| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\UWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 17:52
| #1 |
 |  Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Hallo ich habe ein rootkit Befall, welcher mir seit heute aufgefallen ist, ich aber schon gestern Symptome aufgefallen sind. Zuerst hatte ich mit Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 22.07.2012 16:33:29 mbam-log-2012-07-22 (16-33-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 279882 Laufzeit: 41 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Voigt\AppData\Roaming\xsecva\xsecva.exe (Trojan.Agent) -> 2724 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Users\Voigt\AppData\Roaming\rinsun.dll (Trojan.Agent) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XSECVA (Trojan.Agent) -> Daten: C:\Users\Voigt\AppData\Roaming\xsecva\xsecva.exe -s -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Voigt\AppData\Roaming\xsecva\xsecva.exe (Trojan.Agent) -> Löschen bei Neustart. C:\Users\Voigt\AppData\Roaming\rinsun.dll (Trojan.Agent) -> Löschen bei Neustart. C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 22.07.2012 18:11:27 mbam-log-2012-07-22 (18-11-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 556159 Laufzeit: 8 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 22.07.2012 19:36:22 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 83,98% Memory free 31,91 Gb Paging File | 29,62 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 91,37 Gb Free Space | 19,16% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 134,95 Gb Free Space | 14,49% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Voigt\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Programme\Razer Abyssus\razerhid.exe () PRC - C:\Programme\Razer Abyssus\razerofa.exe (Razer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\Opera\gstreamer\gstreamer.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\Social\Social.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\MRA\mra.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\InfICQ\inficq.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Core\voip.dll () MOD - C:\Programme\XSplit\avformat-53.dll () MOD - C:\Programme\XSplit\avutil-51.dll () MOD - C:\Programme\XSplit\avcodec-53.dll () MOD - C:\Programme\XSplit\swscale-0.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Razer Abyssus\razerhid.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) Intel(R) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ACMoFlex64RD3) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys (Softwareentwicklung Remus - ArchiCrypt.com) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475801843 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD C1 C9 61 A3 1C CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.08 19:14:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.01 20:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 20:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] [2012.05.09 09:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Extensions [2012.05.14 10:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Firefox\Profiles\n92hw3xj.default\extensions [2012.05.14 10:58:39 | 000,023,087 | ---- | M] () (No name found) -- C:\USERS\VOIGT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N92HW3XJ.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI [2012.05.08 19:22:28 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Abyssus] C:\Programme\Razer Abyssus\razerhid.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - Startup: C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF89CC2-A147-4C17-A801-26A40303533D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{85cf6da8-a40c-11e1-8e3c-c86000c152e4}\Shell - "" = AutoRun O33 - MountPoints2\{85cf6da8-a40c-11e1-8e3c-c86000c152e4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 19:12:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.07.22 18:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.22 18:26:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe [2012.07.22 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.07.22 14:44:05 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.07.21 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.21 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\NFS Underground 2 [2012.07.21 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.19 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Voigt\jagexcache [2012.07.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Hard Reset Extended [2012.07.16 21:19:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.16 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.07.16 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Dust [2012.07.14 23:23:01 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.07.14 23:23:01 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.07.14 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.07.14 23:19:31 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.07.14 23:19:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.07.14 23:19:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.07.14 23:19:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.07.14 23:19:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.07.14 23:19:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.07.14 23:19:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.07.14 23:19:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.07.14 23:19:31 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.07.14 23:19:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.07.14 23:19:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.07.14 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.07.14 23:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER [2012.07.14 23:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.13 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ANNO 2070 [2012.07.13 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Ubisoft Game Launcher [2012.07.13 22:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.07.13 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.07.13 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.07.13 17:15:56 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.13 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2012.07.12 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2012.07.12 19:33:08 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2012.07.12 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Heaven [2012.07.12 17:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2012.07.12 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Heaven DX11 Benchmark 3.0 [2012.07.11 10:44:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 10:44:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 10:44:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 10:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 10:44:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 10:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 10:44:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 10:44:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 10:44:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 10:44:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 10:44:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 10:44:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 10:44:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 06:35:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 06:35:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 06:35:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 00:51:31 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.07.08 19:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\StreamMyGame [2012.07.06 16:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MagiWOL [2012.07.06 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Remote Assistance Logs [2012.07.05 23:41:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.05 11:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare [2012.07.03 17:20:12 | 026,226,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.07.03 17:20:12 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.07.03 17:20:12 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.07.03 17:20:12 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.07.03 17:20:12 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.07.03 17:20:12 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.07.03 17:20:12 | 014,806,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.07.03 17:20:12 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.07.03 17:20:12 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.07.03 17:20:12 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.07.03 17:20:12 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.07.03 17:20:12 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.07.03 17:20:12 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.07.03 17:20:12 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.07.03 17:20:12 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.07.03 17:20:12 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.07.03 17:20:12 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.07.03 17:20:12 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.07.03 17:20:12 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.07.03 17:20:12 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.07.03 17:20:12 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.07.02 01:02:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Endless Space [2012.06.30 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games [2012.06.30 20:53:10 | 000,315,904 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.06.25 20:15:00 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\My Games [2012.06.25 20:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2012.06.25 20:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization.V.GOTY.incl.Gods.and.Kings [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.22 19:31:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.22 19:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 19:12:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.07.22 19:00:36 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 19:00:36 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 18:58:38 | 001,613,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.22 18:58:38 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.22 18:58:38 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.22 18:58:38 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.22 18:58:38 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.22 18:53:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.22 18:53:34 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.07.22 18:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 18:26:17 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe [2012.07.19 17:48:14 | 000,000,024 | ---- | M] () -- C:\Users\Voigt\random.dat [2012.07.19 17:40:32 | 000,000,044 | ---- | M] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.14 23:12:07 | 000,116,854 | ---- | M] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 23:08:48 | 344,989,520 | ---- | M] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 23:52:01 | 000,001,282 | ---- | M] () -- C:\Users\Voigt\Desktop\shutdown.lnk [2012.07.12 20:25:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 20:25:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.12 17:30:45 | 000,003,072 | ---- | M] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 16:48:12 | 000,288,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 15:46:51 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2012.07.08 18:00:06 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.08 18:00:06 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.07.06 11:10:58 | 000,007,608 | ---- | M] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.07.04 15:30:29 | 000,000,000 | -H-- | M] () -- C:\Users\Voigt\Documents\Default.rdp [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.29 05:37:00 | 026,226,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.06.29 05:37:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.06.29 05:37:00 | 019,828,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.06.29 05:37:00 | 018,228,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.06.29 05:37:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.06.29 05:37:00 | 015,290,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.06.29 05:37:00 | 014,806,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.06.29 05:37:00 | 012,388,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.06.29 05:37:00 | 009,164,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.06.29 05:37:00 | 007,699,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.06.29 05:37:00 | 002,744,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.06.29 05:37:00 | 002,723,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.06.29 05:37:00 | 002,573,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.06.29 05:37:00 | 002,422,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.06.29 05:37:00 | 002,216,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.06.29 05:37:00 | 001,865,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.06.29 05:37:00 | 001,758,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.06.29 05:37:00 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.06.29 05:37:00 | 000,969,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.06.29 05:37:00 | 000,828,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.06.29 05:37:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.06.29 05:37:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.06.29 05:37:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.06.29 05:37:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.06.29 05:37:00 | 000,016,048 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.06.29 01:56:15 | 002,667,062 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.06.29 01:55:57 | 003,266,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.06.29 01:55:46 | 006,193,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.06.29 01:55:40 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.06.29 01:55:40 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.06.29 01:55:39 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.06.28 17:44:42 | 000,428,904 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.22 18:54:28 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000008.@ [2012.07.21 23:14:44 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000032.@ [2012.07.21 23:14:44 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000064.@ [2012.07.21 23:14:44 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\L\00000004.@ [2012.07.21 23:14:43 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000004.@ [2012.07.21 23:14:43 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\000000cb.@ [2012.07.21 23:14:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000000.@ [2012.07.19 17:40:32 | 000,000,044 | ---- | C] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.19 17:40:32 | 000,000,024 | ---- | C] () -- C:\Users\Voigt\random.dat [2012.07.14 23:23:01 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.07.14 23:19:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.07.14 23:19:31 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.07.14 23:19:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.07.14 23:19:31 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.07.14 23:19:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.07.14 23:19:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.07.14 23:19:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.07.14 23:19:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.07.14 23:19:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.14 23:12:07 | 000,116,854 | ---- | C] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 22:38:51 | 344,989,520 | ---- | C] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 17:30:45 | 000,003,072 | ---- | C] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 15:46:51 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.07.04 15:30:29 | 000,000,000 | -H-- | C] () -- C:\Users\Voigt\Documents\Default.rdp [2012.06.28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.06.20 15:08:18 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.20 15:08:18 | 000,000,084 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.20 15:08:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.06.20 15:08:11 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.20 15:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.06.14 23:37:11 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.05.21 16:22:29 | 000,007,608 | ---- | C] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.05.18 15:31:56 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini [2012.05.17 15:14:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.17 15:14:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.17 15:14:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.17 14:27:12 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.05.15 23:04:01 | 000,004,439 | ---- | C] () -- C:\Windows\jhbqq32.ini [2012.05.15 23:04:01 | 000,001,442 | ---- | C] () -- C:\Windows\cxpcqs-h48.ini [2012.05.14 10:58:07 | 000,000,600 | ---- | C] () -- C:\Users\Voigt\PUTTY.RND [2012.05.08 21:14:34 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.08 21:14:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.08 20:02:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.08 19:14:34 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.08 18:13:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\@ [2012.05.08 18:13:46 | 000,002,048 | -HS- | C] () -- C:\Users\Voigt\AppData\Local\{2f163d28-5dca-430c-1267-a8b9c6b56536}\@ [2012.05.08 18:12:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.08 18:12:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.08 18:05:49 | 000,057,494 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.08 18:04:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.08 18:04:29 | 000,040,555 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.07.20 15:53:35 | 000,735,353 | ---- | C] () -- C:\Users\Voigt\ace_uninstaller.exe [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2012.05.11 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\.minecraft [2012.05.31 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\aacs [2012.05.08 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2012.05.13 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ashampoo [2012.06.04 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Cinspiration [2012.05.08 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\DAEMON Tools Lite [2012.07.22 19:26:27 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Dropbox [2012.05.08 20:05:05 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\IrfanView [2012.05.08 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\jeak.de [2012.07.10 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Kalypso Media [2012.05.08 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient [2012.05.24 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient2 [2012.06.25 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.05.08 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Opera [2012.05.08 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Origin [2012.05.08 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\QuickStoresToolbar [2012.06.13 20:30:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Radmin [2012.06.20 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidShare [2012.07.11 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.05.13 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ScummVM [2012.06.19 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-updater [2012.06.13 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-zsync [2012.06.20 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Spirited Machine [2012.05.08 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\SplitMediaLabs [2012.06.13 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TeamViewer [2012.05.09 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\The Creative Assembly [2012.07.13 17:15:56 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.22 16:50:31 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.06.13 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TrueCrypt [2012.06.21 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TS3Client [2012.05.17 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Tunngle [2012.07.13 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.06.19 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\uTorrent [2012.07.22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.22 18:53:34 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job [2012.06.30 16:47:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.07.2012 19:36:22 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Voigt\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 83,98% Memory free
31,91 Gb Paging File | 29,62 Gb Available in Paging File | 92,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476,84 Gb Total Space | 91,37 Gb Free Space | 19,16% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 134,95 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.17.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ArchiCrypt Ultimate RAM-Disk3_is1" = ArchiCrypt Ultimate RAM-Disk 3 Version 3.1.7.2630
"JosipMedved_MagiWOL_is1" = MagiWOL 3.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FA5F0A-04B3-4343-AA3E-C8BA6C3BADA6}" = RapidDrive
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{43430808-081A-4C0D-B7CC-601000018302}" = LOST PLANET 2
"{43430808-081A-4C0D-B7CC-601000018303}" = LOST PLANET 2
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7302BD5B-B67D-4144-AA59-C60520C5FDC6}" = Six Updater
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF364116-6A2F-43E6-9D12-901ACC3CDC00}" = ArmA II Launcher
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B931991C-FA2F-4B73-8F48-43C20B7581DE}" = QIP 2012 7058 Jeak-Edition
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Counter-Strike 1.6 V35" = Counter-Strike 1.6 V35
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"DokanLibrary" = Dokan Library 0.6.0
"EasyBCD" = EasyBCD 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.60.1185" = Opera 11.60
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QIP 2012 7058 Jeak-Edition 4.0.7058" = QIP 2012 7058 Jeak-Edition
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"ScummVM_is1" = ScummVM 1.4.1
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding of Isaac
"Steam App 203770" = Crusader Kings II
"Steam App 208140" = Endless Space
"Steam App 33460" = From Dust
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35720" = Trine 2
"Steam App 43110" = Metro 2033
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 57690" = Tropico 4
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8980" = Borderlands
"Steam App 9180" = Commander Keen Complete Pack
"Steam App 98400" = Hard Reset
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TenomichiStreamer" = StreamMyGame software
"TigerGame XBOX+PS2+GC Game Controller Adapter_is1" = TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2012 13:13:50 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2012 16:57:28 | Computer Name = VoigtPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: speed2.exe, Version: 0.0.0.0, Zeitstempel:
0x417d8e48 Name des fehlerhaften Moduls: speed2.exe, Version: 0.0.0.0, Zeitstempel:
0x417d8e48 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001794f7 ID des fehlerhaften Prozesses:
0x18cc Startzeit der fehlerhaften Anwendung: 0x01cd67836eab95c2 Pfad der fehlerhaften
Anwendung: F:\Crack\NFSU2\No Cd Crack\speed2.exe Pfad des fehlerhaften Moduls: F:\Crack\NFSU2\No
Cd Crack\speed2.exe Berichtskennung: adb97328-d376-11e1-a388-c86000c152e4
Error - 22.07.2012 08:40:25 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 10:37:52 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 10:41:01 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 10:44:46 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 12:11:21 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 12:34:25 | Computer Name = VoigtPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.07.2012 12:54:13 | Computer Name = VoigtPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.07.2012 12:55:25 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 22.07.2012 12:09:29 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.07.2012 12:09:29 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.07.2012 12:09:32 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 22.07.2012 12:09:36 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.07.2012 12:09:36 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.07.2012 12:53:33 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.07.2012 12:53:33 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 22.07.2012 12:53:36 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 22.07.2012 12:53:39 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.07.2012 12:53:39 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
< End of report >
Falls ich ein neuen Tab öffne oder schließe öffnet sich ab und zu ein weiterer Tab mit entweder google.com oder einer Werbeseite. Diese ist aber random, also will mich nicht überzeugen ein überteurtes Antivirenprogramm zu kaufen oder ähnliches. Edit: Weiteres Symptom was plötzlich auftritt: Nach jedem Neustart sind alle Symbole auf dem Desktop "automatisch angeordnet" das heißt, dass meine Anordnung der Symbole futsch ist und Alle von oben links an angeordnet sind. Es ist aber kein Häkchen bei "automatisch anordnen" gesetzt Meine Kenntnisse im Bereich PC sind in Ordnung, wobei ich mich aber mit Virenbefall nicht all zu sehr auskenne, da ich meinen einzigen Befall von früher mit einem Neuinstall von Windows gefixt habe. Dies würde auch dieses mal wieder klappen, bloß würde ich dass dann doch ganz gerne vermeiden. Sichheitseinstellung sind seeehr locker bei mir: Eingeloggt mit Adminkonto, keine UAV Benachrichtigung. Bin damit die letzten Jahre recht auch gut gefahren. Bitte steinigt mich nicht, falls ich jetzt irgendwas vergessen habe in den Thread zu posten, ist meine erster Thread hier. Geändert von Voigt (22.07.2012 um 18:40 Uhr) |
|
22.07.2012, 19:32
| #2 |
  | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Hi,
__________________OTL:
 Code:
ATTFilter :OTL
[2012.05.08 18:13:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\@
[2012.05.08 18:13:46 | 000,002,048 | -HS- | C] () -- C:\Users\Voigt\AppData\Local\{2f163d28-5dca-430c-1267-a8b9c6b56536}\@
[2012.07.22 18:54:28 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000008.@
[2012.07.21 23:14:44 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000032.@
[2012.07.21 23:14:44 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000064.@
[2012.07.21 23:14:44 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\L\00000004.@
[2012.07.21 23:14:43 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\00000004.@
[2012.07.21 23:14:43 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\000000cb.@
[2012.07.21 23:14:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U\80000000.@
:REG
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
:Commands
[purity]
[emptytemp]
[Reboot]
Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... Danach update von MAM und FULLSCAN, Log posten! chris
__________________ |
|
22.07.2012, 22:37
| #3 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Ist es normal dass, das fixen so extrem lange dauert?
__________________Schon seit einer Stunde hat OTL "Keine Rückmeldung" Das löschen hat es schon abgeschlossen, es hängt dann bei der Zeile: ""cval" = dword:0x01" ok jetzt kam ein Bluescreen. Was jetzt? Und nebenbei würde Systemwiederherstellung oder abgesicherter Modus helfen? Oder liegt der Rootkit zu tief? Geändert von Voigt (22.07.2012 um 23:05 Uhr) |
|
23.07.2012, 08:17
| #4 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Hi, Rechner per Hand neu in den abgesicherten Modus booten (F8 beim Booten), dann unbedingt Combofix laufen lassen, Log posten. Erstelle dann ein neues OTL-Log und poste das ebenfalls... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
23.07.2012, 11:58
| #5 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Also für mich als Laie sieht es schonmal gut aus: Code:
ATTFilter ComboFix 12-07-21.01 - Voigt 23.07.2012 12:34:41.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16340.15320 [GMT 2:00]
ausgeführt von:: c:\users\Voigt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Voigt\ace_uninstaller.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-23 bis 2012-07-23 ))))))))))))))))))))))))))))))
.
.
2012-07-23 10:39 . 2012-07-23 10:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 21:51 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C1632C5-2E68-442D-9BA6-88E527CC3E61}\mpengine.dll
2012-07-22 18:45 . 2012-07-22 18:45 -------- d-----w- C:\_OTL
2012-07-21 21:14 . 2012-07-22 14:35 -------- d-----w- c:\users\Voigt\AppData\Roaming\xsecva
2012-07-21 20:59 . 2012-07-21 21:00 -------- d-----w- c:\users\Voigt\AppData\Local\NFS Underground 2
2012-07-19 15:40 . 2012-07-19 15:40 -------- d-----w- c:\users\Voigt\jagexcache
2012-07-16 19:18 . 2012-07-16 19:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-07-14 21:23 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2012-07-14 21:23 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2012-07-14 21:23 . 2004-02-22 08:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2012-07-14 21:23 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2012-07-14 21:23 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2012-07-14 21:22 . 2012-07-14 21:22 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-07-14 21:17 . 2012-07-14 21:17 -------- d-----w- c:\program files (x86)\eRightSoft
2012-07-13 20:47 . 2012-07-13 20:48 -------- d-----w- c:\users\Voigt\AppData\Local\Ubisoft Game Launcher
2012-07-13 20:47 . 2012-07-13 20:47 -------- d-----w- c:\programdata\Solidshield
2012-07-13 20:33 . 2012-07-13 20:33 -------- d-----w- c:\users\Voigt\AppData\Roaming\Ubisoft
2012-07-13 20:32 . 2012-07-13 20:32 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-13 15:15 . 2012-07-13 15:15 -------- d-----w- c:\users\Voigt\AppData\Roaming\Trine2
2012-07-13 15:11 . 2012-07-13 15:11 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2012-07-13 15:11 . 2012-07-13 15:11 -------- d-----w- c:\program files\Microsoft LifeCam
2012-07-12 17:33 . 2012-07-12 17:33 -------- d-----w- C:\UnrealTournament
2012-07-12 15:31 . 2012-07-12 15:32 -------- d-----w- c:\users\Voigt\Heaven
2012-07-12 15:30 . 2012-07-12 15:30 -------- d-----w- c:\program files\Heaven DX11 Benchmark 3.0
2012-07-11 13:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:35 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 22:51 . 2012-07-10 22:53 -------- d-----w- c:\users\Voigt\AppData\Roaming\Red Alert 3
2012-07-10 21:57 . 2012-07-22 21:45 -------- d-----w- c:\users\Voigt\AppData\Roaming\tropico 4
2012-07-08 17:01 . 2012-07-08 17:01 -------- d-----w- c:\program files\StreamMyGame
2012-07-06 14:44 . 2012-07-06 14:44 -------- d-----w- c:\program files\MagiWOL
2012-07-05 21:41 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-04 13:32 . 2012-07-22 21:45 -------- d-----w- c:\users\WG
2012-07-01 18:23 . 2012-07-01 18:23 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-01 18:23 . 2012-07-01 18:23 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-28 15:44 . 2012-06-28 15:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-25 18:29 . 2012-06-25 18:29 -------- d-----w- c:\users\Voigt\AppData\Roaming\Notepad++
2012-06-25 18:29 . 2012-06-25 18:29 -------- d-----w- c:\program files\Notepad++
2012-06-25 18:15 . 2012-06-25 18:15 -------- d-----w- c:\users\Voigt\AppData\Local\My Games
2012-06-25 18:14 . 2012-06-25 18:14 -------- d-----w- c:\programdata\REVOLT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:25 . 2012-05-08 16:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 18:25 . 2012-05-08 16:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:37 . 2012-05-08 16:02 969064 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-29 03:37 . 2012-05-08 16:02 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-29 03:37 . 2012-05-08 16:02 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-29 03:37 . 2012-05-08 16:02 2723688 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-29 03:37 . 2012-05-08 16:02 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-28 23:56 . 2012-05-08 16:02 2667062 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-28 23:55 . 2012-05-08 16:02 3266408 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-28 23:55 . 2012-05-08 16:02 6193000 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-28 23:55 . 2012-05-08 16:02 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-28 23:55 . 2012-05-08 16:02 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-28 23:55 . 2012-05-08 16:02 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-28 23:55 . 2012-05-08 16:02 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-13 17:34 . 2012-06-13 17:34 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-06-02 22:19 . 2012-06-21 06:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 12:06 . 2012-05-09 17:35 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-26 12:06 . 2012-05-08 19:14 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-25 19:04 . 2012-05-08 19:14 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-25 17:47 . 2012-05-08 19:14 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-21 07:34 . 2012-05-08 16:02 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-05-18 18:29 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-18 18:29 . 2009-08-18 09:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-17 13:20 . 2012-05-17 13:14 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-05-17 13:20 . 2012-05-17 13:14 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-05-17 13:20 . 2012-05-17 13:14 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-05-15 10:48 . 2012-05-23 09:45 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 09:45 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-08 16:02 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-08 17:18 . 2012-05-08 17:18 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-08 17:18 . 2012-05-08 17:18 252296 ----a-w- c:\windows\system32\javaws.exe
2012-05-08 17:18 . 2012-05-08 17:18 188808 ----a-w- c:\windows\system32\javaw.exe
2012-05-08 17:18 . 2012-05-08 17:18 188808 ----a-w- c:\windows\system32\java.exe
2012-05-08 17:16 . 2012-05-08 17:16 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-08 17:16 . 2012-05-08 17:16 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-08 16:17 . 2012-05-08 16:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-08 16:17 . 2012-05-08 16:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-08 16:17 . 2012-05-08 16:17 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-08 16:17 . 2012-05-08 16:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-08 16:17 . 2012-05-08 16:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-08 16:17 . 2012-05-08 16:17 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-08 16:17 . 2012-05-08 16:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-08 16:17 . 2012-05-08 16:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-08 16:17 . 2012-05-08 16:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-08 16:17 . 2012-05-08 16:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-08 16:17 . 2012-05-08 16:17 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-08 16:17 . 2012-05-08 16:17 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-08 16:17 . 2012-05-08 16:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-08 16:17 . 2012-05-08 16:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-08 16:17 . 2012-05-08 16:17 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-08 16:17 . 2012-05-08 16:17 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-08 16:17 . 2012-05-08 16:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-08 16:17 . 2012-05-08 16:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-08 16:17 . 2012-05-08 16:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-08 16:17 . 2012-05-08 16:17 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-08 16:17 . 2012-05-08 16:17 448512 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:17 . 2012-05-08 16:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-08 16:17 . 2012-05-08 16:17 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-08 16:17 . 2012-05-08 16:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-08 16:17 . 2012-05-08 16:17 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-08 16:17 . 2012-05-08 16:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-08 16:17 . 2012-05-08 16:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-08 16:17 . 2012-05-08 16:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-08 16:17 . 2012-05-08 16:17 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-08 16:17 . 2012-05-08 16:17 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-08 16:17 . 2012-05-08 16:17 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-08 16:17 . 2012-05-08 16:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-08 16:17 . 2012-05-08 16:17 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-08 16:17 . 2012-05-08 16:17 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-08 16:17 . 2012-05-08 16:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-08 16:17 . 2012-05-08 16:17 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-08 16:17 . 2012-05-08 16:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-08 16:17 . 2012-05-08 16:17 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-08 16:17 . 2012-05-08 16:17 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-08 16:17 . 2012-05-08 16:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-08 16:17 . 2012-05-08 16:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-08 16:17 . 2012-05-08 16:17 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-08 16:17 . 2012-05-08 16:17 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-08 16:17 . 2012-05-08 16:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-08 16:17 . 2012-05-08 16:17 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-08 16:17 . 2012-05-08 16:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-08 16:17 . 2012-05-08 16:17 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-08 16:17 . 2012-05-08 16:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-08 16:17 . 2012-05-08 16:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-08 16:17 . 2012-05-08 16:17 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-08 16:17 . 2012-05-08 16:17 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-08 16:17 . 2012-05-08 16:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 11:06 . 2012-06-13 21:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 22:16 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 21:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 21:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-01 18:23 . 2012-05-08 17:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2010-11-21 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\programme\QIP 2012 Jeak-Edition\qip.exe" [2011-12-28 7318992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"Abyssus"="c:\programme\Razer Abyssus\razerhid.exe" [2010-05-10 223744]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
c:\users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\Voigt\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GPU-Z;GPU-Z;c:\users\Voigt\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-28 36720]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-20 1255736]
R4 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\programme\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-12-22 818952]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 ArchiCrypt Ultimate RAM-Disk 3;ArchiCrypt Ultimate RAM-Disk 3 - Realisiert RAM-Disk;c:\windows\system32\ACRAMDiskHandlerService64RD3.exe [2011-02-21 437208]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2012-04-19 736104]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-08 834544]
S1 ACMoFlex64RD3;ACMoFlex64RD3;c:\windows\system32\drivers\ACMoFlex64RD3.sys [2011-02-21 24536]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/31 22:48];c:\programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312]
S2 TeamViewer7;TeamViewer 7;c:\users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 18:25]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:14]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 17:14]
.
2012-07-23 c:\windows\Tasks\QIPdater 2012.job
- c:\programme\QIP 2012 Jeak-Edition\qipdater.exe [2012-01-02 10:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Voigt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Voigt\AppData\Roaming\Mozilla\Firefox\Profiles\n92hw3xj.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-BattlEye for A2 - c:\spiele\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\spiele\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Sid Meier's Alpha Centauri - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-435027588-1902165278-2241592477-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,90,ea,dd,49,1e,e0,f6,7b,22,ed,ee,f4,fe,b5,92,2b,d3,4d,2e,06,
45,ab,93,38,e2,92,d8,58,6d,50,30,c2,32,ba,47,50,e1,99,e6,e2,86,e6,35,dd,d7,\
"rkeysecu"=hex:84,b3,73,79,02,49,bd,b7,3d,ff,a9,08,46,30,75,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\programme\Razer Abyssus\razerofa.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-23 12:41:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-23 10:41
.
Vor Suchlauf: 16 Verzeichnis(se), 98.135.912.448 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 119.148.654.592 Bytes frei
.
- - End Of File - - BC69C2CE883CF17B8BF3FED98A84407C
Code:
ATTFilter OTL logfile created on: 23.07.2012 12:43:07 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Voigt\Desktop\Trojaner 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 14,15 Gb Available Physical Memory | 88,69% Memory free 31,91 Gb Paging File | 30,14 Gb Available in Paging File | 94,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 111,06 Gb Free Space | 23,29% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 168,11 Gb Free Space | 18,05% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Voigt\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Programme\Razer Abyssus\razerhid.exe () PRC - C:\Programme\Razer Abyssus\razerofa.exe (Razer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\Social\Social.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\MRA\mra.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Protos\InfICQ\inficq.dll () MOD - C:\Programme\QIP 2012 Jeak-Edition\Core\voip.dll () MOD - C:\Programme\XSplit\avformat-53.dll () MOD - C:\Programme\XSplit\avutil-51.dll () MOD - C:\Programme\XSplit\avcodec-53.dll () MOD - C:\Programme\XSplit\swscale-0.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Razer Abyssus\razerhid.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) Intel(R) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ACMoFlex64RD3) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys (Softwareentwicklung Remus - ArchiCrypt.com) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475801843 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD C1 C9 61 A3 1C CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.08 19:14:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.01 20:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 20:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] [2012.05.09 09:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Extensions [2012.05.14 10:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Firefox\Profiles\n92hw3xj.default\extensions [2012.05.14 10:58:39 | 000,023,087 | ---- | M] () (No name found) -- C:\USERS\VOIGT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N92HW3XJ.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI [2012.05.08 19:22:28 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2012.07.23 12:40:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Abyssus] C:\Programme\Razer Abyssus\razerhid.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - Startup: C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF89CC2-A147-4C17-A801-26A40303533D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 12:42:06 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Desktop\Trojaner [2012.07.23 12:41:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.23 12:40:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.07.23 12:34:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.23 12:34:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.23 12:34:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.23 12:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.23 12:34:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.23 12:28:55 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Voigt\Desktop\ComboFix.exe [2012.07.22 20:45:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.21 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.21 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\NFS Underground 2 [2012.07.21 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.19 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Voigt\jagexcache [2012.07.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Hard Reset Extended [2012.07.16 21:19:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.16 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.07.16 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Dust [2012.07.14 23:23:01 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.07.14 23:23:01 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.07.14 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.07.14 23:19:31 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.07.14 23:19:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.07.14 23:19:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.07.14 23:19:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.07.14 23:19:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.07.14 23:19:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.07.14 23:19:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.07.14 23:19:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.07.14 23:19:31 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.07.14 23:19:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.07.14 23:19:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.07.14 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.07.14 23:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER [2012.07.14 23:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.13 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ANNO 2070 [2012.07.13 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Ubisoft Game Launcher [2012.07.13 22:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.07.13 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.07.13 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.07.13 17:15:56 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.13 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2012.07.12 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2012.07.12 19:33:08 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2012.07.12 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Heaven [2012.07.12 17:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2012.07.12 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Heaven DX11 Benchmark 3.0 [2012.07.11 10:44:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 10:44:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 10:44:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 10:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 10:44:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 10:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 10:44:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 10:44:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 10:44:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 10:44:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 10:44:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 10:44:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 10:44:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 06:35:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 06:35:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 06:35:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 00:51:31 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.07.10 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.07.08 19:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\StreamMyGame [2012.07.06 16:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MagiWOL [2012.07.06 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Remote Assistance Logs [2012.07.05 23:41:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.05 11:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare [2012.07.03 17:20:12 | 026,226,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.07.03 17:20:12 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.07.03 17:20:12 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.07.03 17:20:12 | 018,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.07.03 17:20:12 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.07.03 17:20:12 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.07.03 17:20:12 | 014,806,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.07.03 17:20:12 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.07.03 17:20:12 | 009,164,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.07.03 17:20:12 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.07.03 17:20:12 | 002,744,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.07.03 17:20:12 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.07.03 17:20:12 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.07.03 17:20:12 | 002,216,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.07.03 17:20:12 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.07.03 17:20:12 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.07.03 17:20:12 | 000,828,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.07.03 17:20:12 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.07.03 17:20:12 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.07.03 17:20:12 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.07.03 17:20:12 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.07.02 01:02:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Endless Space [2012.06.30 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.06.25 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.06.25 20:15:00 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\My Games [2012.06.25 20:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2012.06.25 20:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization.V.GOTY.incl.Gods.and.Kings [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.23 12:40:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.23 12:40:32 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.07.23 12:40:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.23 12:40:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 12:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 12:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.23 12:28:56 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Voigt\Desktop\ComboFix.exe [2012.07.23 12:11:40 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 12:11:40 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 12:10:29 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.23 12:10:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.23 12:10:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.23 12:10:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.23 12:10:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.19 17:48:14 | 000,000,024 | ---- | M] () -- C:\Users\Voigt\random.dat [2012.07.19 17:40:32 | 000,000,044 | ---- | M] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.14 23:12:07 | 000,116,854 | ---- | M] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 23:08:48 | 344,989,520 | ---- | M] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 23:52:01 | 000,001,282 | ---- | M] () -- C:\Users\Voigt\Desktop\shutdown.lnk [2012.07.12 20:25:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 20:25:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.12 17:30:45 | 000,003,072 | ---- | M] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 16:48:12 | 000,288,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 15:46:51 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2012.07.08 18:00:06 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.08 18:00:06 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.07.06 11:10:58 | 000,007,608 | ---- | M] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.07.04 15:30:29 | 000,000,000 | -H-- | M] () -- C:\Users\Voigt\Documents\Default.rdp [2012.06.29 05:37:00 | 026,226,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.06.29 05:37:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.06.29 05:37:00 | 019,828,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.06.29 05:37:00 | 018,228,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.06.29 05:37:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.06.29 05:37:00 | 015,290,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.06.29 05:37:00 | 014,806,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.06.29 05:37:00 | 012,388,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.06.29 05:37:00 | 009,164,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.06.29 05:37:00 | 007,699,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.06.29 05:37:00 | 002,744,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.06.29 05:37:00 | 002,723,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.06.29 05:37:00 | 002,573,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.06.29 05:37:00 | 002,422,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.06.29 05:37:00 | 002,216,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.06.29 05:37:00 | 001,865,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.06.29 05:37:00 | 001,758,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.06.29 05:37:00 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.06.29 05:37:00 | 000,969,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.06.29 05:37:00 | 000,828,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.06.29 05:37:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.06.29 05:37:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.06.29 05:37:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.06.29 05:37:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.06.29 05:37:00 | 000,016,048 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.06.29 01:56:15 | 002,667,062 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.06.29 01:55:57 | 003,266,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.06.29 01:55:46 | 006,193,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.06.29 01:55:40 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.06.29 01:55:40 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.06.29 01:55:39 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.06.28 17:44:42 | 000,428,904 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.23 12:34:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.23 12:34:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.23 12:34:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.23 12:34:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.23 12:34:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.19 17:40:32 | 000,000,044 | ---- | C] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.19 17:40:32 | 000,000,024 | ---- | C] () -- C:\Users\Voigt\random.dat [2012.07.14 23:23:01 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.07.14 23:19:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.07.14 23:19:31 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.07.14 23:19:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.07.14 23:19:31 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.07.14 23:19:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.07.14 23:19:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.07.14 23:19:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.07.14 23:19:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.07.14 23:19:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.14 23:12:07 | 000,116,854 | ---- | C] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 22:38:51 | 344,989,520 | ---- | C] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 17:30:45 | 000,003,072 | ---- | C] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 15:46:51 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.07.04 15:30:29 | 000,000,000 | -H-- | C] () -- C:\Users\Voigt\Documents\Default.rdp [2012.06.28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.06.20 15:08:18 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.20 15:08:18 | 000,000,084 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.20 15:08:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.06.20 15:08:11 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.20 15:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.06.14 23:37:11 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.05.21 16:22:29 | 000,007,608 | ---- | C] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.05.18 15:31:56 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini [2012.05.17 15:14:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.17 15:14:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.17 15:14:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.17 14:27:12 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.05.15 23:04:01 | 000,004,439 | ---- | C] () -- C:\Windows\jhbqq32.ini [2012.05.15 23:04:01 | 000,001,442 | ---- | C] () -- C:\Windows\cxpcqs-h48.ini [2012.05.14 10:58:07 | 000,000,600 | ---- | C] () -- C:\Users\Voigt\PUTTY.RND [2012.05.08 21:14:34 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.08 21:14:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.08 20:02:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.08 19:14:34 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.08 18:12:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.08 18:12:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.08 18:05:49 | 000,057,494 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.08 18:04:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.08 18:04:29 | 000,040,555 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2012.05.11 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\.minecraft [2012.05.31 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\aacs [2012.05.08 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2012.05.13 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ashampoo [2012.06.04 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Cinspiration [2012.05.08 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\DAEMON Tools Lite [2012.07.23 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Dropbox [2012.07.22 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\IrfanView [2012.05.08 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\jeak.de [2012.07.10 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Kalypso Media [2012.05.08 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient [2012.05.24 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient2 [2012.06.25 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.05.08 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Opera [2012.05.08 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Origin [2012.05.08 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\QuickStoresToolbar [2012.06.13 20:30:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Radmin [2012.06.20 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidShare [2012.07.11 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.05.13 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ScummVM [2012.06.19 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-updater [2012.06.13 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-zsync [2012.06.20 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Spirited Machine [2012.05.08 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\SplitMediaLabs [2012.06.13 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TeamViewer [2012.05.09 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\The Creative Assembly [2012.07.13 17:15:56 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.22 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.06.13 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TrueCrypt [2012.07.22 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TS3Client [2012.05.17 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Tunngle [2012.07.13 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.06.19 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\uTorrent [2012.07.22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.23 12:40:32 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job [2012.06.30 16:47:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2012 12:43:07 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Voigt\Desktop\Trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 14,15 Gb Available Physical Memory | 88,69% Memory free
31,91 Gb Paging File | 30,14 Gb Available in Paging File | 94,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476,84 Gb Total Space | 111,06 Gb Free Space | 23,29% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 168,11 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11133E79-9500-4273-B79C-7CDF258474AF}" = lport=56312 | protocol=17 | dir=in | name=pando media booster |
"{13C69212-5ED4-4F5B-B78F-702791566046}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E625BA7-0F15-434E-9B96-6B524525A580}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28FE33B0-F0F2-450E-8281-FEDF66D8B9AC}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C6FCC8A-701A-4B3F-994F-563F7685D2F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DBE224A-573F-4363-BD8F-75F0CF40948D}" = rport=137 | protocol=17 | dir=out | app=system |
"{369E9668-5246-4633-83B3-ACBD0F67C6D1}" = lport=3389 | protocol=6 | dir=in | app=system |
"{39DF2746-ED90-439E-A6BF-E056CAB23937}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3E0640D7-2938-4A80-B5C3-952C64F8EE41}" = lport=138 | protocol=17 | dir=in | app=system |
"{55F9E4E9-4AAC-492A-AB23-ECDB8FAD770E}" = lport=139 | protocol=6 | dir=in | app=system |
"{63BD3D38-625F-4946-8B62-A171392EECCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FFD4446-FC97-4620-8F2B-ADAFBC856FE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76C3AF4F-95FE-44EE-89AA-286624499633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84F23324-4F20-4507-B549-751D603CBBFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A52F7D-F8F6-4FE8-B3F5-8AE2694D4D2F}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{94166667-E0A5-4F94-B34B-F37C76D0943B}" = rport=138 | protocol=17 | dir=out | app=system |
"{957B8CA8-B656-48A8-9D41-19CF210C8CAD}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{97767966-CA2B-4ACA-8647-231F6CC136F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{988B632A-753F-4E69-9114-797BB198B221}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B0A7F8A-A6D7-44F6-8F1F-DAE985B4E1ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EF12D9B-58EE-421F-88CC-F30E89362862}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F05A85C-C8B0-4E70-AB5E-98C72F1A1415}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A0F2C23F-1288-4364-8D78-FA3F9F21A9EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFA15AD9-8B5B-46C9-B107-CE820D2EC968}" = lport=3389 | protocol=6 | dir=in | app=system |
"{B2963B52-0FFF-432A-925B-A05D9101CA48}" = lport=56312 | protocol=17 | dir=in | name=pando media booster |
"{B42DF9FB-96F9-4C96-8BD9-8C4B2662F314}" = lport=445 | protocol=6 | dir=in | app=system |
"{B7EE538B-854B-4BBA-BBB9-A13634203FA7}" = lport=56312 | protocol=6 | dir=in | name=pando media booster |
"{C1A4CD50-CB3A-448D-B166-C31D6B25FDFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C209176D-C629-42A1-8BD5-26CE80953AA0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D9449613-3442-4411-A8E3-C949B916422D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB9E521A-9442-4581-82CD-C9EBD5F68352}" = lport=56312 | protocol=6 | dir=in | name=pando media booster |
"{FA666194-EC25-43EC-B53C-BF3CCF8FD4DC}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EEE9B0-D818-4E79-9311-FF95AB12070D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{019B5410-9923-41B0-BD2E-F25BE431BACB}" = protocol=17 | dir=in | app=c:\users\voigt\temp\teamviewer\version7\teamviewer_service.exe |
"{0219837D-8BAE-47EA-8D83-CA09128B9BA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0264D0CE-A0FE-4F12-B842-66C239A82795}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"{05989811-D626-4A99-ADE6-D7296DC16572}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{06132A31-C871-4D7A-B48E-1E7CD5DFBAA0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{07561F57-7F02-4D5F-A78B-8ABF1778976A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{0987F1FA-9BDB-44F9-9B2E-C0071DE1F2ED}" = dir=out | app=%systemdrive%\spiele\port royale 3\appdata.exe |
"{0F95868E-1B10-4A20-9487-8ED220D2E31F}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{0FFCBFAD-408F-4611-8853-D2C05950C274}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{13716341-DE41-4599-B8FC-2E41E461B424}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{15874ECF-AB61-440E-BD07-8BFBB83BCE71}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"{15D3413E-337C-4177-86F1-C582AEC5B353}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\bf3.exe |
"{16403E0F-4E16-486D-842B-3BA485B369AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{19A7874C-E5EE-4CAF-9E68-8F52B12825B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1ABDE08D-6884-43FF-9FAC-A95AB4A33004}" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"{1B2EFB11-81DC-4011-A65D-0B5C590BE6D2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{1CDF3874-430B-42C1-AD09-04E080CA2533}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{1D74C941-BD08-4E42-81BE-3890A43C8992}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1E57E4D8-B6E3-4995-B1D3-61C24B36C54E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{1FD8A704-442A-4F12-ACD0-3A631FF3AB56}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\metro 2033\metro2033.exe |
"{200BD918-E7CC-4217-A6C5-09C8D5398C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{20D17A80-1313-4C84-BB9F-157FA5ABA014}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{21E4CDC3-C289-4F86-851F-B4D4C0D4AC48}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{250E2690-4290-4A87-8089-985516B572A0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{269845BA-74F4-4F73-90A0-1C599479089B}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\anno5.exe |
"{26E5DF80-CA7A-47E9-8B7F-0C6DBC842EB5}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{28816B91-CED9-48B6-B3EB-30F90E5CD44D}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{2ABBF26C-0E80-41B7-9F44-7238F3F81324}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\powerdvd12ml.exe |
"{2B31C937-5F64-45E3-816A-D4C09267DE9B}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{2CAAFC8F-E93C-4D2A-A97B-5FE72A682E25}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{2D8F43F8-6F9B-4F3E-89A9-F17DF74A802B}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2DD57997-022A-4C25-9070-5A418A375562}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{2EFF2310-DA83-482B-BB0B-F9A62363DFC7}" = protocol=17 | dir=in | app=c:\spiele\lost planet 2\lp2dx9.exe |
"{31EB821A-D956-41EF-93CB-67B2D2416D2F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{32C2881C-5288-4568-A958-998AC2EEE398}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\custom.exe |
"{357ADA6C-9941-45E0-BB01-207EC97F2BAA}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{35A5BF4D-E39A-4D32-8C36-F2CA9B2F6EEA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{36D544AB-70E5-458C-BE8F-0E5722961AEB}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3759CA84-F401-421E-B0E0-9A1D0EC47DC2}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{3827F82E-6BEE-493A-A405-D4CAB45D88F3}" = protocol=6 | dir=in | app=c:\spiele\lost planet 2\lp2dx9.exe |
"{388A658F-290E-4A22-BA17-32DD444162E2}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{393EAA27-D57A-4F78-B577-8BE36B10F5E1}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{3A49EDEE-9FC9-447E-93C9-30DB8EF2EB0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3B31709E-AC8D-4EF9-88B4-091559E5DC47}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\the binding of isaac\isaac.exe |
"{3B8D27CB-6EC1-4487-8663-12D296DE5A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3DFE8E92-60AA-4714-8CCB-9A1BA3ADDA8A}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{3E162E53-6029-4F45-9987-0C59C3F00768}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{3F5E0246-0A1C-40A8-B9AF-8E22E41BA860}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\from dust\from_dust.exe |
"{3F94EC1B-BE7A-4EDF-87F9-3BDD9827F9F5}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{429BD15B-D862-4E1F-A747-3247EF9A045A}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{46A143F6-7745-4415-8049-4D08BB616C95}" = dir=in | app=c:\programme\qip 2012 jeak-edition\qip.exe |
"{46DAA37A-281D-4559-A05F-3C0A3F8494D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46EF7051-2947-42C9-B97D-845EF3246EAD}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{484AEC97-2989-4065-9F14-4006F81CC929}" = dir=out | app=%programfiles%\powerdvd12\powerdvd12\powerdvd12.exe |
"{4881FBDE-6252-48C9-BCA5-04155330CAED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{4A6EECA5-17B2-46FE-9DFA-3B5EA74F158E}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{4B1ADDCD-E3C9-410E-937E-F7946A993ED6}" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"{4D517E7F-D0A2-42FB-B546-757C206C701D}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\the binding of isaac\isaac.exe |
"{4E8302CF-419C-4C7F-BC4F-6348C2188E59}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4EA077DB-E6C9-464C-B734-3774CEB3A61E}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{4EE2864B-381F-4FC5-AF49-0CC8913BDBC2}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{50E5B809-32BA-4CC7-98D1-A30A87D1430D}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{518C7E9B-BEFB-4B1D-A9AD-F5A910C5F15A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52DE310B-D6B7-4ED0-AFA8-EFCAEA2B1FE9}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{53F4FC20-45CB-4991-BF9D-43932D720811}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{551BCDB2-B9D0-4878-9E2B-BB12C171CA21}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5568E85F-A1B1-4754-910C-9872952B8E83}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{55929CA1-6954-4884-8AD5-B83F9AA18B37}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2\arma2.exe |
"{5D13BCB0-EA91-4C1A-A94F-1D48969A0384}" = protocol=6 | dir=in | app=c:\users\voigt\temp\teamviewer\version7\teamviewer.exe |
"{5E3DC797-B069-4481-9F44-1F6E3000A0DE}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{5F3B5360-3ABE-46C9-9A94-B4A831CBA610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60A9877C-C440-4B02-9421-D4BF0491ECCA}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\monkey2\monkey2.exe |
"{60F3DD54-13EC-45FD-BAE6-B62CCDBFF7BB}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{62AB7480-60B8-4517-AB1E-E57A919F69AB}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\srcds.exe |
"{6316A827-1D3D-4576-B108-A8FF7DEE76B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63667025-A985-4978-A8CA-20C84AB0962C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{639A3913-B0F3-451C-97E3-56D9C5F29B13}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{642F9C5E-F080-44CB-98F6-43451E3DFFAB}" = protocol=6 | dir=in | app=f:\crack\gw2.exe |
"{64E4D1FD-D38B-4782-82F8-E81881C59807}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{65CA0E8B-A8A9-4C88-BBD9-03D95F7800CF}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\tropico 4\tropico4.exe |
"{6673D8CE-DC50-4A81-96A7-553669BADDFD}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{67453C0A-AE62-46EE-94D3-1116B23B528E}" = protocol=6 | dir=in | app=c:\spiele\arma 2\arma2oa.exe |
"{68484328-EDAB-4987-9477-A69B41D95C93}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{686A6C1E-BEF2-484F-90B3-77A45F4E252E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69D41122-9570-4FDD-908D-2CDA9706304F}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{6ADCF435-2F56-4BE6-AB5D-604AB9903D19}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6B9A2600-E518-47FD-BEA9-AE250A61634B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{6BB04A43-4DC7-4BA4-8E94-F08D361990D9}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{6C252907-30F2-4913-BDE1-327B382DFB86}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{6E60A92E-60A8-478B-8F5C-877502D1841F}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{6EF00E83-C466-44F3-B599-E01B88B753DC}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{6F4FB8A5-982F-4E61-BEBA-BB2418907068}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{6FAD891B-6B21-4E36-BFED-772E4FA557FB}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{6FB1D33B-6AAE-441B-A7C5-297CF2163E4D}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\endless space\endlessspace.exe |
"{70560EFD-C934-442B-9317-510A8660BFCF}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\medieval ii total war\launcher.exe |
"{723593D0-882E-408F-863C-F2898890C3D4}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\metro 2033\metro2033.exe |
"{729A5272-A0DD-4677-93D9-C0D70C8EEB80}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\initengine.exe |
"{73F1AF60-8B6C-46DA-B53D-16C354FE0907}" = dir=out | app=%systemdrive%\spiele\tropico 4\tropico4.exe |
"{74B30F76-5006-447E-9580-9F195000E1B6}" = protocol=6 | dir=in | app=c:\users\voigt\temp\teamviewer\version7\teamviewer_service.exe |
"{75422710-34FF-48E6-9E59-DD81AF546DE4}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{757CA2FC-1B4B-4FA7-B786-055023D876DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{76DB7F45-5237-4081-9F0B-4377B56F4323}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{78666ED4-E3AB-4450-BA8B-2E3E871C36C4}" = protocol=6 | dir=in | app=c:\spiele\lost planet 2\lp2dx11.exe |
"{7998AF52-CE4A-490A-B055-32A1630EA49A}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe |
"{799FF451-B7D9-4F93-BFD8-6F89EECF293B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7AA3B83F-C619-4F41-8359-D38B9758D55A}" = protocol=6 | dir=out | app=system |
"{7BB50457-91A1-4EF7-82FE-146D72AD85FA}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\monkey2\monkey2.exe |
"{7BFAE219-806B-460C-BC01-896CA2EE4714}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\powerdvd12.exe |
"{7CFA3836-CD9A-4A6D-97F4-2540DB0E6E49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D95F6F3-D873-4D46-9FC2-9DAF1B9BB994}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EF941B9-BB06-4712-97AE-419BB472B220}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{8083C60B-028F-47F0-8BBD-9E1BEFABE189}" = protocol=17 | dir=in | app=f:\crack\gw2.exe |
"{813F347B-4569-43AD-8F40-731462D075C4}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{831F4A84-2A66-4DB7-ABF7-490F49492CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84C2D230-FD9B-4257-A419-2007A6A0436A}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{8556E1D4-0BBF-4C03-8BD7-ED8F736BC5C9}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\hardreset\hardreset.exe |
"{856DA167-BCB3-4F72-884D-2B5C7C435608}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{856DF8B2-E839-437C-9B72-8E584ECDEC3D}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{8706AFED-BC85-48E4-9A60-8B826CCB469F}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{8978997A-0AF2-459C-A744-00F0AF4EB0D0}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{8B565C4B-9B09-4026-A062-7192E8BF4878}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe |
"{8B9431B0-7BC7-47F4-A12B-1753790D4D80}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{8F0222AB-FFE0-45A5-9068-EC59DA7C4FA2}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{8FCDE823-AE5C-4D90-B83B-81CC1B2EE46B}" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"{9212D8BB-CE88-44C0-B197-273AE6A285F2}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"{927B9602-8DC1-481B-B92E-7A15B8A1B08D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{940AFBF8-803E-4DE6-BBE2-B917118C502A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{9888571C-0443-4782-8904-F2F368068049}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99664804-0016-4012-8C2E-DE4C7924F2A1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9F168631-02D7-41AF-A20F-14FC7707882C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{9F9109F5-45FE-48F2-973E-39B51A6F556C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{A15721B0-36F6-468C-9DEB-A5ADA6E2DA1A}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A1BC0B4F-6AA6-430A-9348-7CB991DD958C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{A2D10247-8317-4E25-BB53-4685246491B9}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\recettear.exe |
"{A32AC50B-C25B-4961-9DDE-974BE5A572C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5C7FE5F-78E4-43EC-818E-29483B276C14}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{A6B202F3-1B9F-4C61-9DC8-4E3527762552}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\bf3.exe |
"{A6C0B632-E63D-4822-96C7-E4AF1DFD79CE}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A80C30D9-B0BF-42B4-A382-4420D425FC9C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{A845A8C8-4ABA-488C-B7FD-F4725863F60D}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{AA5D9BC0-3186-4FDE-BD67-E2EF830422B3}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{AAFE55DC-82AE-49E1-97E6-9209B03BDAEA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AC0D43F3-642B-472A-B6B7-038FB912E60F}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\srcds.exe |
"{AD9F49E8-2D67-4FDD-AEE8-0DE47FF0AADB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B21BE642-99F5-459C-8845-10CC27637F18}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{B23F30EB-C73E-4791-BFEE-DCE4B0AD43E9}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\empire total war\empire.exe |
"{B28B9842-46D6-49E6-A304-DA3E41BD5E30}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\tropico 4\tropico4.exe |
"{B2B86614-190A-4655-8B78-5BBF1CAC6551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B2C849A3-EC17-486F-97DA-82FAB9642FBC}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{B31617DD-7048-4CE5-90DA-4F8D222BE93A}" = protocol=17 | dir=in | app=c:\spiele\arma 2\arma2oa.exe |
"{B3E10ADD-1B5C-4EBE-8DCB-48CF43AB316E}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{B6F56D61-2D49-4AA8-8DF9-789DFE6C8C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B6FCE947-E252-4FC3-A67A-CCE58D85FC96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8203D78-448D-4DA5-A57B-64FF48C07C3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B90DEB95-5D07-4D8A-9197-F0F7E717AAD4}" = dir=in | app=c:\spiele\port royale 3\portroyale3.exe |
"{B925A3E1-2150-4746-9219-5A5425270F0B}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{BC6D6763-1619-4ADE-8F96-1CFFF894ABFB}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{BD3D58B8-E724-454E-8741-1D05E3C514CC}" = dir=in | app=c:\programme\powerdvd12\powerdvd12\powerdvd12agent.exe |
"{BD56A8BB-CAF3-41CE-8182-48FCC15A4253}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{BDFA8673-1FDD-42F7-B961-DB6C811C9389}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{BEAE3679-672C-4157-B806-ACE9EA3E0EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C00E2CB6-A067-457B-BF89-6E345F883505}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{C0652C13-FF66-4B32-846E-AF91E53AF752}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{C10517D8-61B2-4BAC-8D77-19004753DEDF}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{C3AEAAA7-11F8-4746-80D0-F03771C88318}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{C53EFA67-E895-45B9-B208-03296141C47C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB889DD3-7DE6-4065-8616-BD6D1305F3F6}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{CBEE602B-382D-469D-8329-73A434EFF3E4}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{CE87135D-64DE-49D7-8FBD-8F554AE47800}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE92BD7C-FFA4-40F4-9A2E-AB2B76F1AE7C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{CF226839-E06F-4A1F-AC7C-1566DB6EC719}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CFD3BF59-574F-4594-B9F4-65C961899C16}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D204C316-78D3-49A9-922B-B249DDD594D2}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D25EAD5C-C7C8-4385-9FE5-ACF54E07D25C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{D2B44AC8-3EC2-4381-8A95-F1AE6BF8298B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D31D9372-0042-4A4C-A1E7-E743EE1DD9FA}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\from dust\from_dust.exe |
"{D33D1B6E-8A21-4EB6-AE32-B00C7F6C6D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D47C7572-EF26-4338-BC3A-5593B507C248}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"{D611F84D-E6B4-429A-B086-33E8CE5E1DF9}" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"{D64DFB81-32BD-4AD0-A8F8-24CA6508A90A}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2\arma2.exe |
"{D7DA5464-6C7E-40E1-9893-77E8A6F987E9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D7E6B534-E55B-4827-A15E-779672C42DF2}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{D971C6EA-C621-423A-9832-F6A2BAB1F3A8}" = protocol=17 | dir=in | app=c:\users\voigt\temp\teamviewer\version7\teamviewer.exe |
"{DAAE9F33-4F27-4A2C-972E-EC848053D7E5}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{DC2387B5-5A47-42CE-A50B-65FD1F9ABDA7}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{DC570DE1-5BF6-44D2-BACC-DB5B253C54BA}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\recettear.exe |
"{DD305C48-A433-46D2-AB4B-66C9373E5A65}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\medieval ii total war\launcher.exe |
"{DD553E55-2CE3-4972-8084-BFA0A9958025}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{DF20192E-1D55-40A4-B329-B2FA8A320637}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\initengine.exe |
"{E80E490C-2BD3-4A4B-B2DA-3C1F8621BBF1}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\anno5.exe |
"{E8AE48F9-54DF-4CBF-8D8B-943900CEF378}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E8D7228D-01BD-4B07-95C0-C823B2D9C693}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{E8F7A4CA-5505-4B9B-AAAB-C29046E8A703}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E9F02B66-EFA6-4D51-AA85-DA70B5CAE28D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EBD87CB5-D00D-48F9-8FB1-5A507B82E79E}" = protocol=17 | dir=in | app=c:\spiele\lost planet 2\lp2dx11.exe |
"{EC11C196-7628-41E9-8938-741A329286CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EC4A2F7B-85E0-4C22-A98C-5A0E5709C932}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EC73670A-6B02-4892-A81E-369E14D3517E}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{ECA3087E-B28D-44C9-B01B-54ABEB209D9F}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{EFDFF3E0-DCEE-4F4F-8334-4FD8F4C1B465}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{F001D429-538F-410D-B277-E74006B1F2CB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F16F767A-C5C3-41BA-908B-2A81C750B315}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{F2A0FD3D-9A24-43C8-96DE-C3956A0028A5}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\hardreset\hardreset.exe |
"{F86D442C-5446-4763-B89F-666624BFBCAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8E30D46-F183-47E0-B04F-58032773B520}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{FA073334-5FD8-49BA-893B-005EBD78B96D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{FC0576D5-0E52-4788-AE24-FC962763EA6F}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{FF284CF8-F232-4BCF-8C08-6AE85E9D67B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FF422439-8B78-4C4A-8FC1-CA3DF2E86C46}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\recettear\custom.exe |
"TCP Query User{04D555E8-E52B-49F7-B825-67D7F0E7C6C4}C:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0FCAF9EA-6E57-469E-A786-7EC7CF6B237C}C:\program files\powerdvd12\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe" = protocol=6 | dir=in | app=c:\program files\powerdvd12\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"TCP Query User{111DB6E6-A664-4E0B-9D4A-D545C4E9DC53}C:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{150922DD-EE60-462C-BDA6-4ED9A4A95E6E}C:\program files\streammygame\streamer_player.exe" = protocol=6 | dir=in | app=c:\program files\streammygame\streamer_player.exe |
"TCP Query User{262B320B-5D8F-4558-814F-50FCAA5B35AA}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"TCP Query User{3E6DB301-0CED-4D6F-9C20-25439A07CC38}F:\crack\gw2.exe" = protocol=6 | dir=in | app=f:\crack\gw2.exe |
"TCP Query User{47E3B042-95D0-4962-B023-8BE85613136D}C:\spiele\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth\empire earth.exe |
"TCP Query User{49F47DA8-1A15-45B8-979D-288941578D70}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5E7C5E83-CB80-4F05-ADF4-F741ED61A7D4}C:\spiele\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\spiele\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{64408FD4-1531-40CC-86B4-AEE68B3DB99C}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{6530A06E-EA07-4FBC-8370-E568A8858496}C:\program files\streammygame\streamer_server.exe" = protocol=6 | dir=in | app=c:\program files\streammygame\streamer_server.exe |
"TCP Query User{6D2DA9D9-6910-47F2-B38B-FD887C68C8D7}C:\spiele\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"TCP Query User{926C16EA-36DB-4303-A654-CD9D18C7AC87}C:\spiele\red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=c:\spiele\red alert 3\data\ra3_1.12.game |
"TCP Query User{9A785DB2-F93C-478B-929D-67E49BAFA551}C:\program files\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files\six updater\tools\bin\rsync.exe |
"TCP Query User{A3D3F0E7-BAA2-4590-9D0C-A2B166D1D490}C:\program files\powerdvd12\powerdvd12\powerdvd12agent.exe" = protocol=6 | dir=in | app=c:\program files\powerdvd12\powerdvd12\powerdvd12agent.exe |
"TCP Query User{C17BB9F8-AAC8-4084-8C68-369B8609AEB4}C:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{C1BE2349-5F42-4C5B-82F1-9407C0114624}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{D6903FCB-C3DA-400A-A71F-E6CCCB309FCE}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"TCP Query User{DA68D632-4BA1-4AEC-B8DF-61F682F6B43D}C:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"TCP Query User{E05200E0-8E86-451C-960D-8CE66DAEF4F5}C:\spiele\steam\steamapps\voigt15\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\voigt15\condition zero deleted scenes\hl.exe |
"TCP Query User{ED0E846E-F61B-469E-A7A3-BDEC18B1FE2E}C:\spiele\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\spiele\counter-strike 1.6\hl.exe |
"TCP Query User{F03F9158-79F7-4C3A-B7C1-106527D29BBA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0BE91BC0-F1B6-4AF2-969F-EFDED29C348C}C:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"UDP Query User{14FF6747-9208-4B67-8EB9-880919CEF024}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{1CF7E8A5-76C3-4952-8E1C-D18B6A467243}C:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\voigt\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1D27166E-46E6-435B-86D2-19023B789826}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1FACA428-2EB4-4CD3-85FE-E684511FEF5B}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{2A14F24C-EEB6-4F55-95A3-38BEC0944B0B}C:\spiele\red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=c:\spiele\red alert 3\data\ra3_1.12.game |
"UDP Query User{3A5504BC-CE25-42DF-B519-E75BDADB7911}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{480B5BED-E3BA-4FA9-B997-F2A454D4DF25}C:\spiele\steam\steamapps\voigt15\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\voigt15\condition zero deleted scenes\hl.exe |
"UDP Query User{4CF4D632-FF09-471F-8AB8-A2F3A5BED6A5}C:\spiele\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\spiele\counter-strike 1.6\hl.exe |
"UDP Query User{50841C8D-B2C5-4546-9093-170BD8C9B0BC}C:\program files\powerdvd12\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe" = protocol=17 | dir=in | app=c:\program files\powerdvd12\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"UDP Query User{69CD335D-BDEA-4158-B49A-F0851C79490D}C:\program files\powerdvd12\powerdvd12\powerdvd12agent.exe" = protocol=17 | dir=in | app=c:\program files\powerdvd12\powerdvd12\powerdvd12agent.exe |
"UDP Query User{7B1E4A81-AB63-4898-9A8A-CFCE31172F9D}C:\spiele\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"UDP Query User{7CCCC6D1-E651-43B5-9654-2602732F47BB}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"UDP Query User{7D500702-7702-4E0C-BAA0-658319D0E6A4}C:\program files\streammygame\streamer_server.exe" = protocol=17 | dir=in | app=c:\program files\streammygame\streamer_server.exe |
"UDP Query User{8820393D-0CF4-41C6-B897-AAEAB252F240}C:\program files\streammygame\streamer_player.exe" = protocol=17 | dir=in | app=c:\program files\streammygame\streamer_player.exe |
"UDP Query User{8C2770B5-67B7-4AB8-BF9E-B1245E58C660}C:\program files\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012 jeak-edition\qip.exe |
"UDP Query User{A7C408FB-360B-43E7-8CFE-8CF5965A584C}C:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{AF4336EF-BD5C-4919-A52A-9DB24300816A}C:\spiele\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth\empire earth.exe |
"UDP Query User{CBDB5039-2E10-4765-AA7F-91D4B16FC638}C:\program files\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files\six updater\tools\bin\rsync.exe |
"UDP Query User{EBE22E98-873C-490B-BFD9-DD48BBACD0BC}C:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{F345FC68-3054-4E94-8462-2C1B57489687}C:\spiele\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\spiele\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{FE5819F8-03AF-4018-A8FC-DA5F3527B45F}F:\crack\gw2.exe" = protocol=17 | dir=in | app=f:\crack\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.17.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ArchiCrypt Ultimate RAM-Disk3_is1" = ArchiCrypt Ultimate RAM-Disk 3 Version 3.1.7.2630
"JosipMedved_MagiWOL_is1" = MagiWOL 3.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FA5F0A-04B3-4343-AA3E-C8BA6C3BADA6}" = RapidDrive
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{43430808-081A-4C0D-B7CC-601000018302}" = LOST PLANET 2
"{43430808-081A-4C0D-B7CC-601000018303}" = LOST PLANET 2
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7302BD5B-B67D-4144-AA59-C60520C5FDC6}" = Six Updater
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF364116-6A2F-43E6-9D12-901ACC3CDC00}" = ArmA II Launcher
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B931991C-FA2F-4B73-8F48-43C20B7581DE}" = QIP 2012 7058 Jeak-Edition
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Counter-Strike 1.6 V35" = Counter-Strike 1.6 V35
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"DokanLibrary" = Dokan Library 0.6.0
"EasyBCD" = EasyBCD 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.60.1185" = Opera 11.60
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QIP 2012 7058 Jeak-Edition 4.0.7058" = QIP 2012 7058 Jeak-Edition
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"ScummVM_is1" = ScummVM 1.4.1
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding of Isaac
"Steam App 203770" = Crusader Kings II
"Steam App 208140" = Endless Space
"Steam App 33460" = From Dust
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35720" = Trine 2
"Steam App 43110" = Metro 2033
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 57690" = Tropico 4
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8980" = Borderlands
"Steam App 9180" = Commander Keen Complete Pack
"Steam App 98400" = Hard Reset
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TenomichiStreamer" = StreamMyGame software
"TigerGame XBOX+PS2+GC Game Controller Adapter_is1" = TigerGame XBOX+PS2+GC Game Controller Adapter 2.0.1.0
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2012 18:05:44 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2012 06:06:18 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2012 06:33:38 | Computer Name = VoigtPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 23.07.2012 06:34:09 | Computer Name = VoigtPC | Source = VSS | ID = 18
Description =
Error - 23.07.2012 06:34:09 | Computer Name = VoigtPC | Source = VSS | ID = 8193
Description =
Error - 23.07.2012 06:34:09 | Computer Name = VoigtPC | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 06:35:29 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2012 06:40:33 | Computer Name = VoigtPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Voigt\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 23.07.2012 06:42:23 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10
Description =
Error - 23.07.2012 06:42:28 | Computer Name = VoigtPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Voigt\Desktop\Trojaner\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 23.07.2012 06:33:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 23.07.2012 06:33:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 23.07.2012 06:33:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 23.07.2012 06:33:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 23.07.2012 06:33:44 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 23.07.2012 06:34:09 | Computer Name = VoigtPC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 06:35:45 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 23.07.2012 06:39:40 | Computer Name = VoigtPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 23.07.2012 06:39:52 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 23.07.2012 06:40:31 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 23.07.2012 12:45:22 mbam-log-2012-07-23 (12-45-22).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 535725 Laufzeit: 7 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.07.2012, 13:06
| #6 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Hi, das sieht gut aus. Weniger gut ist, das MAM die Viecher nicht in der Quarantäne von OTL gefunden hat... Schaue ich mir mal an: Datei hochladen: http://www.trojaner-board.de/54791-a...ner-board.html Folge den Anweisungen dort und Packe und Lade das Verzeichnis: Code:
ATTFilter C:\_OTL\MovedFiles
Wie verhält sich der Rechner? chris
__________________ --> Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U |
|
23.07.2012, 13:28
| #7 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Rar Ordner ist hochgeladen und Rechner verhält sich gut. Alle Symptome sind verschwunden. Nervig ist bloß, dass meine gesamte Internethistorie verschwunden ist, aber das liegt glaub ich mal am Reinigungsvorgang, dass irgendwelche Temporären Ordner gelöscht wurden. Und durch eine BlueScreen wurden auch alle meine geöffneten Tabs in Opera geschlossen, die ich immer im Hintergrund aufhatte. Vielen Dank schonmal für die Hilfe. |
|
23.07.2012, 14:07
| #8 |
| | Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U Hi, habs mal selektiv weitergeleitet, nicht alle Scanner erkennen das Teil (ZAccess)... Das Verzeichnis C:\_OTL und OTL löschen, Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U |
| .dll, 00000008.@, administrator, anti-malware, appdata, autostart, befall, call of duty, code, dateien, explorer, gelöscht, gen, google earth, heuristiks/extra, heuristiks/shuriken, hotspot, hotspot shield, install.exe, jdownloader, langs, launch, löschen, malwarebytes, microsoft, neue, nexus, nvidia update, plug-in, programm, richtlinie, roaming, rootkit, searchscopes, software, speicher, super, tab, trojan.agent, trojaner, usb 3.0, windows, öffnet |
Linear-Darstellung
