|
Plagegeister aller Art und deren Bekämpfung: Trojan.Phex.THAGen6 mit mbam bekämpft - was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.07.2012, 21:41 | #1 |
| Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? Hallo zusammen, im Vorweg schon einmal danke für dieses Forum. Ich habe mir etwas eingefangen, das bei Internetkontakt meinen Rechner sperrte und versprach gegen 100 CHF Zahlung zu verschwinden. Über USB-Stick von einem uninfizierten Rechner mbam geladen und Trojan.Phex.THAGen6 gefunden (befindet sich im Quarantäneordner). Die Symptome sind weg. Jetzt wüsste ich gerne ob der Virus wirklich fertig hat oder ob ich noch weitere Hilfe brauche. Btw: Ihr wollt doch gerne die Viren, wie transportiere ich das gefundene Kroppzeug sicher aus meinem Quarantäneordner zu euch? Vollständiger Inhalt von OTL.txt und extras.txt folgt, defogger ist bis auf weiteres an. OTL.txt OTL logfile created on: 31.07.2012 22:15:45 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Walter\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,19% Memory free 7,42 Gb Paging File | 5,65 Gb Available in Paging File | 76,15% Paging File free Paging file location(s): d:\pagefile.sys 3500 3500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 368,46 Gb Total Space | 60,64 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Drive D: | 4,05 Gb Total Space | 0,59 Gb Free Space | 14,52% Space Free | Partition Type: NTFS Drive E: | 383,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 698,64 Gb Total Space | 570,89 Gb Free Space | 81,71% Space Free | Partition Type: NTFS Drive G: | 708,89 Gb Total Space | 284,74 Gb Free Space | 40,17% Space Free | Partition Type: NTFS Drive H: | 4,69 Gb Total Space | 3,63 Gb Free Space | 77,58% Space Free | Partition Type: NTFS Drive I: | 100,00 Mb Total Space | 70,13 Mb Free Space | 70,14% Space Free | Partition Type: NTFS Drive J: | 683,59 Gb Total Space | 340,03 Gb Free Space | 49,74% Space Free | Partition Type: NTFS Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 17:48:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe PRC - [2012.07.18 18:59:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Walter\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.12.27 11:08:57 | 000,035,006 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.11.07 21:13:10 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe PRC - [2010.10.25 17:11:30 | 000,136,488 | R--- | M] (Swisscom) -- C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe PRC - [2010.10.04 09:47:14 | 001,461,544 | ---- | M] (Swisscom) -- C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2010.02.11 13:26:06 | 013,545,472 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files (x86)\ZyXEL\NWD-211AN\NWD-211AN.exe PRC - [2010.02.11 12:56:50 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD-211AN\ServiceUI.exe PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2008.11.25 06:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008.07.09 16:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\accvssvc.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 18:59:31 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.12.27 11:08:57 | 000,035,006 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe MOD - [2010.02.11 13:25:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD-211AN\NICDLL.dll MOD - [2010.02.11 12:56:48 | 000,811,008 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD-211AN\RaWLAPI.dll MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 18:59:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.10 19:39:16 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.23 07:52:03 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.07 21:13:10 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService) SRV - [2010.10.25 17:11:30 | 000,136,488 | R--- | M] (Swisscom) [Auto | Running] -- C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service) SRV - [2010.10.04 09:47:14 | 001,461,544 | ---- | M] (Swisscom) [Auto | Running] -- C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.16 23:21:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2010.02.11 12:56:50 | 000,466,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ZyXEL\NWD-211AN\ServiceUI.exe -- (NWD211AN_UI) SRV - [2010.01.19 19:18:52 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- g:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.25 06:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SRV - [2008.07.09 16:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\accvssvc.exe -- (accvssvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.01.18 18:05:48 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.11.08 08:56:36 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.11.08 08:56:35 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.10.25 16:03:34 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.10.25 16:03:32 | 000,255,488 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.10.25 16:03:32 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.10.25 16:03:30 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.09.08 18:36:40 | 000,409,384 | ---- | M] (Swisscom) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wtsmpflt.sys -- (WtSmpFlt) DRV:64bit: - [2010.06.29 15:40:06 | 000,056,104 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wtsmpadap.sys -- (wtsmpadap) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.11 12:56:52 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLANURN.sys -- (XN790_WIN7) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.19 18:37:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.01 19:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2007.01.25 20:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV - [2010.11.04 01:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\HtsysmNT.sys -- (Htsysm) DRV - [2010.08.05 15:07:58 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Cheat Engine\dbk64.sys -- (CEDRIVER55) DRV - [2010.02.11 12:56:52 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLANURN.sys -- (XN790_WIN7) DRV - [2010.02.11 12:56:50 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ZDCndis5.sys -- (ZDCNDIS5) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc IE - HKCU\..\SearchScopes\{27D25B5B-DAFC-41B0-814A-EE90AF79415D}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{4429B596-9566-48E1-A011-CA0506DCE0F1}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{55C6D464-E35F-4BF1-972F-32FDE406C12D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{6ADCBB2A-39CE-4F2A-B95F-C045DF333A94}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{6AEC28C8-63E1-46f5-8DD5-39DCF4E6764F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{9F6DBEC7-7B2D-47d6-88AC-6345A5BEE05F}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{A365003D-6B17-47FA-85FE-1A0F35C22CF1}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{FA8CD90D-1C93-45F8-80A2-86965F003ED8}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "100 Search Engines" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bluewin.ch" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6 FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {E4D8AFFF-DA7C-412F-A976-05ED142C7806}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Walter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2011.05.28 15:17:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.12 00:56:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.25 20:26:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.12 00:56:48 | 000,000,000 | ---D | M] [2011.06.05 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\Mozilla\Extensions [2011.06.05 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.31 11:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions [2012.07.01 07:52:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.04.25 17:17:38 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.07.26 08:39:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012.07.26 23:14:32 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions\flashcatch-amo@flashcatch.com [2012.05.27 19:54:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\extensions\ich@maltegoetz.de [2010.07.04 07:53:04 | 000,001,449 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\searchplugins\100-search-engines.xml [2010.01.19 19:18:54 | 000,001,056 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\phqdmx3z.default\searchplugins\{D694685F-157E-42D3-8713-E45B4B6709E5}.xml [2012.02.18 19:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.02.11 01:10:34 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHQDMX3Z.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.07.31 11:12:02 | 000,197,500 | ---- | M] () (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHQDMX3Z.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI [2011.07.23 08:26:06 | 000,028,950 | ---- | M] () (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHQDMX3Z.DEFAULT\EXTENSIONS\FLASHKILLER@JOLI.CLIC.XPI [2012.07.18 18:59:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.18 18:02:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll [2012.01.10 16:19:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 16:19:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.10 16:19:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 16:19:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 16:19:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 16:19:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Walter\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Gaslamp Games] C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe () O4 - HKCU..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA36311-83EF-441F-99D9-BE471E82A9E4}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9A998C-E705-41CF-8CAE-8E4784C2F25B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E981A56-DEE6-410C-97BD-C8603D37A6BE}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4216C20A-86CE-4BE7-8180-C8A290D24017}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7938B58-2A92-40DF-AA6A-28A0228B4071}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.10.27 14:52:25 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk F:\ O33 - MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\Shell - "" = AutoRun O33 - MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\Shell - "" = AutoRun O33 - MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002.11.04 13:25:20 | 001,863,430 | R--- | M] () O33 - MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\Shell - "" = AutoRun O33 - MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002.11.04 13:25:20 | 001,863,430 | R--- | M] () O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Launch.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 22:15:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe [2012.07.31 17:11:50 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes [2012.07.31 17:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.31 17:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 17:11:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.26 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS [2012.07.26 15:33:46 | 000,000,000 | ---D | C] -- C:\BOSS [2012.07.22 16:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 22:07:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 22:07:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 22:01:36 | 000,001,353 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys [2012.07.31 22:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 22:01:20 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 21:59:56 | 000,000,188 | ---- | M] () -- C:\Users\Walter\defogger_reenable [2012.07.31 17:48:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe [2012.07.31 17:25:07 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.29 20:33:54 | 000,002,120 | ---- | M] () -- C:\Users\Walter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.07.27 18:35:07 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.07.27 13:57:18 | 000,001,547 | ---- | M] () -- C:\Users\Walter\Desktop\nvse_loader.exe - Shortcut.lnk [2012.07.26 16:14:52 | 000,001,268 | ---- | M] () -- C:\Users\Walter\Desktop\Geck.exe - Shortcut.lnk [2012.07.26 11:24:21 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk [2012.07.22 15:56:42 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\Sins of a Solar Empire Rebellion.lnk [2012.07.18 18:59:33 | 000,002,054 | ---- | M] () -- C:\Users\Walter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.07.14 09:17:05 | 000,001,055 | ---- | M] () -- C:\Users\Walter\Desktop\AtlanticaRun.exe - Shortcut.lnk [2012.07.07 08:47:23 | 000,838,208 | R--- | M] () -- C:\Users\Walter\Documents\download_manual_jura_ultra_cappuccinatore_evolution_500_5000_de.pdf [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.31 21:59:55 | 000,000,188 | ---- | C] () -- C:\Users\Walter\defogger_reenable [2012.07.31 17:11:42 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 15:56:42 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\Sins of a Solar Empire Rebellion.lnk [2012.07.14 09:17:05 | 000,001,055 | ---- | C] () -- C:\Users\Walter\Desktop\AtlanticaRun.exe - Shortcut.lnk [2012.07.06 17:25:42 | 000,838,208 | R--- | C] () -- C:\Users\Walter\Documents\download_manual_jura_ultra_cappuccinatore_evolution_500_5000_de.pdf [2012.06.23 23:12:41 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\HtsysmNT.sys [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.03.18 19:54:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.03.18 11:27:24 | 000,011,255 | ---- | C] () -- C:\Users\Walter\.recently-used.xbel [2011.10.03 17:40:33 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2011.10.03 17:40:33 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.04.12 15:11:36 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.08 19:05:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.03.08 19:05:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.03.08 19:05:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.03.08 18:57:49 | 000,031,816 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.02.17 18:29:03 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\startopia.ini [2010.12.19 18:56:48 | 000,000,287 | ---- | C] () -- C:\Windows\Sfc3ng.ini [2010.12.15 13:09:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.11.23 17:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2010.11.07 21:13:11 | 000,001,353 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys [2010.11.07 21:13:10 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll [2010.11.07 21:13:10 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe [2010.10.10 23:29:26 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.10.10 23:29:26 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.10.10 23:24:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.10.10 23:24:58 | 000,033,652 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.10.03 17:49:49 | 000,000,041 | ---- | C] () -- C:\Windows\lz_tcm.ini [2010.08.08 08:37:55 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.06.21 17:43:51 | 000,000,094 | ---- | C] () -- C:\Users\Walter\AppData\Local\fusioncache.dat ========== LOP Check ========== [2010.11.29 02:48:35 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Code Force Limited [2012.03.15 20:00:16 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DAEMON Tools Lite [2010.01.26 11:07:15 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DeepBurner [2010.10.10 23:31:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DeviceVm [2011.02.18 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Downloaded Installations [2010.12.12 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Dragon Age Toolset [2010.03.28 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FOG Downloader [2010.01.19 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Foxit [2010.03.16 11:30:34 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Foxit Software [2011.01.21 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\gamigo [2012.03.14 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Gaslamp Games [2012.04.02 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\GetRightToGo [2012.03.01 11:00:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\gtk-2.0 [2011.01.21 20:23:17 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\launcher [2010.11.23 17:28:33 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Leadertech [2010.01.19 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\OCS [2010.03.24 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\OpenOffice.org [2010.01.19 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Opera [2012.01.23 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Petroglyph [2011.06.11 15:23:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ProtectDisc [2010.09.02 13:41:07 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\SystemRequirementsLab [2011.10.26 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\The Creative Assembly [2011.06.05 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Thunderbird [2012.02.21 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\TS3Client [2010.06.21 17:44:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Turbine [2011.07.24 11:07:05 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Unity [2012.06.24 09:13:05 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 537 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP06A4C76 < End of report > Extras.txt OTL Extras logfile created on: 31.07.2012 22:15:45 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Walter\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,19% Memory free 7,42 Gb Paging File | 5,65 Gb Available in Paging File | 76,15% Paging File free Paging file location(s): d:\pagefile.sys 3500 3500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 368,46 Gb Total Space | 60,64 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Drive D: | 4,05 Gb Total Space | 0,59 Gb Free Space | 14,52% Space Free | Partition Type: NTFS Drive E: | 383,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 698,64 Gb Total Space | 570,89 Gb Free Space | 81,71% Space Free | Partition Type: NTFS Drive G: | 708,89 Gb Total Space | 284,74 Gb Free Space | 40,17% Space Free | Partition Type: NTFS Drive H: | 4,69 Gb Total Space | 3,63 Gb Free Space | 77,58% Space Free | Partition Type: NTFS Drive I: | 100,00 Mb Total Space | 70,13 Mb Free Space | 70,14% Space Free | Partition Type: NTFS Drive J: | 683,59 Gb Total Space | 340,03 Gb Free Space | 49,74% Space Free | Partition Type: NTFS Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [tralih] -- "C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /0 "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06041D96-C994-4C0D-B08D-089A9CEA19D6}" = lport=59128 | protocol=6 | dir=in | name=pando media booster | "{081F3E38-825E-4DFD-B8BF-EAF80373D298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{121B51AA-702F-4B07-B528-D28DE00B08C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{171A7B9F-8249-4211-B294-21FE7CA7E3BF}" = lport=59128 | protocol=6 | dir=in | name=pando media booster | "{1851F41F-4ABE-4B27-BECE-6C824D9FBD18}" = lport=58494 | protocol=17 | dir=in | name=pando media booster | "{1C008B15-FDC5-471A-A881-BA01A15E3B4D}" = lport=59128 | protocol=17 | dir=in | name=pando media booster | "{207363F0-69FB-4935-A194-B37BFDDB00E4}" = lport=59128 | protocol=17 | dir=in | name=pando media booster | "{31A4CF85-B090-454C-8D7B-4538A4E7E526}" = lport=57964 | protocol=17 | dir=in | name=pando media booster | "{33935FBE-45C9-4FBD-916B-0E654E358684}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{34EE5002-5899-49A8-8D61-0C15E0E20DC3}" = lport=57964 | protocol=6 | dir=in | name=pando media booster | "{3BEAF5AA-F3C5-4E2A-A99F-7A9035DEB0EF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4036F4C4-886B-4CB0-AC69-02BE4BE23511}" = lport=58494 | protocol=6 | dir=in | name=pando media booster | "{4325FD3D-9782-4710-A66A-C4508077856E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4687C770-453D-4A4B-ADD0-D421DF3D456A}" = lport=138 | protocol=17 | dir=in | app=system | "{517ED87B-5180-4398-B113-8CB683F0E813}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5EDCC9CB-6CC7-4037-B979-023BF7108237}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{67755CD7-B7E4-416C-B14E-A6A7983807E6}" = rport=138 | protocol=17 | dir=out | app=system | "{6D3F13BA-FC1E-4390-843A-F99C0493B1A1}" = rport=139 | protocol=6 | dir=out | app=system | "{75BD21A5-ECEE-4CE0-AB1A-EF8D822902CE}" = rport=137 | protocol=17 | dir=out | app=system | "{762514F1-C36E-4D93-B4D9-FCD6B25F59D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{785AB2BC-38D0-4DB5-A0EC-71A61D59E845}" = rport=10243 | protocol=6 | dir=out | app=system | "{792BC9D6-E49E-4729-B7BC-47FF67ABC779}" = lport=57459 | protocol=6 | dir=in | name=pando media booster | "{80FFC632-A4FB-4249-A8E8-5D6BF1DC9B4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{865D301A-CD33-4B9C-A1B4-0BC1C964D84F}" = lport=2869 | protocol=6 | dir=in | app=system | "{8AFFA05C-A907-405B-8583-0E2842594C58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8D09662A-14E8-48B7-8F0E-FDBD3C9E86A1}" = lport=139 | protocol=6 | dir=in | app=system | "{924CD22A-A04A-461D-9AF4-ABE6A93C9AB4}" = lport=57459 | protocol=17 | dir=in | name=pando media booster | "{93814737-99C6-4704-B2BF-5986F6DB3CF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98D8FBF8-32C3-453C-8150-AA141E3FB644}" = lport=57964 | protocol=17 | dir=in | name=pando media booster | "{A50A474E-EF61-4F15-B3AB-F8E6C8F6DDC5}" = lport=57964 | protocol=6 | dir=in | name=pando media booster | "{A8ACFF40-807B-4764-9FD0-5953C900A41B}" = lport=58494 | protocol=17 | dir=in | name=pando media booster | "{AA2BABF8-DA0E-472D-937B-25241E5139A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{B6CEFF3C-EEBE-458A-8F27-8F8686075DBE}" = rport=445 | protocol=6 | dir=out | app=system | "{C317BD5B-2C12-451E-BD11-16C4E9C5B58F}" = lport=445 | protocol=6 | dir=in | app=system | "{C515B68E-870A-4D7B-BBD8-040EB5F42C58}" = lport=137 | protocol=17 | dir=in | app=system | "{D3142F4B-4218-42BC-9357-7280DBA7A88F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D39D3E10-653F-437B-A967-1953E24ACE95}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{D69BDBA4-3AAC-420A-A043-FA7851A61EA7}" = lport=58494 | protocol=6 | dir=in | name=pando media booster | "{D9DB1556-F1CC-49C2-84EB-8798B5D17DB7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF5A5B74-D2F9-41F4-9D4C-90BBF90882D1}" = lport=57459 | protocol=6 | dir=in | name=pando media booster | "{E0CB76E0-9BA2-43DC-90DD-294A69A0BF7C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E86D158A-520A-4778-9A80-802D4D7C1977}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ED716434-B926-406D-8090-3CD8A42ECF51}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EDB77174-7C84-460E-9AF0-0F54FD641F7F}" = lport=10243 | protocol=6 | dir=in | app=system | "{F2042FB7-E267-4712-B582-4D546C5DB435}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F58B50E8-BF02-4926-AC10-6C5943A52334}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FCF20AF6-CE0A-4F2A-8183-5BA064AFC294}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FFB51E14-468A-47A8-BACF-76B4B5DE3258}" = lport=57459 | protocol=17 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0682A7C9-A545-42C8-8C38-DAAA05DB1AF7}" = protocol=6 | dir=in | app=c:\users\walter\appdata\local\akamai\netsession_win.exe | "{08E1A9D1-FBE8-4970-AE43-77D8F58B72C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{09693513-9651-4D80-82A5-20C79582F021}" = protocol=17 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\patcher.exe | "{0E18C186-A2CE-4249-8237-BA0A3C91FF67}" = protocol=17 | dir=in | app=g:\spiele\dragon age 2\dragonage2launcher.exe | "{0E9D39D5-787E-4C55-8FCE-DDA46C320FC0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{11BC2DFA-7282-4D09-A0E7-5E2D2B30203C}" = protocol=6 | dir=in | app=g:\spiele\supreme commander - forged alliance\bin\forgedalliance.exe | "{17025878-C42A-4B05-8F2B-9F8727E906D2}" = protocol=17 | dir=in | app=g:\spiele\dragon age\tools\rpu.exe | "{1B7D1B31-2B8F-4598-8FE0-6847749A4975}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2A3C4070-15A7-4447-B73B-A67690D64506}" = protocol=6 | dir=in | app=g:\spiele\dragon age 2\dragonage2launcher.exe | "{2B04347D-0073-493C-A1DC-85F08E47D501}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{351432A6-267B-4FEE-A69B-A609D81C933C}" = protocol=17 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | "{36E0D10A-FEF2-48BE-B441-8B2AE16EF7F1}" = protocol=6 | dir=in | app=g:\program files (x86)\kabodonline\kabod.exe | "{3A3C8565-276B-44AC-86E9-0964E240177F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3B788F7F-32DE-41AB-8334-607F2E0D93B3}" = protocol=17 | dir=in | app=g:\steam\steam.exe | "{3BD9A57A-1799-44F6-8DAF-337E9B14A9F4}" = protocol=6 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\launcher.exe | "{3C32AACF-F095-4BA9-885B-39527793BF7E}" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\akamai\netsession_win.exe | "{3C3FED73-5EE7-420D-83E1-E6E6A61B9AF5}" = protocol=17 | dir=in | app=g:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{4209AD64-15A7-48B3-8B94-DDB218C30A21}" = protocol=6 | dir=in | app=g:\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{42C1CBDD-73EE-44FE-A0B7-0AAA298ACE20}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43EF9C4A-6A8F-452F-9174-FAA4216C6CE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{447255DD-2105-4945-96DF-CA1075C45C89}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{47EC5C43-D84B-4A35-A22B-3F115DD92396}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{49773A4A-74F6-4ADA-B394-FDEC71706AC5}" = protocol=17 | dir=in | app=g:\spiele\mmo\vindictus eu\en-eu\nmservice.exe | "{4A422186-E504-4968-8295-41239B9EB515}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4EA9FB31-C8E2-4CDE-AA66-075CF300F509}" = protocol=17 | dir=in | app=g:\spiele\new folder\mass effect 3\binaries\win32\masseffect3.exe | "{51690BCC-BE62-45F8-B337-3701AE4DE730}" = protocol=6 | dir=in | app=g:\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{51B30DC3-0D02-4EC0-BB67-CE767FC7E199}" = protocol=17 | dir=in | app=g:\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{54C92787-E427-433A-9B8E-1D0A3714B28D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{55D20CAE-88C4-4051-B802-91442AA95D24}" = protocol=6 | dir=in | app=g:\spiele\mmo\vindictus eu\en-eu\nmservice.exe | "{57476352-65EF-4461-A9F9-39D9565EED1C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{57A6335E-C2CE-4E15-B586-22B936295640}" = protocol=17 | dir=in | app=g:\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{622A5971-D539-4C93-9D00-1349541AD881}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62E19C2D-1AF5-4859-A9A9-1F6381B05D74}" = protocol=6 | dir=in | app=g:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{63706D61-AF54-42E2-A44E-9CC5863934D7}" = protocol=17 | dir=in | app=g:\spiele\supreme commander - forged alliance\bin\forgedalliance.exe | "{63FAC082-7AB3-4BA7-9A4E-46909D4237E1}" = protocol=6 | dir=in | app=g:\spiele\dragon age\tools\lightmapper\eclipseray.exe | "{67188BD1-2A25-479D-BC1E-24F63086C174}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67AE719C-61B5-4CF9-A2B8-EDFB3CDE0CB2}" = protocol=17 | dir=in | app=g:\spiele\dragon age\tools\gffeditor.exe | "{69BABB0B-DDA2-4E07-8338-3016A63639CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{78F1F69E-16FC-4E60-B879-DE76F480CB0B}" = protocol=17 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\blackprophecy.exe | "{790C616B-3A38-4052-A2E5-25F3AC093EF6}" = protocol=6 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\blackprophecy.exe | "{7A254AF9-59E8-4DC5-8BF6-973B8A0F8DD4}" = protocol=17 | dir=in | app=g:\spiele\dragon age\tools\erfeditor.exe | "{7EE0E98F-1F16-443D-984E-169EF617D9AA}" = protocol=17 | dir=in | app=g:\program files (x86)\kabodonline\kabod.exe | "{80F522CF-CAE4-41DF-B602-22839FB32D31}" = protocol=17 | dir=in | app=g:\spiele\dragon age\tools\lightmapper\eclipseray.exe | "{82D664D7-F6BB-49DC-A5C8-E26BA102C86C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84470AE7-706E-4E75-800D-48CDA8B70911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{861E6250-4CE6-4609-B0E6-C9F77FCF61E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{86637E82-C8D7-46C2-ACC7-44A190BB1931}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88C05D32-CFAA-4B76-B830-1C103F35121A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{8C7886D4-8DB0-4A15-AE75-649E611B1E0A}" = protocol=17 | dir=in | app=g:\spiele\gpgnet\gpg.multiplayer.client.exe | "{8DCFEDAD-B393-406F-99FE-50E168081820}" = protocol=6 | dir=in | app=g:\spiele\dragon age\tools\rpu.exe | "{92DCD50B-7BCC-4772-BD01-968CA7698E64}" = protocol=6 | dir=in | app=g:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{99B0E6A4-4059-4125-9D8C-22A25418DAB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A0045B1D-236D-4CAB-938B-181ABA377E94}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{AD1FAB96-F626-47C0-9EA8-409DE93B81A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B0656425-2670-4B08-8A55-F47B6455A595}" = protocol=6 | dir=in | app=g:\steam\steam.exe | "{B423D1BD-029F-491E-BCF3-82C95B889C69}" = protocol=6 | dir=in | app=g:\spiele\gpgnet\gpg.multiplayer.client.exe | "{B7C10759-9986-4C0F-9498-C45469DBC9BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B9C0A7C6-B8AE-4F13-905B-55F70BB613F8}" = protocol=6 | dir=in | app=g:\spiele\dragon age\tools\dragonagetoolset.exe | "{B9FBE5B8-3279-46A6-9545-2206E2809061}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{BF1FAAE5-25F3-4EE5-BCC1-1F8874B1B5AB}" = protocol=6 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\patcher.exe | "{C1A8F72B-EFB9-4081-97E8-922A81396A75}" = protocol=6 | dir=in | app=g:\spiele\new folder\mass effect 3\binaries\win32\masseffect3.exe | "{C594B222-C294-4B52-BB35-ED920BC9FE08}" = protocol=17 | dir=in | app=g:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{C74F3161-2843-4121-92EF-3A5026EEA1CB}" = protocol=6 | dir=out | app=system | "{CB203665-99E9-430A-BA32-47BB9A54ECD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CC4A8FBC-E2FF-4F39-B9DF-2035B2E078BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC879279-F187-4374-BE74-6BF5A72ADE86}" = protocol=6 | dir=in | app=c:\program files (x86)\blastshark\hellgate\blastshark.exe | "{CE732F70-9E5E-4E3F-B468-AF8853E79A8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D209C1F2-551D-4E8C-B057-50B65C5935D5}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{D5FDF7F1-925F-40C9-823C-8E08B3CA9114}" = protocol=6 | dir=in | app=g:\spiele\dragon age\tools\erfeditor.exe | "{D7DA9E61-3E8C-4560-8D81-CD407E7C98A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D887CC5B-FD0F-410B-89C6-93B0AD85291A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DBAF35AD-6468-434A-9542-CEC1379C993E}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{DC7EB0EC-62E6-4764-A602-D4ECD2B83EED}" = protocol=6 | dir=in | app=g:\spiele\dragon age\tools\gffeditor.exe | "{DC99B72C-E02A-44E2-8E0B-2E7C282827CB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E690CBB1-4866-472C-A9CD-A4A5DE01CDDC}" = protocol=17 | dir=in | app=g:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{EB98FB25-5AA1-4305-A0B2-00F4311B3989}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{ECD5E2BE-FD12-4A36-8002-882D8943EEFD}" = protocol=6 | dir=in | app=g:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{F4026027-9A56-4BB5-A68E-61D247F1807F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F61F2E59-C0A9-4CE4-996A-E75398435673}" = protocol=17 | dir=in | app=j:\spielordner\mmo\black prophecy\bin\win32\launcher.exe | "{F9217F9B-3833-4204-9E6F-1A98A15F7FB6}" = protocol=17 | dir=in | app=g:\spiele\dragon age\tools\dragonagetoolset.exe | "TCP Query User{1D5CF4C7-FA47-4B39-97BF-5C8D95841480}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | "TCP Query User{5824992A-0366-4762-A7A4-9316587477F9}C:\program files (x86)\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warhammer 40000 dawn of war ii - chaos rising\dow2.exe | "TCP Query User{6371FF9A-55A5-4152-B4F6-A45A09EE092E}G:\mmo\lotro\lotroclient.exe" = protocol=6 | dir=in | app=g:\mmo\lotro\lotroclient.exe | "TCP Query User{65236671-6BA0-4336-B423-659DFB0044B9}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | "TCP Query User{80644889-F163-4623-B7CC-136353607AFE}C:\windows\syswow64\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe | "TCP Query User{9D2F776F-4D7C-48E1-921B-45A6FAE455EB}G:\mmo\tlbb\bin\tlbbdownload.bin" = protocol=6 | dir=in | app=g:\mmo\tlbb\bin\tlbbdownload.bin | "TCP Query User{A94DB17C-40D1-4274-B71C-BB5F4C8DC42B}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe | "TCP Query User{D0CD15A0-29BA-438D-A000-772FE5B7250D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{2DAFE2DE-075C-436B-BA2C-59525D964479}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe | "UDP Query User{58A6CC96-CE61-48B4-A996-FF129B4E2CBD}G:\mmo\tlbb\bin\tlbbdownload.bin" = protocol=17 | dir=in | app=g:\mmo\tlbb\bin\tlbbdownload.bin | "UDP Query User{A5701B41-E0E3-4A2D-8FF1-1038F4F37D89}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{AA769292-BD9D-431D-B9C1-812E84FDEB06}C:\windows\syswow64\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe | "UDP Query User{B51E196C-BC53-43E1-ACBB-1E6F2890BF83}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | "UDP Query User{B86452AB-C616-491C-A75E-1F0F4ED628BD}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{BBEA6C25-BE46-4764-8271-A6D5A88C30D6}C:\program files (x86)\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warhammer 40000 dawn of war ii - chaos rising\dow2.exe | "UDP Query User{C69F1641-7E60-4095-9373-C2963A85499B}G:\mmo\lotro\lotroclient.exe" = protocol=17 | dir=in | app=g:\mmo\lotro\lotroclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{2eeef4d9-e5f4-4fb8-b67f-fe3e9ebb2efb}.sdb" = Kabod "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{83584F8F-6828-440D-B0B4-52495D5DA803}" = iTunes "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London "{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}" = Oracle VM VirtualBox 4.0.2 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SearchAnonymizer" = SearchAnonymizer "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0BD4A941-1E31-4E1E-9FC2-114889FC4B95}_is1" = Pandora Saga version 1.0 "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1DED5EFD-410A-48DB-909A-2B2022BB50D2}" = Nethergate "{1E0996AC-FE12-46E5-ADB5-4C2E68471B5A}_is1" = Scarlet Legacy "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm "{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM) "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET) "{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite "{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1" = Star wars Battlefront II version 1.3 "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm "{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar "{38C1A0FF-60A8-4821-9035-7055248284CB}" = King of Kings 3 "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset "{405FA152-1638-4FC1-9233-62DB6F2D4C98}" = Geneforge 5 "{4290EA5A-633E-4C6D-B9E3-5FEAEC615CC9}" = Anachronox "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5569C99B-129C-426E-920A-FD1F0DC01FDC}" = Dawn "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder "{639555DF-952A-4161-97F6-AB9807E421D7}" = UFO Aftershock "{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{681F447D-49EC-4D5D-AE0A-145A8AA4E239}" = Nalu "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{778E2400-C2C4-4797-B82C-E5876619B577}" = DeepRipper v 1.1 "{77EF67B3-3A1F-4261-B83D-3FA4FA734154}" = Unlimited Data Manager 9.5.1 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 1.0 "{93DA8968-092B-4E6F-B568-AB8471952143}" = Warlords Battlecry III "{96606195-A36C-4614-9482-D4E61464159D}" = DDS Converter 2 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM) "{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim "{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{D01D2F1D-BDE3-4474-B100-AF8B78E2FA1B}_is1" = AoW: MP Evolution 1.5.141 "{D33821BB-7E4D-4F8B-BC7E-BDC7451DB627}" = Dusk With Help "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando "{E56CA2C2-64C3-11D5-A1C7-30A853C10000}" = BG2 Kit Creator "{E6D45395-C8CE-40D8-BF3A-F0CDA6F1049A}" = ZyXEL Dual Band Wireless N USB Adapter Utility "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EBC0E8C0-63AC-11D4-BEF2-00A0C9E0B324}" = StarTopia "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F284FB94-BF61-4BA6-A662-24E998D4A91F}" = Avernum 6 "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3400-4446-6563-0952" = PoxNora 1.4.7.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic "AI War 4.000" = AI War Auto-Updater "Akamai" = Akamai NetSession Interface Service "AoWSM_UPatch" = AoW... "ARGO" = ARGO Online "Armada 2526 SuperNova_is1" = Armada 2526 SuperNova "Atlantica" = Atlantica "Avira AntiVir Desktop" = Avira Free Antivirus "Baldur's Gate" = Baldur's Gate "Baldur's Gate Tutu" = Baldur's Gate Tutu "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Black Prophecy_is1" = Black Prophecy "CABAL Online_is1" = CABAL Online "CDex" = CDex - Open Source Digital Audio CD Extractor "CDisplay_is1" = CDisplay 1.8 "CloneDVD2" = CloneDVD2 "Combat Mission Shock Force_is1" = Combat Mission Shock Force "Diablo II" = Diablo II "Distant Worlds1.0.6.0" = Distant Worlds "Distant Worlds1.00" = Distant Worlds "Dominions3" = Dominions 3 (remove only) "Dragon Age 2 Mark of the Assassin Expansion (c) EA_is1" = Dragon Age 2 Mark of the Assassin Expansion (c) EA version 1 "EAW_Campaigns_for_OP" = EAW Single-Player Campaigns for SFC:OP - 20030330 (remove only) "Elemental: War of Magic_is1" = Elemental: War of Magic "Exult_is1" = Exult 1.4.9rc1 Snapshot "Fallout New Vegas_is1" = Fallout New Vegas "Fallout_is1" = Fallout "Foxit Reader" = Foxit Reader "Free CD Ripper_is1" = Free CD Ripper 3.1 "Freelancer 1.0" = Freelancer "Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21 "InFlac" = InFlac 1.1.1 "InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar "InstallShield_{D33821BB-7E4D-4F8B-BC7E-BDC7451DB627}" = Dusk With Help "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Kotor Tool" = Kotor Tool "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Master of Orion 3" = Master of Orion 3 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OGPlanet Game Launcher" = OGPlanet Game Launcher "OGPlanet Game Launcher US" = OGPlanet Game Launcher "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PSPad editor_is1" = PSPad editor "Rage of Mages" = Rage of Mages "Republic at War 1.1" = Republic at War 1.1 "RGF HotSpot_is1" = RGF HotSpot version 0.6b "Rites of War" = Rites of War "Runic Games Torchlight" = Torchlight "Satinav" = The Dark Eye - Chains of Satinav "SD Gundam Capsule Fighter" = SD Gundam Capsule Fighter "SilentInstall" = SilentInstall "Sins of a Solar Empire Rebellion (c) Stardock_is1" = Sins of a Solar Empire Rebellion (c) Stardock version 1 "Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity "Space Empires V_is1" = Space Empires V "Space Rangers 2" = 1C Company\Space Rangers 2 - Reboot Add-on "ST6UNST #1" = PeG Campaign Editor "ST6UNST #2" = Aurora "ST6UNST #3" = Hero Editor V0.96 "Star Trek Online" = Star Trek Online "Star Trek Starfleet Command III" = Star Trek Starfleet Command III "Starfleet Command III Patcher" = Starfleet Command III Patcher "Starfleet Command Orion Pirates" = Starfleet Command Orion Pirates "Starfury_is1" = Starfury "Starships Unlimited v33.50" = Starships Unlimited v3 "STORM: Frontline Nation (c) Colossai Studio_is1" = STORM: Frontline Nation (c) Colossai Studio version 1 "Sword of the Stars II Lords of Winter_is1" = Sword of the Stars II Lords of Winter "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "The Complete Ultima VII_is1" = The Complete Ultima VII "The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack "The Void_is1" = The Void "The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition "Titans Of Steel Warring Suns1.21" = Titans Of Steel Warring Suns "TradersLittleHelper_is1" = Trader's Little Helper 2.7.0 "UEAW v4 " = UEAW v4 "Ultima 4 - Quest of the Avatar_is1" = Ultima 4 - Quest of the Avatar "Ultima IX" = Ultima IX "ULTIMATE UNIVERSE 1.0 FULL VERSION" = ULTIMATE UNIVERSE 1.0 FULL VERSION "Venetica_is1" = Venetica "Vindictus EU" = Vindictus "VLC media player" = VLC media player 1.0.3 "Warhammer 40000 Dawn of War II - Retribution_is1" = Warhammer 40000 Dawn of War II - Retribution "Winamp" = Winamp "WinBiff" = WinBiff "WinGimp-2.0_is1" = GIMP 2.6.11 "Worlds of Ultima - The Savage Empire_is1" = Worlds of Ultima - The Savage Empire ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "SOE-DC Universe Online Live" = DC Universe Online Live "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.07.2012 18:43:40 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0065aafb Faulting process id: 0x414 Faulting application start time: 0x01cd6ddab631a670 Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: d73254da-d9ce-11e1-b7c2-00ade1ac1c1a Error - 29.07.2012 18:44:50 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x00661a74 Faulting process id: 0xd8c Faulting application start time: 0x01cd6ddba209b91c Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: 01377a3c-d9cf-11e1-b7c2-00ade1ac1c1a Error - 29.07.2012 18:46:22 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x00661a74 Faulting process id: 0x1248 Faulting application start time: 0x01cd6ddbcb15d4d9 Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: 37a205d6-d9cf-11e1-b7c2-00ade1ac1c1a Error - 30.07.2012 05:34:26 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0004ddca Faulting process id: 0x11e8 Faulting application start time: 0x01cd6e327cc5d5f0 Faulting application path: G:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: G:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: c02d10bb-da29-11e1-93f1-00ade1ac1c1a Error - 30.07.2012 05:36:21 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0065d7d2 Faulting process id: 0x100c Faulting application start time: 0x01cd6e368c3d6b1a Faulting application path: G:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: G:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: 053f70ed-da2a-11e1-93f1-00ade1ac1c1a Error - 30.07.2012 06:23:55 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x0002de64 Faulting process id: 0xf88 Faulting application start time: 0x01cd6e36cd603f6e Faulting application path: G:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: a9efe2ab-da30-11e1-93f1-00ade1ac1c1a Error - 30.07.2012 10:55:55 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: PROPSYS.dll, version: 7.0.7600.16385, time stamp: 0x4a5bdacb Exception code: 0xc0000005 Fault offset: 0x00086dda Faulting process id: 0x4f4 Faulting application start time: 0x01cd6e5a788402ee Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: C:\Windows\System32\PROPSYS.dll Report Id: a99f5c36-da56-11e1-93f1-00ade1ac1c1a Error - 30.07.2012 11:25:06 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x006a9a41 Faulting process id: 0xcf4 Faulting application start time: 0x01cd6e63f3492ded Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: bd89aa44-da5a-11e1-93f1-00ade1ac1c1a Error - 30.07.2012 12:18:28 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0xc0590fc1 Faulting process id: 0xa30 Faulting application start time: 0x01cd6e679dae11eb Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: unknown Report Id: 320044fa-da62-11e1-93f1-00ade1ac1c1a Error - 31.07.2012 06:01:21 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x006a55a6 Faulting process id: 0xdb0 Faulting application start time: 0x01cd6efff327f70e Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: ad6fd0d5-daf6-11e1-bff7-00ade1ac1c1a Error - 31.07.2012 08:40:08 | Computer Name = Walter-PC | Source = Application Error | ID = 1000 Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x006a55a6 Faulting process id: 0x748 Faulting application start time: 0x01cd6f16d80d84f0 Faulting application path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Faulting module path: g:\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe Report Id: dc2bc79f-db0c-11e1-bff7-00ade1ac1c1a [ System Events ] Error - 31.07.2012 13:02:29 | Computer Name = Walter-PC | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 31.07.2012 15:13:35 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The Htsysm service failed to start due to the following error: %%2 Error - 31.07.2012 15:16:40 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 31.07.2012 15:16:40 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 31.07.2012 15:39:13 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The Htsysm service failed to start due to the following error: %%2 Error - 31.07.2012 15:42:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 31.07.2012 15:42:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 31.07.2012 16:01:36 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The Htsysm service failed to start due to the following error: %%2 Error - 31.07.2012 16:04:28 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 31.07.2012 16:04:28 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report > |
02.08.2012, 15:32 | #2 |
/// Helfer-Team | Trojan.Phex.THAGen6 mit mbam bekämpft - was nun?Wo ist das Log von MBAM? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - [2011.12.27 11:08:57 | 000,035,006 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe SRV - [2012.07.10 19:39:16 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2010.01.19 19:18:52 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372 633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc IE - HKCU\..\SearchScopes\{27D25B5B-DAFC-41B0-814A-EE90AF79415D}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{4429B596-9566-48E1-A011-CA0506DCE0F1}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{55C6D464-E35F-4BF1-972F-32FDE406C12D}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{6ADCBB2A-39CE-4F2A-B95F-C045DF333A94}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{6AEC28C8-63E1-46f5-8DD5-39DCF4E6764F}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{9F6DBEC7-7B2D-47d6-88AC-6345A5BEE05F}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AF FFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFO RID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{A365003D-6B17-47FA-85FE-1A0F35C22CF1}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\..\SearchScopes\{FA8CD90D-1C93-45F8-80A2-86965F003ED8}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=176d6301-e81d-4de9-942f-d806fcca51c8&pid=nc&mode=bounce IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; FF - prefs.js..browser.search.selectedEngine: "100 Search Engines" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.bluewin.ch" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6 FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {E4D8AFFF-DA7C-412F-A976-05ED142C7806}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Walter\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Gaslamp Games] C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.10.27 14:52:25 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\Shell - "" = AutoRun O33 - MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\Shell - "" = AutoRun O33 - MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002.11.04 13:25:20 | 001,863,430 | R--- | M] () O33 - MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\Shell - "" = AutoRun O33 - MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- [2002.11.04 13:25:20 | 001,863,430 | R--- | M] () O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Launch.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] @Alternate Data Stream - 537 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP06A4C76 :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
02.08.2012, 19:52 | #3 |
| Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? Danke für die Antwort, t´john,
__________________oooops....vergessen Das mbam log: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Walter :: WALTER-PC [administrator] Protection: Disabled 31.07.2012 17:54:39 mbam-log-2012-07-31 (17-54-39).txt Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1497227 Time elapsed: 3 hour(s), 8 minute(s), 47 second(s) Memory Processes Detected: 1 C:\Users\Walter\AppData\Local\Temp\vohigzkbcn.exe (Trojan.Phex.THAGen6) -> 3628 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Phex.THAGen6) -> Data: C:\Users\Walter\AppData\Local\Temp\vohigzkbcn.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Walter\AppData\Local\Temp\vohigzkbcn.exe (Trojan.Phex.THAGen6) -> Delete on reboot. C:\Users\Walter\AppData\Local\Temp\gnquggbnst.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully. C:\Users\Walter\AppData\Local\Temp\kecmkjekfxzuskwkhgqhrcr.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully. C:\Users\Walter\AppData\Local\Temp\mzyitcylscgyexywtgtocu.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully. C:\Windows\Driver Cache\i386\Temp\wfdmgr.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. (end) rechts unten behauptet die kleine Anzeige, daß ich Internetverbindung habe, Firefox findet aber trotz Neuinstallation (ich hatte die setup-Datei noch und dachte vielleicht ist es ja schon das) keine Seiten. Kein Lesezeichen funktioniert, immer nur: FEHLER - Server nicht gefunden. Internet explorer dasselbe Spiel, nur mein Laptop lässt mich noch ins Netz. Alles andere (soweit ich es ausprobiert habe) geht noch. Wie behebe ich nun das? Und Du sagst mir wenn ich den defogger zurücksetzen kann? -oh und bevor ich es vergesse, das Log des Fixdurchlaufs: Code:
ATTFilter All processes killed ========== OTL ========== Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully. Service SearchAnonymizer stopped successfully! Service SearchAnonymizer deleted successfully! C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully. C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{27D25B5B-DAFC-41B0-814A-EE90AF79415D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27D25B5B-DAFC-41B0-814A-EE90AF79415D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4429B596-9566-48E1-A011-CA0506DCE0F1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4429B596-9566-48E1-A011-CA0506DCE0F1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55C6D464-E35F-4BF1-972F-32FDE406C12D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C6D464-E35F-4BF1-972F-32FDE406C12D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ADCBB2A-39CE-4F2A-B95F-C045DF333A94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ADCBB2A-39CE-4F2A-B95F-C045DF333A94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AEC28C8-63E1-46f5-8DD5-39DCF4E6764F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AEC28C8-63E1-46f5-8DD5-39DCF4E6764F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F6DBEC7-7B2D-47d6-88AC-6345A5BEE05F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F6DBEC7-7B2D-47d6-88AC-6345A5BEE05F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A365003D-6B17-47FA-85FE-1A0F35C22CF1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A365003D-6B17-47FA-85FE-1A0F35C22CF1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA8CD90D-1C93-45F8-80A2-86965F003ED8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA8CD90D-1C93-45F8-80A2-86965F003ED8}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "100 Search Engines" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.bluewin.ch" removed from browser.startup.homepage Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 removed from extensions.enabledItems Prefs.js: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6 removed from extensions.enabledItems Prefs.js: artur.dubovoy@gmail.com:2.0.21 removed from extensions.enabledItems Prefs.js: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: {E4D8AFFF-DA7C-412F-A976-05ED142C7806}:1.0 removed from extensions.enabledItems Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully. C:\Users\Walter\AppData\Roaming\OCS\SM\SearchAnonymizer.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. C:\Users\Walter\AppData\Local\Akamai\netsession_win.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Gaslamp Games deleted successfully. C:\Users\Walter\AppData\Roaming\Gaslamp Games\upd.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. E:\Autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16405760-8927-11e0-9134-485b39779ef0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16405760-8927-11e0-9134-485b39779ef0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16405760-8927-11e0-9134-485b39779ef0}\ not found. File F:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16405778-8927-11e0-9134-001e101fb4df}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16405778-8927-11e0-9134-001e101fb4df}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16405778-8927-11e0-9134-001e101fb4df}\ not found. File F:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5590550d-d4b4-11df-be1c-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5590550d-d4b4-11df-be1c-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5590550d-d4b4-11df-be1c-806e6f6e6963}\ not found. File move failed. E:\Setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{560a4d2b-dba1-11e0-b6c3-00ade1ac1c1a}\ not found. File F:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a91dad5-8925-11e0-af5a-485b39779ef0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a91dad5-8925-11e0-af5a-485b39779ef0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a91dad5-8925-11e0-af5a-485b39779ef0}\ not found. File F:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File move failed. E:\Setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. File K:\Launch.exe not found. C:\Windows\SysNative\SETB749.tmp deleted successfully. ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk deleted successfully. Unable to delete ADS C:\ProgramData\TEMP06A4C76 . ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Walter\Desktop\cmd.bat deleted successfully. C:\Users\Walter\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Walter ->Temp folder emptied: 455863413 bytes ->Temporary Internet Files folder emptied: 23733785 bytes ->Java cache emptied: 2672 bytes ->FireFox cache emptied: 986059291 bytes ->Flash cache emptied: 11480 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 868352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 710809 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.399,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: UpdatusUser User: Walter ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 08022012_200348 Files\Folders moved on Reboot... File move failed. E:\Autorun.inf scheduled to be moved on reboot. File move failed. E:\Setup.exe scheduled to be moved on reboot. C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... [2002.10.27 14:52:25 | 000,000,040 | R--- | M] () E:\Autorun.inf : MD5=CE8D928BF946064F362E60A60639DD9B [2002.11.04 13:25:20 | 001,863,430 | R--- | M] () E:\Setup.exe : MD5=E29158FE61423B39FB4481473FB8BF70 File C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... |
03.08.2012, 13:22 | #4 |
/// Helfer-Team | Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? Wie stellst du Interneverbindung her? WLan? Kabel? |
05.08.2012, 13:11 | #5 |
| Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? WLAN. Warum? Windows selbst erkennt die Internetverbindung ja und behauptet Internetzugriff zu haben. Nur meine Anwendungen haben da nichts von . |
05.08.2012, 20:46 | #6 |
/// Helfer-Team | Trojan.Phex.THAGen6 mit mbam bekämpft - was nun?Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL :Services :Reg :Files ipconfig /flushdns /c ipconfig /all /c netsh winsock reset catalog /c netsh winsock reset /c netsh int ipv4 reset reset.log /c netsh int ipv6 reset reset.log /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ --> Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? |
22.08.2012, 01:15 | #7 |
/// Helfer-Team | Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Trojan.Phex.THAGen6 mit mbam bekämpft - was nun? |
7-zip, akamai, antivir, bho, black, bonjour, converter, down, failed, firefox, flash player, hotspot, install.exe, logfile, nexus, ntdll.dll, nvidia update, object, pando media booster, pirates, plug-in, realtek, scan, security, shark, snap-in, software, super, svchost.exe, teamspeak, trojan.phex.thagen, trojan.phex.thagen6, usb 3.0, viren, virtualbox, windows, zahlung |