| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2012, 10:44
| #1 |
| |  Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) Hallo, ich habe gestern diesen Polizeivirus von der "österreichischen Bundespolizei" bekommen und kann überhaupt nichts machen, bis aufs Herunterfahren. Den Laptop (ASUS, Windows 7 64-Bit Version) habe ich im abgesicherten Modus gestartet und mit dem Avira Echtzeit-Scanner mein System geprüft. 6 Viren bzw. unerwünschte Programme wurden gefunden. Ich habe sie gelöscht, ohne sie in die Quarantäne zu verschieben. Ich habe auch den Report gespeichert. Falls Ihr ihn braucht, bitte sagen! Danach habe ich mit CCleaner die temporären Dateien, Internetverläufe, Cookies, Internet-Cache usw. gesäubert (Standard-Einstellungen halt), den Registry Cleaner angewendet und die Fehler in der Registry behoben. Aber das alles hat nicht geholfen. Wenn ich das Notebook normal starte, kommt der Trojaner wieder. Heute habe ich defogger und OTL benutzt wie Forum beschrieben. Übrigens sitze ich gerade auf dem Familien-PC.  Hier der OTL-Log: Code:
ATTFilter OTL logfile created on: 19.07.2012 11:03:32 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\slydaniel1\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 74,58% Memory free 3,71 Gb Paging File | 3,27 Gb Available in Paging File | 88,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 8,64 Gb Free Space | 14,77% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 93,71 Gb Free Space | 95,96% Space Free | Partition Type: NTFS Drive E: | 141,84 Gb Total Space | 77,23 Gb Free Space | 54,45% Space Free | Partition Type: NTFS Computer Name: DANIEL-LAPTOP | User Name: slydaniel1 | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.19 09:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\slydaniel1\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.06.22 12:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.03 12:50:20 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.07.03 12:50:05 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 18:05:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 18:05:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.30 12:32:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.03.31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.10 18:05:19 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.10 18:05:19 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.19 22:33:57 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.07.21 07:33:50 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.02 10:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.25 05:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.01.18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.20 04:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.08.18 10:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.18 13:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=48a69880-023b-11e1-bbff-20cf30d186bb&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 97 C4 19 1B B8 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=48a69880-023b-11e1-bbff-20cf30d186bb&q={searchTerms} IE - HKCU\..\SearchScopes\{31874987-5C4C-4BB1-B0EA-7A47FA77FB3F}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\slydaniel1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 12:32:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 12:36:52 | 000,000,000 | ---D | M] [2011.01.19 22:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Extensions [2012.07.03 12:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Firefox\Profiles\9xha6cvn.default\extensions [2012.01.17 21:11:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Firefox\Profiles\9xha6cvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.24 18:13:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Firefox\Profiles\9xha6cvn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.03 12:18:40 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Firefox\Profiles\9xha6cvn.default\extensions\battlefieldheroespatcher@ea.com [2011.12.24 00:02:46 | 000,000,000 | ---D | M] ("GreenWebPlayer") -- C:\Users\slydaniel1\AppData\Roaming\mozilla\Firefox\Profiles\9xha6cvn.default\extensions\greenwebplayer@greentube.com [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\Mozilla\Firefox\Profiles\9xha6cvn.default\searchplugins\startsear.xml [2012.05.06 09:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.05.30 17:20:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.05.06 09:35:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.04.30 12:32:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.30 18:50:05 | 000,000,181 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 74.53.201.162 O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org O1 - Hosts: 127.0.0.1 188.165.234.50 O1 - Hosts: 127.0.0.1 209.160.22.33 O1 - Hosts: 127.0.0.1 38.117.98.208 O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [] C:\Users\slydaniel1\AppData\Local\Temp\rgnygtgcuex.exe (Belkin) O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov) O4 - HKCU..\Run: [Nonoh] C:\Program Files (x86)\Nonoh.net\Nonoh\Nonoh.exe (Nonoh) O4 - HKCU..\Run: [Userinit] C:\Users\slydaniel1\AppData\Roaming\appconf32.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\slydaniel1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\slydaniel1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlayerScore.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\slydaniel1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\slydaniel1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (SopCore Control) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.244.127.161 130.244.127.169 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE136FA-E219-49E4-9B6C-8379492A6178}: DhcpNameServer = 130.244.127.161 130.244.127.169 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{21a2ca55-2405-11e0-95e7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{21a2ca55-2405-11e0-95e7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstAll.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 10:15:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\slydaniel1\Desktop\OTL.exe [2012.07.14 10:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.14 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.08 15:10:25 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Local\{F69AA018-DA4C-46E9-B396-8B71048D8542} [2012.07.08 15:10:07 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Local\{4240ED59-9226-445A-8EC7-2209E0DE0B1D} [2012.07.07 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Local\{0AF25575-13AC-428F-89B3-C3F786530A34} [2012.07.04 12:52:26 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Local\PunkBuster [2012.07.03 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\Documents\Battlefield Heroes [2012.07.01 09:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.01 09:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.06.22 08:35:22 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.22 08:20:21 | 000,000,000 | ---D | C] -- C:\Users\slydaniel1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VALVe [2012.06.22 08:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VALVe [2008.08.11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Users\slydaniel1\AppData\Roaming\*.tmp files -> C:\Users\slydaniel1\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 10:55:57 | 000,000,000 | ---- | M] () -- C:\Users\slydaniel1\defogger_reenable [2012.07.19 10:16:27 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.19 10:16:27 | 000,763,254 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.19 10:16:27 | 000,718,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.19 10:16:27 | 000,173,608 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.19 10:16:27 | 000,146,554 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.19 09:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\slydaniel1\Desktop\OTL.exe [2012.07.19 09:47:48 | 000,050,477 | ---- | M] () -- C:\Users\slydaniel1\Desktop\Defogger.exe [2012.07.19 09:36:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.19 09:36:23 | 1494,663,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.19 08:59:34 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 08:59:34 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 08:58:38 | 000,000,034 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\blckdom.res [2012.07.19 08:57:04 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.18 13:57:14 | 000,006,400 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe171.dll [2012.07.18 13:57:13 | 000,214,720 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe171.dll [2012.07.18 11:43:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 14:36:11 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for slydaniel1.job [2012.07.03 17:32:50 | 000,000,083 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\urhtps.dat [2012.07.03 12:50:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.03 12:50:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.03 12:50:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.20 07:52:15 | 000,001,864 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [1 C:\Users\slydaniel1\AppData\Roaming\*.tmp files -> C:\Users\slydaniel1\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 10:55:57 | 000,000,000 | ---- | C] () -- C:\Users\slydaniel1\defogger_reenable [2012.07.19 10:15:54 | 000,050,477 | ---- | C] () -- C:\Users\slydaniel1\Desktop\Defogger.exe [2012.07.18 13:57:14 | 000,006,400 | ---- | C] () -- C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe171.dll [2012.07.18 13:57:13 | 000,214,720 | ---- | C] () -- C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe171.dll [2012.07.03 12:50:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.03 12:50:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.03 12:50:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.16 13:54:09 | 000,000,083 | ---- | C] () -- C:\Users\slydaniel1\AppData\Roaming\urhtps.dat [2012.05.24 18:28:19 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.05.06 09:37:40 | 000,000,049 | ---- | C] () -- C:\Users\slydaniel1\jagex_cl_runescape_LIVE.dat [2012.05.06 09:37:40 | 000,000,024 | ---- | C] () -- C:\Users\slydaniel1\random.dat [2012.01.25 19:28:54 | 000,003,848 | ---- | C] () -- C:\Windows\scad3.INI [2011.10.17 21:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI [2011.08.25 22:09:56 | 000,000,036 | ---- | C] () -- C:\Users\slydaniel1\uidsave.dat [2011.06.19 15:21:38 | 000,000,000 | ---- | C] () -- C:\Users\slydaniel1\jagex_runescape_preferences.dat [2011.05.03 15:53:02 | 001,777,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.01.24 17:28:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.01.22 17:06:02 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.01.19 23:39:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.19 22:49:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.01.19 22:26:24 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.08.30 18:50:04 | 000,000,000 | ---- | C] () -- C:\Users\slydaniel1\AppData\Roaming\chrtmp [2010.08.30 17:34:21 | 000,000,034 | ---- | C] () -- C:\Users\slydaniel1\AppData\Roaming\blckdom.res [2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2009.04.08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.12.09 17:23:13 | 000,048,880 | RHS- | C] () -- C:\Users\slydaniel1\AppData\Roaming\appconf32.exe [2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006.03.12 02:36:31 | 000,052,817 | -H-- | C] () -- C:\Users\slydaniel1\AppData\Roaming\slydaniel1log.dat ========== LOP Check ========== [2012.07.13 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\.minecraft [2011.04.01 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\CadSoft [2012.07.14 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\DAEMON Tools Lite [2012.01.17 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\DVDVideoSoft [2011.09.30 15:17:57 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.31 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\go [2011.03.12 18:03:17 | 000,000,000 | RHSD | M] -- C:\Users\slydaniel1\AppData\Roaming\install [2012.01.21 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\IObit [2012.06.16 11:35:32 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\kock [2011.02.26 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\minecraft [2012.05.26 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\Nonoh [2011.10.03 19:03:11 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\OpenOffice.org [2011.11.08 21:15:18 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\pdfforge [2011.10.29 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\pymclevel [2012.03.31 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\Rovio [2012.07.14 10:13:31 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\TS3Client [2011.11.04 11:38:52 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\ts3overlay [2012.07.03 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\UAs [2012.01.19 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\Unity [2012.07.19 08:59:27 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\uTorrent [2011.09.29 19:27:19 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\VDownloader [2011.06.01 18:31:23 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\Windows Live Writer [2012.07.03 12:06:51 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\xmldm [2012.01.26 17:12:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.07.2012 11:03:32 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\slydaniel1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 74,58% Memory free
3,71 Gb Paging File | 3,27 Gb Available in Paging File | 88,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 8,64 Gb Free Space | 14,77% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 93,71 Gb Free Space | 95,96% Space Free | Partition Type: NTFS
Drive E: | 141,84 Gb Total Space | 77,23 Gb Free Space | 54,45% Space Free | Partition Type: NTFS
Computer Name: DANIEL-LAPTOP | User Name: slydaniel1 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AEB7EB3-0431-44B0-BD3B-CC896F9A9A70}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{0C47994F-84D5-4FD4-998A-D5A6A36A03F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{13D7E466-FB20-4F8F-B76D-3009D9AA6429}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1719111A-FEA3-43AE-8E92-505A05BE9B94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DEFB63A-4A65-4CD9-8551-76DAEC7410BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2571C705-FDBA-4E77-AE68-356778FFAEF5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{591916E7-063C-4F9D-9167-B0C2294B24DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7AE7804B-3364-412F-B1DE-EEA3F70FD114}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80D52F53-6B5A-4A9B-B6D3-2A4BFC7C104F}" = lport=138 | protocol=17 | dir=in | app=system |
"{8573EA5D-5FDD-4653-AB38-BC56464606E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8B0A7448-BFCD-4742-BB94-64CCA6A3640A}" = rport=445 | protocol=6 | dir=out | app=system |
"{8BA09748-8567-4848-A586-A041ACCF4585}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{981F7D9B-4E86-49E5-A7A0-3A2852766332}" = lport=139 | protocol=6 | dir=in | app=system |
"{ABCFD9FC-C5B9-4FDA-936E-84390DC6A30B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AD7AB43C-2724-4A1B-93F6-64031E27AB67}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B489C6DB-2BCC-4501-A215-17928A1AFAB5}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{BA97D53A-973F-41B5-BA5A-5D4B5312A7DC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4A1D9DE-DDAC-48DC-9C89-88349E3EA5E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6D583E9-CF64-4F11-90C9-E1D13429C599}" = rport=137 | protocol=17 | dir=out | app=system |
"{E78F2FE2-7E75-4BCE-9789-6DEB5A5A4FCA}" = rport=138 | protocol=17 | dir=out | app=system |
"{E79DA4C0-6D54-429B-A1A2-31C671C1EC65}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E903AAA5-A2CA-4041-89D6-31163B22CA87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E98F4756-7364-49D7-8E25-8E1E53856804}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED5AA536-A126-4F30-9677-02C81861DE59}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F70534EA-BFEE-40CF-8068-362CDBEEA089}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C58753-E0C6-41ED-AFB8-E459D53512C9}" = protocol=6 | dir=out | app=system |
"{0B6F7EEC-9ACD-4B11-9E37-C3D1B9FCCA55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D8892B8-AC1A-435B-A80E-5037C6D8B6E8}" = protocol=17 | dir=in | app=e:\shaun white snowboarding\shaunwhitesnowboardinggame.exe |
"{0E407E19-A142-4131-B80D-20FC96A3962F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0F539973-E23F-4177-B1EE-60EEED2DF0ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{111B0FC6-F299-4296-810B-4396370A4E2C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{185FB703-0236-4C0C-BDC1-D48F9F8F5DBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E6D4183-B1E6-4B36-A309-302DB36B1569}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23826CBF-9E3F-4F0B-AAD2-CEA05E1FA80E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23BBAB48-6BAC-4E7D-BF3C-4DDC0528B29D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FBA6B58-D0CC-4EE9-BEBF-7C6FFD365100}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{4CB95792-2558-4E9A-A80D-39BA97750F55}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{4DAF3D54-B8C7-43C6-B0AC-3FD69E602CB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DC7C7AD-F8DA-4CA5-9016-84A5A4D6960B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{50C127DF-F010-4831-AE45-7E63B1BB78E2}" = protocol=6 | dir=in | app=e:\shaun white snowboarding\shaunwhitesnowboardinggame.exe |
"{5153452E-FC4D-4726-9714-891C0C963BDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BCC8AB5-B845-4E0E-8039-83E09D485DFE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5DBBE65E-4C08-46E9-B36D-6899E5BC9446}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60EEFC88-2E45-45CA-8EE4-C8DABE19120B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{706F2409-5DEC-441C-9925-C431BAE68366}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{723484D0-E7B5-496A-8AE7-7600426B1829}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7B44EB92-6EEC-452F-B267-438E0C04EF09}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8327CDA2-C689-4FD7-9417-F24A9C70BCAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A1F4759-2938-4BD0-89E5-9BAED34808EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{966A817D-B5F8-4AB7-AC15-6621DD143D0D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9B100E20-DAA4-4F3B-A1C2-B2298C012D89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A023B53D-187E-47E9-8582-2D4549DF3271}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0850846-1082-446B-857E-F1014AB36D91}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B0D760D3-6524-40EB-939E-6EEE943E57BC}" = protocol=17 | dir=in | app=e:\shaun white snowboarding\shaunwhitesnowboarding.exe |
"{B3DAF136-35A8-46BE-A1D6-1D41095EADDE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B40520C0-8C1E-4AF5-AAB4-E1795C9FD1E8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{BC83C792-954F-496D-B764-6E139F033B1D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C3CF326D-9B72-448B-AAAE-B79FDB485716}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CF4944B8-BA8A-4A39-8426-858D8A30C41E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D3383133-F967-47CB-B157-D0193FB31CFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC0229AD-7D96-463F-B269-91030C758B96}" = protocol=6 | dir=in | app=e:\shaun white snowboarding\shaunwhitesnowboarding.exe |
"{DE499B00-8523-4C67-98B3-3D856FA5B688}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E99F8BA2-6BE3-4B52-8E44-A8E36A9314B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9AA5899-F868-4EE4-AE92-46651BA94097}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{EC0E895D-C5DF-46DF-A232-A02C1611AE2C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EE0807C6-12AF-4E74-86DD-0A211D1EF22B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F8293B43-6526-406B-9299-8167D7CE2A7A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F9EA4308-A0AF-4C48-BD88-6AF2CB29EC31}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{003D1048-6D6D-4C0E-AA1E-1FC104D51713}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{040AD76B-68D1-4454-A273-E973B4542705}C:\program files (x86)\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopvod.exe |
"TCP Query User{062D653D-D062-4DFC-8EC7-0F7131CE6BFE}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"TCP Query User{54938947-7636-472D-B1E6-FA2AA61C2FCD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{55E1859E-CED8-457C-AC78-E49D0BDEDCEB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{7436E70A-3C5C-4E18-9612-7574E39E132E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8CA26B1D-CE9F-4E51-B06C-8BCAC9041EB0}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{A9E36E11-921B-497D-96A8-C28908F8AFC1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{B3E8C379-AEEE-411B-B72A-34B0CCAB21CB}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"TCP Query User{B7B1CC7D-DECE-49CD-9914-FCB849A8B9A7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{E37AAE6F-DB17-4BF3-97EA-00096F3190E5}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"TCP Query User{EC1BF36B-C037-4121-82FD-B23B73CBEAE7}E:\counterstrike\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=e:\counterstrike\counter-strike source\hl2.exe |
"TCP Query User{F7ABF12B-6B90-4433-8481-81CBF9A0678F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{140FA4C9-E7A5-48C9-88E4-EA5A9C21DBDA}C:\program files (x86)\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopvod.exe |
"UDP Query User{29DA1B9A-0122-4584-8952-8A5A9CA6570C}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{36FF4401-B599-4F99-91FA-A012A058CFF4}E:\counterstrike\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=e:\counterstrike\counter-strike source\hl2.exe |
"UDP Query User{639AF26E-9872-4A68-8CEB-8237586E18B7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{76374AA8-A40D-4941-AA28-11807B59A475}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"UDP Query User{77289A48-D75F-467F-BCC0-18CF79D13A12}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"UDP Query User{7A68BD29-9821-4511-87C5-273FB2596C65}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9921241F-1A0F-42CB-A56E-7716C944F4A0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{A549AA81-5031-48EF-BF7C-4E33774F4CD4}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"UDP Query User{D4A0BFBC-36E9-4FA6-99AF-1FDD851AD134}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E283E4BF-203A-4CF0-904B-61B17FFC4E64}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F6437217-5022-456C-9AE1-27F6E5852A8F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{F70ABEDE-AA69-493E-AC9A-D5706F2959AC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}" = ShaunWhiteSnowboarding
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40044440-4ED4-4792-8417-5EE6374F001C}" = Angry Birds Space
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"ArtMoney SE_is1" = ArtMoney SE v7.34
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clownfish" = Clownfish for Skype
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"EAGLE 6.1.0" = EAGLE 6.1.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Game Booster_is1" = Game Booster 3
"JDownloader" = JDownloader
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"LogMeIn Hamachi" = LogMeIn Hamachi
"LTspice IV" = LTspice IV
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nonoh_is1" = Nonoh
"NSS" = Norton Security Scan
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"SopCast" = SopCast 2.0.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2012 02:57:44 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 9000
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 7040
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 9002
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 3029
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 3029
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 3028
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 3058
Description =
Error - 19.07.2012 02:57:46 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 7010
Description =
Error - 19.07.2012 02:57:47 | Computer Name = Daniel-Laptop | Source = Windows Search Service | ID = 7042
Description =
Error - 19.07.2012 03:54:51 | Computer Name = Daniel-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: speed.exe, Version: 0.0.0.0, Zeitstempel:
0x438e4c8c Name des fehlerhaften Moduls: speed.exe, Version: 0.0.0.0, Zeitstempel:
0x438e4c8c Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e6d5f ID des fehlerhaften Prozesses:
0x6c Startzeit der fehlerhaften Anwendung: 0x01cd6583bd3dc413 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\speed.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\speed.exe
Berichtskennung:
04b4d7f4-d177-11e1-b692-a40a9db2f3d0
[ System Events ]
Error - 19.07.2012 03:43:16 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 03:43:16 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 03:43:16 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 03:50:58 | Computer Name = Daniel-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.07.2012 03:50:58 | Computer Name = Daniel-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.07.2012 03:50:58 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 04:10:51 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 04:15:41 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 04:16:00 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 04:28:06 | Computer Name = Daniel-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
LG slydaniel1 |
|
19.07.2012, 11:58
| #2 |
| /// Malware-holic   | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) in der registry wird bitte nie wieder was gelöscht, dass kann dem system schaden!
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Userinit] C:\Users\slydaniel1\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\Run: [] C:\Users\slydaniel1\AppData\Local\Temp\rgnygtgcuex.exe (Belkin)
[2012.07.18 13:57:14 | 000,006,400 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe171.dll
[2012.07.18 13:57:13 | 000,214,720 | ---- | M] () -- C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe171.dll
[2012.06.16 11:35:32 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\kock
[2011.10.29 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\pymclevel
[2012.03.31 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\Rovio
[2012.07.03 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\UAs
[2012.07.03 12:06:51 | 000,000,000 | ---D | M] -- C:\Users\slydaniel1\AppData\Roaming\xmldm
:Files
C:\Users\slydaniel1\AppData\Roaming\appconf32.exe
C:\Users\slydaniel1\AppData\Local\Temp\rgnygtgcuex.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
danach, avira scan bericht posten, den du bereits erstellt hast.
__________________ |
|
19.07.2012, 12:46
| #3 |
| | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) Hallo markusg,
__________________Schon mal danke für die Antwort. Das mit der Registry werde ich mir ab jetzt merken. Also das hier stand im Textdokument nach dem Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
C:\Users\slydaniel1\AppData\Roaming\appconf32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\slydaniel1\AppData\Local\Temp\rgnygtgcuex.exe moved successfully.
C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe171.dll moved successfully.
C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe171.dll moved successfully.
C:\Users\slydaniel1\AppData\Roaming\kock folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\pymclevel\ServerJarStorage folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\pymclevel folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\Rovio\Angry Birds Space\updates\Update folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\Rovio\Angry Birds Space\updates folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\Rovio\Angry Birds Space folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\Rovio\Angry Birds folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\Rovio folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\UAs folder moved successfully.
C:\Users\slydaniel1\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: slydaniel1
->Flash cache emptied: 508 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: slydaniel1
->Temp folder emptied: 4279388 bytes
->Temporary Internet Files folder emptied: 2716184 bytes
->Java cache emptied: 13072027 bytes
->FireFox cache emptied: 55022352 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2224748 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 74,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_131944
Files\Folders moved on Reboot...
C:\Users\slydaniel1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\slydaniel1\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Avira Scan-Bericht von gestern: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 18. Juli 2012 12:27
Es wird nach 3896493 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus
Benutzername : slydaniel1
Computername : DANIEL-LAPTOP
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 10.05.2012 16:05:12
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 16:05:12
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 16:05:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 16:05:19
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 16:05:19
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:19:57
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 16:33:56
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 11:30:29
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:24:32
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:24:32
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:24:32
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:24:33
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:24:33
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:24:33
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:24:33
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:24:33
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:24:33
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 08:34:22
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 08:34:36
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 08:34:48
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 12:13:51
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 12:22:56
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 07:23:26
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 08:09:41
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 08:09:53
VBASE022.VDF : 7.11.36.148 2048 Bytes 17.07.2012 08:09:53
VBASE023.VDF : 7.11.36.149 2048 Bytes 17.07.2012 08:09:53
VBASE024.VDF : 7.11.36.150 2048 Bytes 17.07.2012 08:09:53
VBASE025.VDF : 7.11.36.151 2048 Bytes 17.07.2012 08:09:53
VBASE026.VDF : 7.11.36.152 2048 Bytes 17.07.2012 08:09:54
VBASE027.VDF : 7.11.36.153 2048 Bytes 17.07.2012 08:09:54
VBASE028.VDF : 7.11.36.154 2048 Bytes 17.07.2012 08:09:54
VBASE029.VDF : 7.11.36.155 2048 Bytes 17.07.2012 08:09:54
VBASE030.VDF : 7.11.36.156 2048 Bytes 17.07.2012 08:09:54
VBASE031.VDF : 7.11.36.174 28160 Bytes 18.07.2012 08:09:54
Engineversion : 8.2.10.114
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 12:13:53
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 06.07.2012 08:34:46
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 15:20:19
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 13:55:31
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.3.0.14 807287 Bytes 15.07.2012 07:23:30
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 28.06.2012 13:24:25
AEHEUR.DLL : 8.1.4.72 5038455 Bytes 15.07.2012 07:23:30
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 13:24:23
AEGEN.DLL : 8.1.5.32 434548 Bytes 07.07.2012 08:34:50
AEEXP.DLL : 8.1.0.62 86389 Bytes 11.07.2012 12:22:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 12:13:53
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 12:13:52
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 16:05:10
AVPREF.DLL : 12.3.0.15 51920 Bytes 10.05.2012 16:05:12
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 16:05:19
AVARKT.DLL : 12.3.0.15 211408 Bytes 10.05.2012 16:05:11
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 16:05:12
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 16:05:19
AVSMTP.DLL : 12.3.0.15 63440 Bytes 10.05.2012 16:05:13
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 16:05:18
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 10.05.2012 16:05:10
RCTEXT.DLL : 12.3.0.15 98512 Bytes 10.05.2012 16:05:10
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 18. Juli 2012 12:27
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '134' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2638' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\OpenOffice.org 3\Basis\presets\config\standard.sob
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\slydaniel1\AppData\Local\Temp\jar_cache46634245473688496.tmp
[0] Archivtyp: ZIP
--> pv.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
C:\Users\slydaniel1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1d25b0c4-5b20b43e
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452
C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe169.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Farko.mm
C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe149.dll
[FUND] Ist das Trojanische Pferd TR/Agent.7224.1
C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe167.dll
[FUND] Enthält Erkennungsmuster des Rootkits RKIT/Agent.deoh
C:\Users\slydaniel1\AppData\Roaming\OpenOffice.org\3\user\config\standard.sob
[WARNUNG] Die komprimierten Daten sind fehlerhaft
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\'
E:\CounterStrike\Counter-Strike Source\cstrike\cache\zm_runbrun_v1.bsp.bz20000
[WARNUNG] Unerwartetes Dateiende erreicht
E:\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\Razor1911\The_Sims_3_Keygen.exe
[FUND] Ist das Trojanische Pferd TR/Agent.436733
Beginne mit der Desinfektion:
E:\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\Razor1911\The_Sims_3_Keygen.exe
[FUND] Ist das Trojanische Pferd TR/Agent.436733
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe167.dll
[FUND] Enthält Erkennungsmuster des Rootkits RKIT/Agent.deoh
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\slydaniel1\AppData\Roaming\BAcroIEHelpe149.dll
[FUND] Ist das Trojanische Pferd TR/Agent.7224.1
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\slydaniel1\AppData\Roaming\AcroIEHelpe169.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Farko.mm
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\slydaniel1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1d25b0c4-5b20b43e
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\slydaniel1\AppData\Local\Temp\jar_cache46634245473688496.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Mittwoch, 18. Juli 2012 13:50
Benötigte Zeit: 1:17:37 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
42866 Verzeichnisse wurden überprüft
593671 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
6 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
593665 Dateien ohne Befall
4037 Archive wurden durchsucht
4 Warnungen
6 Hinweise
|
|
19.07.2012, 14:14
| #4 |
| /// Malware-holic | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) hi lad das mal bei File-Upload.net - Ihr kostenloser File Hoster! hoch und sende mir den link als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.07.2012, 16:29
| #5 |
| /// Malware-holic | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) hi danke nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.07.2012, 16:40
| #6 |
| | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) Nein, zum Einkaufen und Bezahlen nicht. Eigentlich nur zum Internet surfen und für Skype benutzen ihn meine Eltern. Aber hier sind schon ein paar Dokumente und wichtige Sachen drauf! |
|
19.07.2012, 23:34
| #7 |
| /// Malware-holic | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) dann mach ihn einmal komplett neu. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.07.2012, 20:47
| #8 |
| | Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) Vielen Dank für deine Hilfe, aber das Problem hat sich schon erledigt. |
|
| Themen zu Polizeivirus Criminal Intelligence Service Einheit 5.2 (Österreich) |
| 7-zip, antivir, audacity, autorun, avira, bho, bonjour, converter, echtzeit-scanner, error, fehler, firefox, flash player, format, gfnexsrv.exe, google earth, iexplore.exe, jdownloader, langs, logfile, mozilla, mp3, plug-in, registry, registry cleaner, rundll, searchscopes, security, server, software, super, system, teamspeak, trojaner, viren, visual studio, windows, windows 7 64-bit |
Linear-Darstellung
