| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 mit GVU-Trojaner 2.07 infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.07.2012, 05:50
| #1 |
| |  Win7 mit GVU-Trojaner 2.07 infiziert Guten Tag. Vor ein paar Stunden erschien plötzlich dieser Bildschirm: https://www.bsi-fuer-buerger.de/SharedDocs/Bilder/DE/BSIFB/Schadprogramme/GVU-BSI-Trojaner-Webcam.jpg?__blob=poster&v=3 Wenn ich nicht irre, handelt es sich dabei um den GVU-Trojaner Version 2.07. Durch einen Druck auf den On/Off-Knopf meines PC (sicher nicht die eleganteste Lösung  ) und anschließendem Abbruch des Herunterfahrens ließ sich das Fenster schließen und der PC wieder voll nutzen. Ich habe ihn seitdem nicht heruntergefahren, da andere User über Komplikationen beim Hochfahren infolge des Virus berichten. Jedenfalls habe ich mit anschließend ähnliche Threads durchgelesen und infolge dessen bereits mit Malwarebytes Anti-Malware einen Scan durchgeführt mit diesem Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.15 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 20.07.2012 02:24:35 mbam-log-2012-07-20 (02-24-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 602905 Laufzeit: 2 Stunde(n), 30 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 20.07.2012 05:10:57 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Yannik\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free 6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software) PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Mumble\murmur.exe (Thorvald Natvig) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Wippien\Wippien.exe () PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Programme\Steam\bin\libcef.dll () MOD - C:\Programme\Steam\bin\chromehtml.dll () MOD - C:\Programme\Steam\bin\avutil-51.dll () MOD - C:\Programme\Steam\bin\avformat-53.dll () MOD - C:\Programme\Steam\bin\avcodec-53.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Programme\Opera\gstreamer\gstreamer.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll () MOD - C:\Programme\Wippien\Wippien.exe () MOD - C:\Programme\Mumble\mumble_ol.dll () MOD - C:\Programme\Mumble\libprotobuf.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qtiff4.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qsvg4.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qmng4.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qico4.dll () MOD - C:\Programme\Mumble\QtPlugins\imageformats\qgif4.dll () MOD - C:\Programme\Mumble\QtGui4.dll () MOD - C:\Programme\Mumble\QtNetwork4.dll () MOD - C:\Programme\Mumble\QtSvg4.dll () MOD - C:\Programme\Mumble\QtSql4.dll () MOD - C:\Programme\Mumble\QtXml4.dll () MOD - C:\Programme\Mumble\QtCore4.dll () MOD - C:\Programme\Mumble\libmysql.dll () MOD - C:\Programme\Mumble\bzip2.dll () MOD - C:\Programme\Mumble\zlib1.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Wippien\Emoticon.dll () ========== Win32 Services (SafeList) ========== SRV - (gupdatem) Google Update-Dienst (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found SRV - (gupdate) Google Update-Dienst (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ononxabo) -- C:\Windows\System32\drivers\lmtguo.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (wod0205) -- C:\Windows\System32\drivers\wod0205.sys (WeOnlyDo Software) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (Spyder2) -- C:\Windows\System32\drivers\Spyder2.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 58 71 D6 06 66 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 11:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 14:57:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.09 23:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.30 17:11:36 | 000,000,000 | ---D | M] [2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9672DFD6-FCB2-45E2-926A-0AEAE31E9D0A}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF5641D-53E8-47DC-BA5B-D83B0EBF0C36}: NameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 05:07:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.20 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.20 02:23:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.20 02:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.20 02:22:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.20 01:57:41 | 000,000,000 | ---D | C] -- C:\Users\***Desktop\Trojanerverdacht [2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.07.19 00:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2012.07.17 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.07.16 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.07.12 14:56:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll [2012.07.12 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fox [2012.07.12 14:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive [2012.07.12 00:57:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 21:59:19 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 21:59:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 21:59:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.10 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.07.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.07.10 19:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.10 19:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\atitray [2012.07.10 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ray Adams [2012.07.10 17:27:36 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2012.07.10 15:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts [2012.06.28 16:57:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anno 1701 [2012.06.28 16:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701 [2012.06.28 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Anno 1701 [2012.06.23 01:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2012.06.22 16:38:58 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.22 16:38:58 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.22 16:38:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.22 16:38:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.22 16:38:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.22 16:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.22 16:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe ========== Files - Modified Within 30 Days ========== [2012.07.20 05:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.20 05:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.20 05:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.20 04:56:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lmtguo.sys [2012.07.20 03:04:55 | 000,460,800 | ---- | M] () -- C:\Users\Yannik\murmur.sqlite [2012.07.20 02:23:45 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 02:22:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.20 01:50:36 | 101,771,502 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.20 01:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 01:34:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad [2012.07.20 01:33:05 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat [2012.07.19 22:00:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 14:44:44 | 000,001,872 | ---- | M] () -- C:\Users\Yannik\Desktop\Crysis2.lnk [2012.07.19 13:20:07 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 23:37:40 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.18 23:37:40 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.18 23:37:40 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.18 23:37:40 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.17 18:16:36 | 000,360,258 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.07.16 21:30:41 | 000,004,158 | ---- | M] () -- C:\Users\Yannik\AppData\Roaming\wklnhst.dat [2012.07.12 19:15:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 19:15:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.12 14:59:15 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk [2012.07.12 12:26:10 | 000,365,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.10 17:31:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf [2012.07.10 16:28:29 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2012.07.09 22:08:19 | 000,008,421 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.07.06 12:24:05 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.28 17:04:25 | 000,083,872 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys [2012.06.28 17:04:25 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.06.23 13:08:08 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk ========== Files Created - No Company Name ========== [2012.07.20 04:56:04 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lmtguo.sys [2012.07.20 02:23:45 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 01:33:05 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat [2012.07.20 01:32:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012.07.19 14:44:44 | 000,001,872 | ---- | C] () -- C:\Users\***\Desktop\Crysis2.lnk [2012.07.16 21:42:11 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.07.16 21:42:11 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.07.16 21:42:11 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.07.12 14:59:15 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk [2012.07.10 17:31:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf [2012.07.09 22:08:19 | 000,008,421 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.07.02 14:48:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.28 16:41:35 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.06.28 16:41:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.06.23 13:08:08 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk [2012.06.11 18:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.06.11 18:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.04.06 23:55:25 | 000,055,026 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.22 22:24:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.08.22 22:20:41 | 000,038,251 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.08.20 12:15:55 | 000,460,800 | ---- | C] () -- C:\Users\***\murmur.sqlite [2011.08.17 19:04:56 | 000,004,158 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2011.08.16 19:44:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.14 14:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.02.15 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2012.06.23 15:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2012.01.30 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012 [2011.08.22 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.08.17 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2011.12.24 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.12.23 21:42:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.09 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Language [2012.02.25 00:22:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice [2011.11.29 22:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios [2012.04.21 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade [2011.09.01 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut [2012.07.20 03:04:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble [2011.08.14 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.03.08 22:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio [2011.10.08 22:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.08.14 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Yannik\AppData\Roaming\Wippien [2012.05.15 19:33:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.07.2012 05:10:57 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free
6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EFDFCE-4126-4D54-8CDC-E0A024CCF834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06588F67-DDAA-41E5-BD49-D0A22382302B}" = lport=137 | protocol=17 | dir=in | app=system |
"{06C40A16-8B5F-4974-80B8-BFB154E73CD1}" = lport=25565 | protocol=17 | dir=in | name=minecraft-server |
"{08BC5D9E-BC02-41C1-B9BB-2FA987CA7789}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B6449AF-00A6-49AD-96A7-B704CFDB3D6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15D72D08-0118-466B-8882-B321315FF167}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{16092EE6-7FBF-466B-A544-668884F832C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D3C475C-FBBB-49A3-BDCC-AE1197ACD573}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D74C054-95F9-4D72-9733-3C197438FD92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49C74D9D-A812-4FC6-A03A-20B0E384AFEE}" = rport=25565 | protocol=6 | dir=out | name=minecraft-server |
"{5D79BE25-A221-4602-8896-489BC659FDB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{603983BF-791A-4FE2-82B8-6032E10D21EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62F2EB9C-E2AF-495D-86C6-ABE16851B3A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{65FF989D-817E-45DE-B4D1-9928F106D4BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{7ACF4472-4831-491D-B846-701B21A8E7E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6746FF-4D44-46BE-91D5-C29512ECD563}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8474C6ED-A193-4012-868D-B27EC90417BF}" = rport=25565 | protocol=17 | dir=out | name=minecraft-server |
"{8637D394-0798-44FB-9F76-F0E1B330F574}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A3887A-4EC1-4475-8D5B-E08414E95106}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C60A011-CA58-462F-8D82-8E50B1ED118B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9250758B-11CE-4394-82B3-CDE9CE4C7AD0}" = lport=5222 | protocol=6 | dir=in | name=wippien selbst |
"{9405193F-C95C-4061-9063-F93B813ABFCD}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2674C04-4F3C-4D6F-A302-AF289495A62D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5F37681-A4A8-403B-B9C6-93DD2A34CE61}" = rport=139 | protocol=6 | dir=out | app=system |
"{A706C34E-0A78-4AF5-A520-B7E6B0F6D6DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE616FBD-2F11-4EAF-901E-E91301425753}" = lport=139 | protocol=6 | dir=in | app=system |
"{B74FEE57-71E1-4748-B2D2-A80A68E10879}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC0E89EC-265D-445B-B507-55F5E53D23F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7EBFCB7-63BF-4B8A-B4EB-517212118EA4}" = rport=5222 | protocol=6 | dir=out | name=wippien selbst |
"{DA9E3BC0-39F6-4E0D-B986-E92FA774E7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E162AC7D-721E-48EF-8FD7-6E607DD7735D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E240A71D-83CE-43CD-AE11-1544A08FFC07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E8029BD7-0F41-48D2-9DC8-19072378A945}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0FD6DF8-1D58-4600-8FE5-674ADB31C5E4}" = lport=25565 | protocol=6 | dir=in | name=minecraft-server |
"{F70AFF1E-EC40-47DA-8961-8D2FCFF07D12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F931B772-5974-4A5F-8802-CB44FA82CDF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBCD0F08-2E89-474C-8D5F-377629D7E5FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B9E27-4D2D-4B19-8657-9ADEC31E36F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{002E02CA-631F-4368-941F-EAE343BC772C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{020A575E-289E-470F-BDC9-22C0849E8A96}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{02EF9E50-8019-41D4-834C-AC6583C53725}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{063587AA-2EDA-4E0A-85A0-C42B4CD8C035}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{0F527516-E59D-418C-8382-67AD2DFEC37E}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{0FD0F9D8-6230-4635-8BD9-276BE8EE52F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe |
"{131AEC10-BBFC-4BCF-B191-5B3A31DAC01E}" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe |
"{1505488D-D6F7-435C-B061-74021E7E9C35}" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"{1AC164C8-B660-4DB4-A305-648CC0F31875}" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"{227598BF-3541-4084-8548-097210184D78}" = protocol=6 | dir=out | app=system |
"{23478101-C22B-490C-A52F-2C8C477C11E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{271FDB4B-181E-4BC7-92F9-3995C5B04374}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe |
"{2E657FBE-0684-410F-86D0-71507CF1DE3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3088F938-106D-49DC-92CB-F47CCB7B050E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{3209C544-5C58-40DD-8A99-63580255C83B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{32C520F2-CF58-475D-9000-EF6A6C3E4A6F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{386F6BF3-92A5-41D1-A24F-DB029261E107}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E18FEDC-7AF7-4252-9C41-8756988B6852}" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"{3EAA163D-7530-41D6-BD03-497D018840A0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{49C0E022-E1DA-4EFB-B53C-29372AEB77AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BC6B86D-42C9-4C79-813C-974C8DF3207B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{4EE82E30-F4EC-4DA4-BB8E-214404388985}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{5418A2BD-A771-4187-A5D6-5E96CFAFFB1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe |
"{55237E8C-AB70-445A-AB46-E0585B0A4ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55ABBA22-F042-4095-90EB-E0C1F06814E4}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{60DBE17F-27DD-489C-A22C-2DDC92FB2D71}" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"{6158C992-5484-46FC-B1A2-71130070773A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{6186AEAC-482E-4AA9-AA19-5A0906368DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{63CD194D-7FCC-490F-8D96-C85B4B7837C9}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe |
"{662A75A4-43A3-4DFA-83E4-908AE18D675C}" = dir=out | app=%programfiles%\wippien\wippien.exe |
"{67EB0788-C96C-49D9-8962-FC75363503E5}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{6CAC3767-AF30-4CE9-9B8F-BF56DCB7090C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6EBD1456-0B1B-4E23-86BC-3AB769025C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F767085-0520-4E6E-A478-3177020A5329}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{70D17436-5FAA-4CFB-A3B0-881A563DA85B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{71985D10-D06A-42E5-BE77-BEBC52FED508}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{757D01B2-1BF2-4C06-9022-FC0A6F1D2FB7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{769466F2-A163-44DD-A344-77800B20A777}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{77EC8367-F443-4C27-80B7-2D229965D905}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{78829DA7-A505-4912-B0CF-D2C6F0A47575}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{80592F22-7B5C-42E3-B460-D94D755FDE63}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{80D43123-CE81-4391-AFE1-8B162C2F183D}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe |
"{8820348A-F9CF-4799-83D2-F924415B1A00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8A459F79-2E7F-42EC-975A-4DE8743142C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8E48D6CF-1D3E-450B-A7F6-BE6FA3FB8993}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{915486CB-7140-4B87-88BF-A5B31F00EE65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{91F7F5A3-14DF-47FE-9351-504BB45E6924}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{92DE8AEE-6596-495E-B5FE-FA3B8C30E615}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96FF075F-48F4-4D9E-991D-9FB5325592D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9C0863AE-8E40-4A4E-838B-DDE3FE78F6A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{A07794D5-7FBE-4612-BF7D-0ABCBAEEC072}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A307150D-483D-4282-B360-9AA708C9D0F8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{A6317F27-12C2-4034-ACA0-30ED5E0DE290}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{A74D93B8-E787-442E-BF4E-9FADB47E185B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{A836BCCC-F000-4CF2-98C2-9CC7FF3DAB75}" = protocol=58 | dir=in | app=system |
"{AADE2F97-CCD9-4A74-90ED-972C772C44B5}" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"{AB145289-BCA2-4C4F-85A8-C09B92229F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACD754A1-F24D-4AD0-8BEB-CB6496C70811}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0BB929F-3AD0-44D6-AB4C-8CAE6B72CC3B}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B0FC9A48-8F4E-43F5-82ED-0732637B37BC}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{B4FBA645-B519-4560-A6CF-E8FEA9B2BF71}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{B5082D14-0FAF-470F-B882-C4E2AECC9CFA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B586263D-2A69-4726-8C27-91ACE49C74FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{B6422B6C-605C-4B8F-9921-FC3905E13DE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{B6965B70-334A-4EAD-AF36-721A09A99044}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe |
"{B78049D2-985E-4CC8-8CDD-9530A8AFB166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC1EBB1F-E292-4323-8D94-F266A0231A13}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{C1AA6DE7-ACDD-46A4-862C-B643D689D550}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A7AAF5-8622-4BA3-85FA-58E6B7361054}" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe |
"{C2C1DAEE-699D-412E-8AD3-A2399AB8EC7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{C35E8875-6F28-4514-A4D1-20C065FDEFB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA58CFC-2811-4CC8-9FFD-9E4218DF08F6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CDF9917B-BE40-4982-8E0E-5BCFCC24D70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAED0437-BA4B-4995-82BE-6DAB75F640F7}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{DCC4F26A-9FD1-4867-B9AD-CE0D97269A50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4663123-B20F-4A3D-8BAF-620DC3A02D7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EAEC6904-A966-43FB-B0B2-7CF10915D140}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{EC9C3F41-B38F-42E1-B69B-573D5927B502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECB8D84F-28E8-47A2-8EBD-2C58830BC1DA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{ED3EE91E-F43D-476C-8422-E41CFBFB962C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{ED79E357-3BE4-46C9-AC76-04B64EE430C9}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{EF64C3A3-B007-4985-963E-270D2ED8F730}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe |
"{F12BA258-C482-4C2A-9B00-76A14A188426}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F206ECD5-7916-44BB-9359-AFDA3FEC489E}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{F2ADC6FB-7E41-4104-9F00-AA12B9CA8D9F}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe |
"{F357CAA6-7D05-46ED-A874-D699EFD8BDD8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F3D50767-5668-4CA8-83C1-4C550D95F2B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F57AC9F4-BC83-4E01-944D-648BA6573B25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F77AA1E4-6619-475C-8F3B-568FE78FA0FB}" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"TCP Query User{13C55265-EB02-495D-9024-2940D35166B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{13D545FA-5B15-4DAA-A896-F95582006E2C}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe |
"TCP Query User{1CED553D-57E1-4DB4-ACBB-6FC0959C1F51}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=6 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe |
"TCP Query User{1EAB7AF3-EAAC-4200-A375-9FAB78BF82BA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{23CB68BD-4B97-49AF-B0F3-6FAFACD7B4DE}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{253224D6-3A78-477D-88E0-42984CDD5AC2}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{2C86AA98-F95B-46C6-860A-FE29A6F775C8}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"TCP Query User{339BDCD9-6D68-4B85-A34F-85DDBE188EAD}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"TCP Query User{4F0D0283-FF2C-45DA-805C-BA8AE5F2D013}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{5B2498E3-1EC2-4553-9585-B44FF2281716}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe |
"TCP Query User{5F84E32E-2918-460D-882A-5DDB80E25278}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"TCP Query User{657C2EB9-0546-42F3-B8A4-B1FEFDC4BF7F}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{73F1A104-BB6F-4701-BC9B-FEFE34D4E08E}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{77E41B7F-A857-49EA-B229-9C9856EAE016}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{B69B147A-F60E-43F3-8EF3-199AB188865D}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{BB8DB480-4019-4880-9406-55DCBF31B2D9}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{C91BE81E-B242-4100-86A8-E75FE610CCF6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E0A03DE5-D22B-4DE4-BBF7-EE57C17A64A0}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"TCP Query User{E80F3F3C-2D89-43F4-A9BB-DD79CA70E973}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{F3A9F56D-A95D-42A6-B8BE-8F374F9A77EA}C:\program files\mumble\murmur.exe" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe |
"UDP Query User{0CD65F73-D942-4721-906B-14740B50977C}C:\program files\mumble\murmur.exe" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe |
"UDP Query User{0DF0AF0C-C27E-491C-824C-01171618872B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1943FADF-EB29-42B4-80B9-AEBC0BD3DD89}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{19AC3C83-11A6-4CC0-A3A5-45FB0400408E}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{33C8677C-F191-4EE1-8E7E-52861A3DD4EE}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{375549FF-E21A-4D70-B6A1-AA8E1B89ABD9}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{44744833-E004-4000-8E13-066AEF974677}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{710D025D-8DE7-4C7B-915D-F6A6DC93F127}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe |
"UDP Query User{759F5B74-C73F-4CDA-A774-66B6CF0B549D}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"UDP Query User{980A06CC-D831-42A3-B408-FC21BDF200E6}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe |
"UDP Query User{99E80D50-576D-4777-B35B-B7FA9BED590E}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"UDP Query User{9B939DBF-4196-4A79-BC4F-47C416D7DC34}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"UDP Query User{BE1920B4-F0F8-4D2A-9120-8E13ACEFC9D2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C45B4504-10AC-4B9F-954C-846758E4F36F}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{CA1D29A4-FD9E-4932-95A9-BF8DC19F6163}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=17 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe |
"UDP Query User{CD0E6FD0-9743-4788-9290-35139F18D98D}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe |
"UDP Query User{D5A4C795-DD13-4B80-A2C4-C24D574AE5FC}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{EF56D555-942C-4221-BA7C-1302DCBB1453}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{F3179D5E-8083-4F9C-9A24-09BCC9C43E0A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F6C265BE-79B1-43EC-BFBA-781810A6E1E2}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04587046-E062-A70D-10C0-108318D5AD2C}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = HALO 2 FÜR WINDOWS VISTA
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{11A247C5-3741-06EA-37BE-F962C5D09DF1}" = HydraVision
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{155FE169-9143-4179-B68E-E7D74CD3F43C}" = ATI AVIVO Codecs
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F41998F-9307-C88C-FA64-A28FFF4B8800}" = ATI Problem Report Wizard
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B7C6F142-1136-EDB0-C1C4-1F28A6639768}" = AMD Drag and Drop Transcoding
"{BA12FD6D-169A-11D7-A6A9-00C026281E5A}" = Twin USB Vibration Gamepad
"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDFBE82A-62CF-ACD5-5BDC-A776229D694A}" = AMD Media Foundation Decoders
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{D69B5522-2170-962F-58E8-DDEFA6636DA9}" = AMD Accelerated Video Transcoding
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1" = Wippien 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"Blue Byte Game Channel" = Blue Byte Game Channel
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"Halo 2" = HALO 2 FÜR WINDOWS VISTA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"Pidgin" = Pidgin
"S4Uninst" = Die Siedler IV
"Steam App 102600" = Orcs Must Die!
"Steam App 105400" = Fable III
"Steam App 12810" = Overlord II
"Steam App 3700" = Sniper Elite
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73050" = Magicka - Demo
"Steam App 98300" = Toy Soldiers
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2012 07:57:25 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x560004c2 ID des fehlerhaften Prozesses:
0x13e4 Startzeit der fehlerhaften Anwendung: 0x01cd60ee9931caf6 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e8a5be44-cce1-11e1-bc81-001fc652aad5
Error - 13.07.2012 07:58:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: dwmapi.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bda07 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000003 ID des fehlerhaften Prozesses:
0xd8 Startzeit der fehlerhaften Anwendung: 0x01cd60eeb6a28a31 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\dwmapi.dll Berichtskennung: fe90917c-cce1-11e1-bc81-001fc652aad5
Error - 13.07.2012 07:58:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x458bff85 ID des fehlerhaften Prozesses:
0x58c Startzeit der fehlerhaften Anwendung: 0x01cd60eec6abb1ad Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 0f9ea9aa-cce2-11e1-bc81-001fc652aad5
Error - 14.07.2012 07:08:36 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xc25ec68b ID des fehlerhaften Prozesses:
0x1650 Startzeit der fehlerhaften Anwendung: 0x01cd61b0ea6229d7 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 41afcfb2-cda4-11e1-8085-001fc652aad5
Error - 14.07.2012 07:09:07 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x106cb0d8 ID des fehlerhaften Prozesses:
0x1680 Startzeit der fehlerhaften Anwendung: 0x01cd61b107e02fb4 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 53b60722-cda4-11e1-8085-001fc652aad5
Error - 14.07.2012 07:09:42 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
0x21544c46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06c7ffff ID des fehlerhaften Prozesses:
0xff8 Startzeit der fehlerhaften Anwendung: 0x01cd61b119eb4936 Pfad der fehlerhaften
Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 68b69dfc-cda4-11e1-8085-001fc652aad5
Error - 17.07.2012 12:11:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: MassEffect2.exe, Version:
1.2.1604.0, Zeitstempel: 0x4bd60ba2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x007cbceb
ID
des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cd641e04adae13
Pfad
der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
1d0bb0c2-d02a-11e1-b8a9-001fc652aad5
Error - 17.07.2012 14:15:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x172c Startzeit der fehlerhaften Anwendung: 0x01cd6438850422dc Pfad der
fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 5a008f0b-d03b-11e1-b8a9-001fc652aad5
Error - 17.07.2012 15:31:57 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0x01cd64486d7b86e6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 11feeae1-d046-11e1-b8a9-001fc652aad5
Error - 18.07.2012 17:29:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
Zeitstempel: 0x4bd60ba2 Name des fehlerhaften Moduls: MassEffect2.exe, Version:
1.2.1604.0, Zeitstempel: 0x4bd60ba2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00511eb0
ID
des fehlerhaften Prozesses: 0xb94 Startzeit der fehlerhaften Anwendung: 0x01cd6518db998d57
Pfad
der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
a4589bbe-d11f-11e1-ab36-001fc652aad5
[ System Events ]
Error - 13.07.2012 12:22:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 14.07.2012 05:43:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 14.07.2012 16:18:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 15.07.2012 05:44:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 16.07.2012 06:39:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 17.07.2012 05:46:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.07.2012 02:59:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.07.2012 14:13:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 19.07.2012 07:22:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 19.07.2012 16:32:07 | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
Ich danke bereits im Vorraus für die Hilfe und hoffe, dass ich soweit alles richtig gemacht habe. |
|
21.07.2012, 23:14
| #2 |
| /// Helfer-Team  | Win7 mit GVU-Trojaner 2.07 infiziert Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Programme\Wippien\Wippien.exe ()
SRV - (gupdatem) Google Update-Dienst (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) Google Update-Dienst (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
[2012.07.20 05:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 05:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 01:34:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.19 22:00:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 01:32:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.20 01:33:05 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat
[2012.07.02 14:48:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
21.07.2012, 23:41
| #3 |
| | Win7 mit GVU-Trojaner 2.07 infiziert Hier die Log-File:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
No active process named Wippien.exe was found!
Error: No service named gupdatem) Google Update-Dienst (gupdatem was found to stop!
Service\Driver key gupdatem) Google Update-Dienst (gupdatem not found.
File C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found not found.
Error: No service named gupdate) Google Update-Dienst (gupdate was found to stop!
Service\Driver key gupdate) Google Update-Dienst (gupdate not found.
File C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\ProgramData\pmt_0piot.pad not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\ProgramData\pmt_0piot.pad not found.
C:\Users\***\AppData\Local\dt.dat moved successfully.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 756 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 1748022 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: ***
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_003358
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
21.07.2012, 23:52
| #4 |
| /// Helfer-Team | Win7 mit GVU-Trojaner 2.07 infiziert Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
22.07.2012, 15:52
| #5 |
| | Win7 mit GVU-Trojaner 2.07 infiziert Entschuldigung, dass es etwas länger gedauert hat. Hier sind die beiden Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.21.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 22.07.2012 13:01:05 mbam-log-2012-07-22 (13-01-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 601419 Laufzeit: 2 Stunde(n), 19 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 16:45:43
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\DT Soft
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Opera v12.0.1467.0
File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [720 octets] - [22/07/2012 16:45:43]
########## EOF - C:\AdwCleaner[R1].txt - [847 octets] ##########
|
|
22.07.2012, 18:35
| #6 |
| /// Helfer-Team | Win7 mit GVU-Trojaner 2.07 infiziert Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Win7 mit GVU-Trojaner 2.07 infiziert |
|
22.07.2012, 23:00
| #7 |
| | Win7 mit GVU-Trojaner 2.07 infiziertCode:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 20:32:24
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 22.07.2012 22:15:13
c:\program files\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\addins gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\cstrike gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\cstrike\frontline gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\action gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\cstrike gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\firearms gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\frontline gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\gearbox gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\halflife\tfc gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\aq2 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\battle gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\chaosdm gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\duel gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\freeze gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\gloom gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\gxmod gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\holywars gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\jail gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\kots gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\lfiredm gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\lithium2 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\lmctf gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\pball gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\q2comp gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\qpong gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\ra2 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\requiem gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\sconfig gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\tourney gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\wf gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake2\wod gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\alliance gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\beryllium gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\excessive gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\instagib gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\jailbreak gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\matchmod gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\osp gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\q3comp gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\q3f gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\q3ut2 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\requiem gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\rocketarena3 gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\quake3\wfa gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\arena gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\ch gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\ctf gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\ctfb gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\ctfplus gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\dd gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\dm gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\duel gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\fr gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\tac gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\open cal gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\rpg gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\tribes\mt gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\ut gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\ut\excessive gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\ut\rocketarena gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\custom\ut\swat gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\images gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\images\portraits gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\profiles gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\profiles\(default) gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_common gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_demospy gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_fplanet gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_gnews gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_gspyder gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_news gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\sounds\(default) gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\skins gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\sounds gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_support gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\sounds\classic gefunden: Trace.File.gamespy arcade!E1
c:\users\***\appdata\roaming\microsoft\windows\start menu\programs\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\4dca9208.dat gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\arcres.dll gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\dat.bmp gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_banner.gif gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_banner.html gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\aphex.exe gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_bannerbg.jpg gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_loading.gif gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_logo.jpg gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\def_news.html gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\fpupdate.exe gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gamespy arcade - debug.lnk gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gamespy arcade help.url gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gamespy arcade website.url gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gamespy arcade.lnk gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gamespy.com gaming's homepage.url gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gsapak.exe gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gslan.dll gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\gsws.dll gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\pw32.dll gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\readme.html gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\register gamespy arcade.url gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\rptcrash.exe gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_news\rsrc.dir gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_news\service_tab.psd gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_news\service_tab+.tga gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_support\rsrc.dir gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\services\_support\service_tab.psd gefunden: Trace.File.gamespy arcade!E1
c:\program files\gamespy arcade\ws_default.html gefunden: Trace.File.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> displayname gefunden: Trace.Registry.gamespy arcade!E1
Value: hkey_current_user\software\gamespy\gamespy arcade --> instdir gefunden: Trace.Registry.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> uninstallstring gefunden: Trace.Registry.gamespy arcade!E1
C:\Users\***\Desktop\Minecraft\MinecraftLauncherWithName.exe gefunden: P2P-Worm.Win32.Palevo.aopd!E1
F:\***\Desktop\Minecraft\MinecraftLauncherWithName.exe gefunden: P2P-Worm.Win32.Palevo.aopd!E1
F:\***\Desktop\Lästiges\Setup\Spiele\Wolf ET\ET_Patch_2_60.exe gefunden: PossibleThreat.Patch.ET!E2
F:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2e002d9c-35fda33a -> com\bitcoinplus\applet\MiningApplet.class gefunden: Java.Bitcoin!E2
Gescannt 867832
Gefunden 124
Scan Ende: 22.07.2012 23:47:43
Scan Zeit: 1:32:30
Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 20:09:04
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DT Soft
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Opera v12.0.1467.0
File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [847 octets] - [22/07/2012 16:45:43]
AdwCleaner[S1].txt - [783 octets] - [22/07/2012 20:09:04]
########## EOF - C:\AdwCleaner[S1].txt - [910 octets] ##########
|
|
22.07.2012, 23:11
| #8 |
| /// Helfer-Team | Win7 mit GVU-Trojaner 2.07 infiziert Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
23.07.2012, 15:49
| #9 |
| | Win7 mit GVU-Trojaner 2.07 infiziertCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d6b8bab46dab464e936e6d7d21c905ca
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 12:39:54
# local_time=2012-07-23 02:39:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 15063508 15063508 0 0
# compatibility_mode=5893 16776574 100 94 29483266 94627460 0 0
# compatibility_mode=8192 67108863 100 0 180 180 0 0
# scanned=211953
# found=0
# cleaned=0
# scan_time=7724
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d6b8bab46dab464e936e6d7d21c905ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 02:44:18
# local_time=2012-07-23 04:44:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 15110497 15110497 0 0
# compatibility_mode=5893 16776574 100 94 29530255 94674449 0 0
# compatibility_mode=8192 67108863 100 0 47169 47169 0 0
# scanned=433348
# found=0
# cleaned=0
# scan_time=11399
|
|
23.07.2012, 16:53
| #10 |
| /// Helfer-Team | Win7 mit GVU-Trojaner 2.07 infiziert Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
23.07.2012, 17:19
| #11 |
| | Win7 mit GVU-Trojaner 2.07 infiziert Ok, das wäre soweit erledigt. |
|
23.07.2012, 17:24
| #12 |
| /// Helfer-Team | Win7 mit GVU-Trojaner 2.07 infiziert Sehr gut! damit bist Du sauber und entlassen!  Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
23.07.2012, 17:36
| #13 |
| | Win7 mit GVU-Trojaner 2.07 infiziert Nochmals vielen Dank für die schnelle Hilfe  |
|
| Themen zu Win7 mit GVU-Trojaner 2.07 infiziert |
| abbruch, autorun, avg, bho, bildschirm, c:\windows\system32\cmd.exe, converter, ctfmon.lnk, error, firefox, flash player, format, google, grand theft auto, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, mp3, nexus, plug-in, problem, registry, rundll, scan, searchscopes, security, software, svchost.exe, taskhost.exe, udp, virus, wrapper |
Linear-Darstellung
