|
Plagegeister aller Art und deren Bekämpfung: TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.06.2012, 10:50 | #1 |
| TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg? Hallo alle zusammen! Ich habe mir mehrere oben genannte Trojaner eingefangen. Mein Avira hat mir immer wieder angezeigt, das es den TR/Small.FI gefunden hätte, aber ich konnte ihn nicht löschen! Nach einer Systemwiederherstellunge ist das Ding allerdings verschwunden! Avira hat es seitdem nie wieder angezeigt... Ich habe insgesamt 5 Antivirenprogramme drüberlaufen lassen: - Emisoft Emergency Kit (ohne Installation direkt vom USB-Stick!) - Kaspersky Rescue Disc 10 - Avira (mein Programm auf dem PC) - ESET Online Scanner - Malwarebytes Anti Malware Allerdings haben alle diese Programme keinen einzigen Virus auf meinem Computer gefunden! Kann ich mir nun sicher sein, dass mein PC wieder sauber ist? Oder sollte ich noch irgendwas machen, damit er mit 100-prozentiger Wahrscheinlichkeit komplett clean ist? Ich hatte schonmal das gleiche Problem, hatte aber noch Cracks auf dem Computer, die jetzt allerdings komplett gelöscht sind! Also nicht aufregen bitte! Ich nutze nun keine illegalen Sachen mehr! Also, wer kann mir nun sagen, ob mein PC safe ist? Ich werde Malwarebytes gleich drüberlaufen lassen und dann noch das LOG posten... So, hier ist erstmal das LOG von OTL... (das normale) OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2012 12:38:29 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Tobi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,70% Memory free 7,96 Gb Paging File | 5,84 Gb Available in Paging File | 73,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 804,02 Gb Free Space | 91,32% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 30,56 Gb Free Space | 61,13% Space Free | Partition Type: NTFS Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.20 12:29:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Downloads\OTL.exe PRC - [2012.06.18 17:27:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.06.17 21:38:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.14 14:19:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.14 14:19:28 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 14:19:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 14:19:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 14:19:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 12:16:00 | 003,917,832 | ---- | M] (Alexander Miehlke Softwareentwicklung) -- C:\Program Files (x86)\TraXEx\TraXEx.exe PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Tobi\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.06 13:28:24 | 000,932,528 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 21:38:57 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.06 13:28:24 | 000,932,528 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.05.05 17:56:11 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.03.08 21:11:36 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll MOD - [2011.01.31 10:45:30 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\TraXEx\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.03 16:05:56 | 000,183,808 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe -- (Protector by IB Updater) SRV:64bit: - [2011.10.13 22:30:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.06.19 19:18:06 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.18 17:27:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.06.17 21:38:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.25 17:22:02 | 000,293,504 | ---- | M] (Steganos Software GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\OkayFreedom\VPNService.exe -- (OkayFreedom VPN Starter Service) SRV - [2012.05.14 14:19:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.14 14:19:28 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 14:19:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.14 14:19:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 15:43:56 | 000,096,768 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.05.05 17:56:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 10:12:11 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.03.06 17:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo) DRV:64bit: - [2012.05.14 14:19:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 14:19:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.11 17:40:28 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.15 16:07:21 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.06 11:26:34 | 000,014,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHMSR64.sys -- (DRHMSR64) DRV:64bit: - [2011.11.03 18:05:38 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64) DRV:64bit: - [2011.10.13 23:37:28 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.13 21:52:48 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.26 11:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.25 15:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\B31B.tmp -- (MEMSWEEP2) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012.03.06 17:38:00 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2011.12.06 11:26:34 | 000,014,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys -- (DRHMSR64) DRV - [2011.11.03 18:05:38 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/ IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 2B 78 67 3B 17 CD 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=56b79f8500000000000000ff33f68444 IE - HKCU\..\SearchScopes\{86A4452B-B53D-4EAC-A26F-090D1A599550}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYUJDE&apn_uid=456a57ba-74e1-4f91-9751-ed131c769bc5&apn_sauid=48E017B6-BBDB-42C0-BB54-4B3E1AB558B9 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQxyZvVcI&i=26 IE - HKCU\..\SearchScopes\{DFB380D3-9CE0-4BC4-B0E3-1950087AD923}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.facebook.com" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "173.212.195.88" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tobi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Tobi\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\PROTECTOR BY IB\FIREFOX [2012.05.02 17:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox [2012.05.02 17:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 21:38:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 21:13:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 21:38:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 21:13:44 | 000,000,000 | ---D | M] [2012.05.27 11:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.06.19 18:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\93rqtq9o.default\extensions [2012.05.12 10:19:34 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\93rqtq9o.default\extensions\battlefieldplay4free@ea.com [2012.06.07 17:01:47 | 000,000,000 | ---D | M] (HNG downloader/starter (live)) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\93rqtq9o.default\extensions\npretoxlive@live.heroesandgenerals.com [2012.06.19 22:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\a8836xc5.default-1340119455380\extensions [2012.06.19 17:37:41 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\a8836xc5.default-1340119455380\extensions\battlefieldplay4free@ea.com [2012.05.02 17:20:16 | 000,002,399 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\93rqtq9o.default\searchplugins\askcom.xml [2012.06.15 21:19:12 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\93rqtq9o.default\searchplugins\icqplugin.xml [2012.05.26 17:56:37 | 000,002,515 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\93rqtq9o.default\searchplugins\Search_Results.xml [2012.06.08 11:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.25 17:06:44 | 000,767,703 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93RQTQ9O.DEFAULT\EXTENSIONS\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.XPI [2012.02.28 17:32:25 | 000,013,152 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93RQTQ9O.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI [2012.06.16 10:50:57 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93RQTQ9O.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.17 21:38:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.23 16:04:13 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.26 17:56:37 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FF&o=14594&locale=de_DE&apn_uid=456a57ba-74e1-4f91-9751-ed131c769bc5&apn_ptnrs=FV&apn_sauid=48E017B6-BBDB-42C0-BB54-4B3E1AB558B9&apn_dtid=YYYYYYUJDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Tobi\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tobi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: OkayFreedom = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd\1.0.0_0\ CHR - Extension: Freeware.de = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.4.2_0\ O1 HOSTS File: ([2012.02.25 16:29:15 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 google-analytics.com O2:64bit: - BHO: (Protector by IB) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension64.dll () O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Protector by IB) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tobi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files (x86)\TraXEx\Integration\TraXEx Internet Explorer.lnk () O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files (x86)\TraXEx\Integration\TraXEx Löschautomat.lnk () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://www.battlefieldplay4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E4013CB-6B18-48FF-81B5-58CF1CB42BCA}: DhcpNameServer = 87.106.187.251 195.20.224.234 195.20.224.99 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3663A1-84F5-4260-B0C4-64E53E4076EF}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.19 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Free Download Manager [2012.06.19 18:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager [2012.06.19 18:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager [2012.06.19 18:11:58 | 007,207,866 | ---- | C] (FreeDownloadManager.ORG ) -- C:\Users\Tobi\Desktop\fdm391249inst.exe [2012.06.19 17:11:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.06.18 21:27:15 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2012.06.18 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN [2012.06.18 21:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2012.06.17 22:07:50 | 000,000,000 | ---D | C] -- C:\Ubisoft [2012.06.17 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2012.06.16 15:14:42 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{7269F147-471A-42DA-B3F4-398FDFAD1999} [2012.06.16 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\QuickScan [2012.06.16 12:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2012.06.15 23:42:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.15 22:11:50 | 000,780,288 | ---- | C] (Chapley) -- C:\Users\Tobi\Desktop\TerrariForm.exe [2012.06.15 21:32:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\LogMeIn Hamachi [2012.06.15 21:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.06.15 21:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.06.15 18:33:48 | 000,000,000 | ---D | C] -- C:\Nexon [2012.06.15 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Awesomium [2012.06.15 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\BrawlBusters [2012.06.15 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 14:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{706EE66A-60B1-4263-8D5C-2F9A79D7F3EE} [2012.06.14 21:46:56 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tobi\Desktop\spybotsd162.exe [2012.06.14 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\CyberLink [2012.06.14 15:19:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor [2012.06.14 14:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Copy [2012.06.14 14:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.06.14 14:32:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 14:32:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 14:32:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 14:32:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 14:32:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 14:32:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 14:32:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 14:32:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 14:32:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 14:32:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 14:32:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 14:32:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 14:32:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 14:23:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 14:23:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 14:23:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 14:23:31 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 14:23:30 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 14:23:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 14:22:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 14:22:38 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 14:22:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.14 14:10:01 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{8CA595BD-6840-42F8-BFD8-E58BC4C49EBC} [2012.06.14 14:09:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{2095FBD4-491F-4394-8851-75EA3C673E78} [2012.06.14 14:09:30 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{871C3DD9-D364-4F1F-BC56-7F4E286023E8} [2012.06.14 14:09:08 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{68CAE6E5-E153-494B-9EAE-A880E7867842} [2012.06.14 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Runscanner.net [2012.06.13 22:12:58 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\MAGIX [2012.06.13 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\MAGIX_MusicEditor [2012.06.13 17:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom [2012.06.13 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{632E72D7-5A09-4844-9D2E-CE9DC44DFE13} [2012.06.13 14:40:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{DC60B285-F225-41EF-A759-35A50DC3C617} [2012.06.12 22:00:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.12 21:22:19 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{D345460A-871F-4F32-8431-562AAF3223B7} [2012.06.12 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{66605118-41B4-40DA-9162-7C329225AB9A} [2012.06.12 17:59:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.06.12 14:31:32 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{E5E486FF-C313-4B14-AF6D-351E19FF4072} [2012.06.12 14:31:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{BB03CF6E-E87B-43B3-B6B8-AF2549A494FC} [2012.06.11 15:35:03 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{BC557BBE-2F91-4DCB-9773-A99F169E05AF} [2012.06.11 15:34:41 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{B2BB5427-8C3C-424C-86D7-D98C4BF09074} [2012.06.10 11:21:02 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Steganos VPN [2012.06.10 11:21:02 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Steganos [2012.06.10 11:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos [2012.06.10 11:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OkayFreedom [2012.06.10 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{228855F2-7509-4FAC-BE26-0A537DEE2756} [2012.06.10 11:11:51 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{95D57231-DFF4-44F7-B6A0-545B889B9C2A} [2012.06.09 22:04:18 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{764FE284-0A5C-4410-AD10-43C77487AE2F} [2012.06.09 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{8F9F386F-54F2-46D9-A18B-D4034834CC45} [2012.06.08 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REACTOR [2012.06.08 13:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\War Inc Battlezone [2012.06.08 13:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Inc Battlezone [2012.06.08 12:53:02 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\PBlackout [2012.06.08 12:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Blackout [2012.06.08 11:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{BFD5F641-6882-44CB-8A0E-D851A6DB9E50} [2012.06.08 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{3F4FD09C-DBA5-4126-91DC-454A67C100CB} [2012.06.07 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.06.07 15:21:37 | 003,953,632 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2012.06.07 15:21:28 | 000,004,774 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2012.06.07 15:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2012.06.07 11:58:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.06.07 11:51:28 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Carbon [2012.06.07 10:39:44 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{C7184AE3-37A7-4804-BC25-CFE069AF4CD8} [2012.06.07 10:39:34 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{58C59959-57D1-440B-8B97-96C291F6B96C} [2012.06.06 21:23:22 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\ijjigame [2012.06.06 21:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji [2012.06.06 21:13:44 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe [2012.06.06 21:13:44 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe [2012.06.06 17:35:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{5FEE8FCE-25FB-4286-BB75-4A6179326EB9} [2012.06.06 17:34:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{0101E8C6-981F-4541-81F6-894D8A3B6968} [2012.06.05 21:55:03 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\GamersFirst LIVE! [2012.06.05 19:31:06 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Unity [2012.06.05 19:23:06 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Unity [2012.06.05 19:21:07 | 000,591,512 | ---- | C] (Unity Technologies ApS) -- C:\Users\Tobi\UnityWebPlayer.exe [2012.06.05 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2012.06.05 16:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2012.06.05 12:48:18 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Ascaron Entertainment [2012.06.05 12:22:29 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{8C69D26C-9B44-45AF-BBD5-AF6B35E31934} [2012.06.05 12:21:59 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{97EE6184-8DE2-481A-8EB1-6C1C6F07432C} [2012.06.04 17:55:19 | 652,634,170 | -H-- | C] (InstallShield Software Corporation) -- C:\Users\Tobi\Desktop\S4_League_EU_v1167.exe.part [2012.06.04 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{49530C4C-CB65-4090-B3CF-D94D32E754E9} [2012.06.04 12:15:41 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{5B8965ED-5571-4165-AD0D-E65451CB6284} [2012.06.02 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{51C35EE3-0DD2-41E6-A957-093FDF3ECA57} [2012.06.02 20:57:54 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{8B2FD78C-3A13-4AF2-9004-313CF7E3CC43} [2012.06.02 16:47:32 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll [2012.06.02 16:47:32 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll [2012.06.02 16:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 [2012.06.02 16:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory License Cracked [2012.06.01 16:49:49 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{08BE67C8-060E-468B-98B1-98B01813CB8C} [2012.06.01 16:49:28 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{D1D519BC-0B1B-4AAD-87FC-0949ED5043FC} [2012.05.28 11:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Cam XPress [2012.05.27 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{1D16EBE5-A3D9-46F5-BBAB-4502449F9A97} [2012.05.27 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{8AA5BD9B-B408-4C02-BB86-37E9A11DBD36} [2012.05.27 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{42158B42-3866-4F05-8187-E660CB7E31D4} [2012.05.27 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2012.05.27 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\Freemake [2012.05.27 13:34:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012.05.27 13:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012.05.27 13:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.05.26 22:29:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{C1EDC411-9F4D-48B6-A8C8-BA57BF8D7E99} [2012.05.26 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AC 2 [2012.05.26 19:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.26 19:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.05.26 18:54:39 | 000,000,000 | ---D | C] -- C:\ATI [2012.05.26 17:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.05.26 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\FreeVideoConverter [2012.05.26 14:58:56 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.05.26 14:58:56 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.05.26 14:58:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.05.26 14:58:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.05.25 18:45:18 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Ubisoft [2012.05.25 18:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.05.25 18:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.05.25 17:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{9664044C-BBD7-46A9-9845-1B53683CA3EA} [2012.05.25 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{D1C51A95-05BB-4715-BA1F-5D309AE91BC7} [2012.05.24 18:26:39 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Colorpicker [2012.05.24 18:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SA-MP Colorpicker [2012.05.23 16:13:19 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.05.23 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{316B93F7-820F-467C-9ADB-ED990835894C} [2012.05.23 16:02:42 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\{D1C7593A-8879-46BF-B536-C49DA23C9D89} [2012.05.22 22:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2012.05.22 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3 [2012.05.22 16:19:31 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.05.22 16:15:20 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\GTA San Andreas User Files [2012.05.22 16:13:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\GTA SA [2012.05.22 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Performance Patch [2012.05.22 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Performance Patch [2012.05.22 16:08:04 | 000,000,000 | ---D | C] -- C:\Downloads [2012.05.22 15:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.05.22 15:23:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files [2012.05.22 14:24:14 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Babylon [2012.05.22 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Babylon [2012.05.22 14:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.05.22 14:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.05.21 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.05.21 21:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.05.21 21:57:08 | 001,003,008 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2012.05.21 21:57:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll [2012.05.21 21:57:08 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll [2012.05.21 21:57:08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2012.05.21 21:45:05 | 000,000,000 | R--D | C] -- C:\Users\Tobi\Tobi´s Dateien [2012.05.21 17:17:28 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2012.05.21 16:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.20 12:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.20 12:01:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000UA.job [2012.06.20 12:01:08 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000Core.job [2012.06.20 11:42:56 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 11:42:56 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 11:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.20 11:33:21 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 22:58:21 | 000,572,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.19 22:17:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000UA.job [2012.06.19 22:17:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000Core.job [2012.06.19 21:12:58 | 138,436,537 | ---- | M] () -- C:\Users\Tobi\Desktop\EmsisoftEmergencyKit.zip [2012.06.19 18:26:11 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.19 18:26:11 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.19 18:26:05 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.19 18:12:56 | 000,001,075 | ---- | M] () -- C:\Users\Tobi\Desktop\Free Download Manager.lnk [2012.06.19 18:12:18 | 007,207,866 | ---- | M] (FreeDownloadManager.ORG ) -- C:\Users\Tobi\Desktop\fdm391249inst.exe [2012.06.18 17:27:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.17 22:07:07 | 000,000,324 | ---- | M] () -- C:\Users\Tobi\Desktop\Ghost Recon Online.appref-ms [2012.06.16 10:51:24 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2012.06.16 10:51:23 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2012.06.15 22:12:52 | 000,780,288 | ---- | M] (Chapley) -- C:\Users\Tobi\Desktop\TerrariForm.exe [2012.06.15 21:32:27 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.06.14 21:54:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tobi\Desktop\spybotsd162.exe [2012.06.14 21:44:52 | 275,605,504 | ---- | M] () -- C:\Users\Tobi\Desktop\kav_rescue_10.iso [2012.06.14 15:19:40 | 000,001,117 | ---- | M] () -- C:\Users\Tobi\ Malwarebytes Anti-Malware .lnk [2012.06.14 14:40:44 | 001,635,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 14:40:44 | 000,697,292 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 14:40:44 | 000,652,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 14:40:44 | 000,148,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 14:40:44 | 000,121,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 17:53:25 | 000,001,081 | ---- | M] () -- C:\Users\Tobi\OkayFreedom.lnk [2012.06.12 16:50:55 | 000,026,488 | ---- | M] () -- C:\Users\Tobi\LOG.7z [2012.06.12 16:08:08 | 000,007,605 | ---- | M] () -- C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg [2012.06.07 17:36:36 | 652,634,170 | -H-- | M] (InstallShield Software Corporation) -- C:\Users\Tobi\Desktop\S4_League_EU_v1167.exe.part [2012.06.07 11:50:49 | 002,185,728 | ---- | M] () -- C:\Users\Tobi\AirMech.exe [2012.06.06 18:02:12 | 000,072,302 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\icarus-dxdiag.xml [2012.06.05 19:21:21 | 000,591,512 | ---- | M] (Unity Technologies ApS) -- C:\Users\Tobi\UnityWebPlayer.exe [2012.06.05 16:10:38 | 000,001,219 | ---- | M] () -- C:\Users\Tobi\RollerCoaster Tycoon 3.lnk [2012.06.04 17:55:07 | 000,129,335 | ---- | M] () -- C:\Users\Tobi\S4_Downloader.exe [2012.06.02 20:58:20 | 000,000,179 | ---- | M] () -- C:\Users\Tobi\key.trxx [2012.06.02 16:47:32 | 000,001,190 | ---- | M] () -- C:\Users\Tobi\Dxtory.lnk [2012.05.27 15:37:59 | 000,001,988 | ---- | M] () -- C:\Windows\unins000.dat [2012.05.27 15:37:58 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe [2012.05.26 22:38:26 | 003,448,025 | ---- | M] () -- C:\Users\Tobi\Documents\AssassinsCreedIIGame 2012-05-26 22-34-23-4001.mp4 [2012.05.26 22:35:54 | 000,485,376 | ---- | M] () -- C:\Users\Tobi\Documents\AssassinsCreedIIGame 2012-05-26 22-34-23-4000.mpg [2012.05.21 21:39:36 | 274,356,224 | ---- | M] () -- C:\Users\Tobi\kav_rescue_10.iso [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.19 22:58:10 | 000,572,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.19 21:01:44 | 138,436,537 | ---- | C] () -- C:\Users\Tobi\Desktop\EmsisoftEmergencyKit.zip [2012.06.19 18:12:56 | 000,001,075 | ---- | C] () -- C:\Users\Tobi\Desktop\Free Download Manager.lnk [2012.06.17 22:07:07 | 000,000,324 | ---- | C] () -- C:\Users\Tobi\Desktop\Ghost Recon Online.appref-ms [2012.06.17 18:14:41 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.17 18:14:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.15 21:32:27 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.06.14 21:31:24 | 275,605,504 | ---- | C] () -- C:\Users\Tobi\Desktop\kav_rescue_10.iso [2012.06.14 15:19:40 | 000,001,117 | ---- | C] () -- C:\Users\Tobi\ Malwarebytes Anti-Malware .lnk [2012.06.14 14:58:40 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Cinema.lnk [2012.06.13 17:53:25 | 000,001,081 | ---- | C] () -- C:\Users\Tobi\OkayFreedom.lnk [2012.06.12 16:50:25 | 000,026,488 | ---- | C] () -- C:\Users\Tobi\LOG.7z [2012.06.07 15:21:28 | 000,005,265 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2012.06.07 11:56:47 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000UA.job [2012.06.07 11:56:46 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1786937502-3233211386-3526623724-1000Core.job [2012.06.07 11:50:42 | 002,185,728 | ---- | C] () -- C:\Users\Tobi\AirMech.exe [2012.06.06 18:02:12 | 000,072,302 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\icarus-dxdiag.xml [2012.06.05 16:10:38 | 000,001,219 | ---- | C] () -- C:\Users\Tobi\RollerCoaster Tycoon 3.lnk [2012.06.04 17:55:06 | 000,129,335 | ---- | C] () -- C:\Users\Tobi\S4_Downloader.exe [2012.06.02 20:58:20 | 000,000,179 | ---- | C] () -- C:\Users\Tobi\key.trxx [2012.06.02 16:47:32 | 000,001,190 | ---- | C] () -- C:\Users\Tobi\Dxtory.lnk [2012.05.27 15:37:59 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2012.05.27 15:37:59 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.05.27 15:37:59 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2012.05.27 15:37:59 | 000,001,988 | ---- | C] () -- C:\Windows\unins000.dat [2012.05.26 22:38:19 | 003,448,025 | ---- | C] () -- C:\Users\Tobi\Documents\AssassinsCreedIIGame 2012-05-26 22-34-23-4001.mp4 [2012.05.26 22:35:52 | 000,485,376 | ---- | C] () -- C:\Users\Tobi\Documents\AssassinsCreedIIGame 2012-05-26 22-34-23-4000.mpg [2012.05.26 14:58:56 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.05.21 16:39:06 | 274,356,224 | ---- | C] () -- C:\Users\Tobi\kav_rescue_10.iso [2012.05.20 21:17:25 | 000,007,605 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg [2012.05.03 15:36:36 | 000,000,049 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\TheHunterSettings_live.cfg [2012.04.25 19:12:57 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.04.15 17:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.04.10 14:17:35 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys [2012.04.07 11:19:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.04.04 13:01:09 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.03.31 09:30:43 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.03.02 17:30:58 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.02.25 22:12:42 | 000,051,270 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\room_v3.dat [2012.02.17 18:17:06 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.17 17:43:11 | 000,002,048 | -HS- | C] () -- C:\Users\Tobi\AppData\Local\{997b5ae7-b4a3-3a8b-cb2a-9ffb7bbcbd4b}\@ [2012.02.17 17:33:45 | 001,591,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.23 20:20:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.23 20:20:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.23 20:20:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.10.14 02:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.08.22 18:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.11 18:45:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT < End of report > [/code] Hier noch das Extra-Log... OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.06.2012 12:38:29 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Tobi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,70% Memory free 7,96 Gb Paging File | 5,84 Gb Available in Paging File | 73,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 804,02 Gb Free Space | 91,32% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 30,56 Gb Free Space | 61,13% Space Free | Partition Type: NTFS Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B4E2382-2363-4E5D-B005-D7D123C31DE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1CF32EFB-64F4-4BD5-8C50-77A860A80909}" = rport=137 | protocol=17 | dir=out | app=system | "{1E35999A-BA8F-4A85-B6F9-C5D2733D5408}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1E43471E-94FB-4E0D-8E06-C7AED315FB21}" = lport=137 | protocol=17 | dir=in | app=system | "{20E7871F-BEBC-457D-8EDD-FE85596D9ABD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2172E187-1613-49E6-96DC-35E6F80F9919}" = lport=138 | protocol=17 | dir=in | app=system | "{2455F7B2-3B41-427C-B03E-4815867D9A31}" = lport=139 | protocol=6 | dir=in | app=system | "{286EFF3A-D19A-49EA-9F4D-A330492B0163}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{362915B9-50B5-41B7-A240-67687C3CE471}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4B55D10B-BFC6-4A47-B417-CCB5C1213838}" = rport=139 | protocol=6 | dir=out | app=system | "{569E83E0-142D-4A5D-A32C-665825536FB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60BE137C-6C06-456F-A56B-35EC62FB65BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67597B5A-035C-437B-A651-FE42550FBD68}" = lport=445 | protocol=6 | dir=in | app=system | "{767BFCE5-95F1-4D2C-9E23-C796480517D6}" = lport=2869 | protocol=6 | dir=in | app=system | "{7830DB88-B17F-4AB0-8D97-C28D3A539914}" = lport=10243 | protocol=6 | dir=in | app=system | "{92AE2085-AA08-4FF0-93CD-CC8031B3DB96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{97577ECC-18B1-46B6-B422-EF3BA96549F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF5427AC-F8B7-4134-946A-4749DA8EA1D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B4B4DA04-EE04-4498-9899-6A5879150820}" = rport=138 | protocol=17 | dir=out | app=system | "{B7D44ED1-8198-4493-9309-8425971C249B}" = rport=445 | protocol=6 | dir=out | app=system | "{BD937218-4C97-4871-B590-5DA12FB269C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C5A68CBC-08FE-4507-BDA0-CD3E3213B1DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E220618C-E7C9-4AB4-9555-0CD49B2A6986}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F1876FF8-978E-41A2-8D62-751D757E4829}" = rport=10243 | protocol=6 | dir=out | app=system | "{FB0CC6A0-036E-4003-8B7E-B0534989CF57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00144E3E-A08B-4D60-A262-C345A94936FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{03719BCD-9B09-4BC5-B48D-F6EF3BA0A55D}" = protocol=6 | dir=out | app=system | "{0AA85E57-9AC4-4179-9470-DB31715D16B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1041F151-D582-482A-A2D7-837DC5BFF084}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{11FDC00B-51E9-4D38-9B65-350AA3DBE50A}" = dir=in | app=c:\users\tobi\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{125AA1E4-43F1-4856-B7E4-3099DE452B7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{1599374E-07FC-46A6-A2AA-EA4CFCA8D575}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{17D3F6CA-D5F5-4A22-A7C9-7A9DA066A54C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{1CF126D0-F3EA-4073-8E73-F83C088A39CB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{228864B5-1405-463E-9E8F-2B1DC2F0D1EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe | "{25FCE36B-6229-42D0-B5EB-F1DA653AC530}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{2975620F-1099-4818-8D2E-C1A1200C7C24}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{2E090567-821E-4BBA-BA1D-1E1F911D1F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marioparty96\counter-strike source\hl2.exe | "{31318B69-D262-4BEF-BDE5-E9AE48CA4C04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{34BD835A-688F-49D3-8D7C-A04F9B09FD6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B1F8118-F374-4BFF-A1F3-D33528DFD995}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3F682520-DC99-4EA0-A2D9-5762F443240A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | "{3FA77CB6-C51B-4AC3-9B75-8FF6BC0E2AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{49E113FC-00B3-4D8B-8B03-AEE83A2731B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4A310F63-FEF5-4ECD-97BD-9711A46F9EB9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{566E24AC-7CA1-4876-A98A-8439EAC0B2B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{56EB2F57-5EB2-48B1-9B59-2CD42A2B8702}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5745251D-3B03-456B-9473-90BBFF21CFC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{59ACF149-53FA-4A6A-9336-03E44A82D7EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5C387EBC-E799-475E-9BA9-63F45CA9E9BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5D1451D1-1634-47EA-AB36-8A420F21027A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{615B76B7-D7A3-4C74-BD13-B0E7A72F995A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6B43D358-0048-4F42-BEFE-A24F6C6C637F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe | "{6E831066-D27A-45D2-AD49-DDE4FFE69B3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{71B2C2FC-69D0-4EB6-B30F-5CC55B7F480B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{734A2CD2-A69B-4830-844F-1287C69AB7B1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{738D217C-99E4-419B-9418-046692731176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{746EA857-4F4C-45CA-B076-E45B9CE9EA7A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{7A54BBB1-74EB-42BA-9125-C46D1A12C72D}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | "{7C45FFC2-C54C-431A-9E7C-2B783E6DA72C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7E15BA72-6F59-4DE9-A6A7-417B81451CE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7E5D8449-BAF2-409E-BF72-B34CB0D7BC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7EB692A9-7C49-4EA2-8BD4-C86C12313232}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{881F37DE-D609-4134-AEC8-F9B4464F68B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marioparty96\counter-strike source\hl2.exe | "{897EA416-E69F-4488-85AE-AC3548F5690A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8F687D18-DC2F-41B1-89FB-D4FAB00728EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F262CDF-9CB9-49BA-B7E9-94244EAC68A8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{A6354E3B-0CB9-4572-8FB3-FCFB60C0D682}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{AF7FE256-E3D6-41AF-A0DA-467D21B33B30}" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | "{B4C6E45F-339B-48FE-8D1F-5BA7C50D329F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B90CC633-2B01-4B12-BA63-E2435027334B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{BEA992DC-C827-4CD5-950B-294C95B6F38C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CB8061E1-14C0-4D18-B55F-A0BA26F4AF52}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{CCA743F8-CE9A-452C-9243-EC8B73208AEA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{D20C6990-01DA-4D0D-A565-E1BF1DD7288C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D5C143CF-5394-4171-8D5C-2087D473493F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D60FF57F-1737-49C0-9157-B0BB10886248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{D73DBF0F-3527-4DDD-AC50-BB94D3FEF5EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D8EC4093-C555-4CCB-9D68-961B4789B38F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DD67B738-A2A4-4296-8459-25B92C639A51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0B8E9F6-98B0-4852-8675-E8FCE7A3400E}" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | "{E1ABCE3A-C099-4505-8FEC-EF4C990C674E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{E28A805E-CE36-48F3-8CAF-30EBE7F42C1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E4F0431C-D253-4006-84B2-944E0D4AF405}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{EBBE82D3-9BE2-44DB-A5D0-C08088A0185B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{F1789586-DBE1-4BDC-A087-9E8ED2097BD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1E753FB-102D-476E-B3F3-C8C7BC2BBA82}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{F550EB2A-490D-4202-928F-625B564F53A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F77510D3-FAC6-455D-9F6C-C2364C1D0A75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FE55D066-8B60-4515-908C-4374DE097976}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{198B2680-C377-4580-8C4C-FDCA2E8DB43A}C:\users\tobi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\spotify\spotify.exe | "TCP Query User{D0F9A273-DBD0-4572-A237-8A62DDDA4834}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | "TCP Query User{E4A2CA23-D2B5-4E03-91B9-2D2A10F6082C}C:\users\tobi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\spotify\spotify.exe | "TCP Query User{F3CD3E82-E56F-4E0F-BB78-B2D6C150AA78}C:\program files (x86)\rockstar games\grand theft auto san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto san andreas\gta_sa.exe | "UDP Query User{12F5D530-1472-4BC5-88A8-FB9909FE42D8}C:\users\tobi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\spotify\spotify.exe | "UDP Query User{B77067C8-5B53-46C2-A875-EEF465A18C2A}C:\users\tobi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\spotify\spotify.exe | "UDP Query User{B98EC8A3-E16E-43B4-AC4D-3C10EFAE8CDB}C:\program files (x86)\rockstar games\grand theft auto san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto san andreas\gta_sa.exe | "UDP Query User{BB0F3F1E-01CF-47D0-AA31-04120119245D}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{07ECB2CD-DC4D-9170-0832-6D0241F282E9}" = AMD AVIVO64 Codecs "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1241CE77-0B65-40A0-B893-02EA49E35332}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Protector by IB 2.0.0.412 "{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding "{455196BE-3B39-D0C3-0DB4-7F572F9DAC9A}" = ccc-utility64 "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4EC57D6F-D4B2-DA64-DA3D-AA974526BA29}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit) "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0269C1CD-92C4-B8B4-6A13-4287CB880CDF}" = CCC Help Finnish "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{05FFC359-64F3-A1C7-16A6-4BECC05D0519}" = CCC Help Norwegian "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20E7F0EE-DE26-3287-FFB2-11F33ECE35F3}" = CCC Help Italian "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2EF1CACD-24D7-DD2C-627B-AEFD3B951C6E}" = CCC Help English "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{2FB06C2A-0D2F-1962-532A-AEC79851E241}" = CCC Help Dutch "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F3FB10C-7175-4D38-9335-3488B89C12AF}" = OkayFreedom "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{498765E0-6D72-309A-6019-3F2DDAD6808A}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0 "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{55118EA0-31F5-A638-4238-50D632B73D64}" = Catalyst Control Center Localization All "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56D13BAF-37D4-EC49-AF10-19F3E91B40E1}" = CCC Help Spanish "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray "{5B80AE2E-759D-11E0-A27D-005056C00008}" = MSVCRT Redists "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E08B328-9CE6-4976-8267-C8BE1C6AC38D}" = Garry's Mod Manager "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{7069F9BA-0CC9-08AA-1825-1CB65D90BC24}" = CCC Help Danish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension "{97490A5C-49CB-468C-1639-9FB58BAA44CD}" = CCC Help Swedish "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0 "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9173B96-202E-4938-B7E5-951477291465}" = TubeBox "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center "{BC99E569-2C69-42EC-8422-77BAAF46F1B7}_is1" = Tag - v1.1 "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C51AF995-1F7C-465F-A80B-EBBFE7969531}" = CCC Help Japanese "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CAE6AB4A-5141-456A-8EC6-D4DF64E24A5C}" = MAGIX Speed burnR (MSI) "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E3281A-1D64-D7B4-9574-70E58CA258D5}" = Catalyst Control Center "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3C6C49E-1450-7F9B-1457-B167B8FEB842}" = CCC Help German "{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27) "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "BitTorrent" = BitTorrent "Cheatbook Database 2012" = Cheatbook Database 2012 "CloneDVD2" = CloneDVD2 "Dxtory2.0_is1" = Dxtory version 2.0.114 "ESET Online Scanner" = ESET Online Scanner v3 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FormatFactory" = FormatFactory 2.95 "Free Download Manager_is1" = Free Download Manager 3.9 "Game Booster_is1" = Game Booster 3 "Garry's Mod Manager 8.10.0000" = Garry's Mod Manager "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "LAME_is1" = LAME v3.99.3 (for Windows) "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX_{CAE6AB4A-5141-456A-8EC6-D4DF64E24A5C}" = MAGIX Speed burnR (MSI) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MTA:SA 1.3" = MTA:SA v1.3 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "PunkBusterSvc" = PunkBuster Services "SA-MP Colorpicker" = SA-MP Colorpicker 1.1.0 "Steam App 206500" = AirMech "Steam App 33230" = Assassin's Creed II "Steam App 4000" = Garry's Mod "Steam App 630" = Alien Swarm "TeamViewer 7" = TeamViewer 7 "TraXEx_is1" = TraXEx 4.0 "TubeBox 3.5.0.0" = Freemium TubeBox "VirtualCloneDrive" = VirtualCloneDrive "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "d8be6c3f847d7d92" = Ghost Recon Online "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.06.2012 17:00:00 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 20.06.2012 05:35:17 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 19.06.2012 16:59:10 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SAVRKBootTasks Error - 19.06.2012 16:59:41 | Computer Name = Tobi-PC | Source = DCOM | ID = 10016 Description = Error - 20.06.2012 05:34:30 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SAVRKBootTasks Error - 20.06.2012 05:34:47 | Computer Name = Tobi-PC | Source = DCOM | ID = 10016 Description = Error - 20.06.2012 06:32:10 | Computer Name = Tobi-PC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > [/code] Ich lasse jetzt gleich noch Malwarebytes laufen, ESET folgt dann auch noch, wenn ihr es noch braucht... Ok Leute, da es ja so aussieht, als würde mir hier eh keiner mehr helfen... Könnt ihr das Ding von mir aus zumachen! Ich werde jetzt den PC neuinstallieren, damit hat sich der Virus dann erledigt... Geändert von marioparty96 (20.06.2012 um 11:45 Uhr) |
24.06.2012, 17:15 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?Zitat:
http://www.trojaner-board.de/117136-...chten-tun.html
__________________ |
25.06.2012, 06:56 | #3 |
| TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg? Danke, ist schon passiert... Jetzt ist wenigstens auch der ganze Müll von dem PC, der vorher drauf war!
__________________ |
25.06.2012, 07:51 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg? Achja, ganz unten in deinem Posting steht es ja Ich hab irgendwie die Angewohnheit Fließtext unter den Logs nicht mehr richtig zu beachten
__________________ Logfiles bitte immer in CODE-Tags posten |
25.06.2012, 16:13 | #5 |
| TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg? Macht doch nix... |
Themen zu TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg? |
7-zip, alternate, audacity, avira, call of duty, clean, computer, direkt, eset, firefox 13.0.1, free download, gelöscht, grand theft auto, ib updater, install.exe, installation, kaspersky, komplett, langs, limited.com/facebook, log, löschen, malwarebytes, microsoft office starter 2010, msvcrt, nicht löschen, officejet, online, plug-in, problem, programme, sache, sachen, safer networking, scan, searchscopes, spotify web helper, systemwiederherstellung, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, trojaner, usb 3.0, verschwunden, version=1.0, virus, zusammen |