-BEC0-84265115D230}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47FBE83E-4AE6-4E4C-A9AA-F5838E1FF925}" = GMX Toolbar MSVC100 CRT x64
"{4A1FCB72-812A-4096-8713-F1BB101A904E}" = Microsoft SQL Server Native Client
"{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
"{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager
"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06B91450-DDDE-4023-9CD3-B693C4B5A12A}" = Fighters
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BD171A4-7DAC-A12B-14E3-E33DA0B6FE6A}" = CCC Help Finnish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
"{1D4BA420-070F-3F9B-4969-126689978A98}" = CCC Help Greek
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3ED6B766-BDF2-F30F-F18E-16BA10ABA22A}" = CCC Help French
"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
"{469032A5-C6F3-CE61-67B1-F8820B747401}" = Application Profiles
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8A54BB79-658E-84A4-FBB7-93FD1EB20174}" = CCC Help Danish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy
"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C4FF3C-C5E5-07F7-AD5D-C26C2B41CFF3}" = CCC Help Dutch
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABA5FB59-633D-23B0-5841-D11A7B97C624}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
"{B282CB34-95CC-06B2-DFBC-07617F722837}" = CCC Help Spanish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E342FAD9-ACA4-BE69-D78C-F26CDF6DC9DC}" = CCC Help Italian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED9E5BCC-371A-5BE1-6DC6-CF7D8DC9A2B7}" = CCC Help Czech
"{EF829AE4-69BB-F791-F3DF-C6CBF8942881}" = CCC Help Korean
"{EFF33410-5603-B27E-778A-7AB406C7A785}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
"{F3F8BEC4-1D0E-9E50-0AF6-54A16094C92E}" = CCC Help German
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
"{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"CorelDRAW 10" = CorelDRAW 10
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SPYWAREfighter" = SPYWAREfighter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"MyFreeCodec" = MyFreeCodec
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.10.2011 08:11:28 | Computer Name = Warfare-PC | Source = Windows Backup | ID = 4103
Description =
Error - 30.10.2011 10:39:15 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
Zeitstempel: 0x4e956f17 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
Zeitstempel: 0x4d239522 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022629 ID des fehlerhaften
Prozesses: 0x135c Startzeit der fehlerhaften Anwendung: 0x01cc970308ea7673 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll Berichtskennung:
f072f43e-0304-11e1-922b-001e101f82a7
Error - 31.10.2011 08:35:50 | Computer Name = Warfare-PC | Source = Windows Backup | ID = 4103
Description =
Error - 04.11.2011 13:26:37 | Computer Name = Warfare-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 05.11.2011 19:44:54 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
Zeitstempel: 0x4e956f17 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
Zeitstempel: 0x4d239522 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022629 ID des fehlerhaften
Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung: 0x01cc9c14d0b61555 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll Berichtskennung:
28cd402f-0808-11e1-bf14-001e101fb45e
Error - 19.11.2011 13:02:53 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
0x37489012 Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
0x36e64b9e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004d66 ID des fehlerhaften Prozesses:
0xeec Startzeit der fehlerhaften Anwendung: 0x01cca6dcfec0e790 Pfad der fehlerhaften
Anwendung: D:\RAYMAN.exe Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32 Berichtskennung:
515c4547-12d0-11e1-8f20-001e101fde3a
Error - 19.11.2011 13:24:25 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
0x37489012 Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
0x36e64b9e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004d66 ID des fehlerhaften Prozesses:
0x130c Startzeit der fehlerhaften Anwendung: 0x01cca6dfacf072a9 Pfad der fehlerhaften
Anwendung: D:\RAYMAN.exe Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32 Berichtskennung:
53683a76-12d3-11e1-8f20-001e101fde3a
Error - 19.11.2011 13:25:21 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
0x37489012 Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
0x36e64b9e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006447 ID des fehlerhaften Prozesses:
0x1240 Startzeit der fehlerhaften Anwendung: 0x01cca6e0234a1ae9 Pfad der fehlerhaften
Anwendung: D:\RAYMAN.exe Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32 Berichtskennung:
7504721c-12d3-11e1-8f20-001e101fde3a
Error - 26.11.2011 14:04:01 | Computer Name = Warfare-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 67c Startzeit: 01ccac658cb6b567 Endzeit: 16 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: fd09c3f8-1858-11e1-926a-001e101fe5e1
Error - 30.11.2011 12:40:17 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
Zeitstempel: 0x4e956f17 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
Zeitstempel: 0x4d239522 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022629 ID des fehlerhaften
Prozesses: 0x1228 Startzeit der fehlerhaften Anwendung: 0x01ccaf7e91515344 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll Berichtskennung:
fbd374d8-1b71-11e1-b3af-001e101f36d9
[ Media Center Events ]
Error - 29.11.2011 11:29:31 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 16:29:31 - Fehler beim Herstellen der Internetverbindung. 16:29:31
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2011 06:19:17 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 11:19:16 - Fehler beim Herstellen der Internetverbindung. 11:19:16
- Serververbindung konnte nicht hergestellt werden..
Error - 09.12.2011 03:35:52 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:35:52 - Fehler beim Herstellen der Internetverbindung. 08:35:52
- Serververbindung konnte nicht hergestellt werden..
Error - 09.12.2011 04:35:57 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 09:35:57 - Fehler beim Herstellen der Internetverbindung. 09:35:57
- Serververbindung konnte nicht hergestellt werden..
Error - 09.12.2011 05:36:02 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 10:36:02 - Fehler beim Herstellen der Internetverbindung. 10:36:02
- Serververbindung konnte nicht hergestellt werden..
Error - 09.12.2011 06:36:07 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 11:36:07 - Fehler beim Herstellen der Internetverbindung. 11:36:07
- Serververbindung konnte nicht hergestellt werden..
Error - 14.12.2011 03:12:24 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:12:24 - Fehler beim Herstellen der Internetverbindung. 08:12:24
- Serververbindung konnte nicht hergestellt werden..
Error - 18.01.2012 03:37:01 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:37:01 - Fehler beim Herstellen der Internetverbindung. 08:37:01
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2012 22:59:14 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 03:59:13 - Fehler beim Herstellen der Internetverbindung. 03:59:13
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2012 23:59:18 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 04:59:18 - Fehler beim Herstellen der Internetverbindung. 04:59:18
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 17.06.2012 07:09:02 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 5 Mal passiert.
Error - 17.06.2012 07:10:23 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 6 Mal passiert.
Error - 17.06.2012 07:11:44 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 7 Mal passiert.
Error - 17.06.2012 07:13:05 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 8 Mal passiert.
Error - 17.06.2012 07:14:26 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 9 Mal passiert.
Error - 17.06.2012 07:15:47 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 10 Mal passiert.
Error - 17.06.2012 07:17:09 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 11 Mal passiert.
Error - 17.06.2012 07:18:30 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 12 Mal passiert.
Error - 17.06.2012 07:19:52 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 13 Mal passiert.
Error - 17.06.2012 07:21:13 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
ist bereits 14 Mal passiert.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Warfare :: WARFARE-PC [Administrator] Schutz: Aktiviert 17.06.2012 13:53:01 mbam-log-2012-06-17 (13-53-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207136 Laufzeit: 6 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von Warfare65 (17.06.2012 um 18:31 Uhr) Grund: posting in code format |
|
18.06.2012, 21:58
| #3 |
| | Externe HD hat den Verschlüsselungstrojaner |
|
20.06.2012, 15:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Externe HD hat den VerschlüsselungstrojanerCode:
ATTFilter C:\Windows\AutoKMS.exe (RiskWare.Tool.CK)
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Externe HD hat den Verschlüsselungstrojaner |
| befinden, dateien, ellung, externe, externe hd, externen, extras, feststellen, gestern, helft, herstellen, laufwerk, laufwerk c, lesbar, opfer, stelle, systemwiederherstellung, ukash, verschlüsselungs, verschlüsselungstrojaner, wichtige, wieder herstellen |
Linear-Darstellung
