| |
| |||||||
Log-Analyse und Auswertung: GVU 2.07 - nun bin ich auch dran..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.08.2012, 06:12
| #1 |
| |  GVU 2.07 - nun bin ich auch dran.. Sehr geehrte Helferlein, Heute Nacht hat es mich leider auch erwischt. Seit etwa 3 Uhr hock ich nun vor meiner Kiste und versuch sie wieder ans laufen zu bekommen - vergeblich. Nun bin ich zufällig auf Eure Seite gestoßen. OTL Log: Code:
ATTFilter OTL logfile created on: 02.08.2012 07:05:10 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,59% Memory free 8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 18,45 Gb Free Space | 12,38% Space Free | Partition Type: NTFS Drive D: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 120,11 Mb Total Space | 109,38 Mb Free Space | 91,07% Space Free | Partition Type: FAT Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kev\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 D8 A6 55 75 23 CC 01 [binary data] IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.155.139.115:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "64.120.226.94" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "64.120.226.94" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.120.226.94" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "64.120.226.94" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.07 21:43:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:58:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 18:56:22 | 000,000,000 | ---D | M] [2011.04.18 21:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions [2012.05.20 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions [2012.05.20 11:31:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.19 14:45:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\battlefieldheroespatcher@ea.com [2011.07.08 17:34:40 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\DefaultManager@Microsoft [2012.04.26 15:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.08 23:45:00 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI [2012.01.02 01:42:09 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.04.29 21:29:12 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI [2012.07.18 01:58:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.11 18:56:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 22:58:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 22:58:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 22:58:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.06.11 22:59:39 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.13 22:58:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 22:58:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 22:58:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.04 04:41:35 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7b68b01a-19e9-11e1-a9b2-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{7b68b01a-19e9-11e1-a9b2-00ff01000001}\Shell\AutoRun\command - "" = E:\INSTALL.EXE O33 - MountPoints2\{ff8514aa-d0d0-11e1-ab7d-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{ff8514aa-d0d0-11e1-ab7d-00ff01000001}\Shell\AutoRun\command - "" = E:\raf-risen_hd_ce.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 07:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2012.08.02 07:02:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.02 07:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.02 07:02:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2012.08.02 07:02:25 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.02 05:49:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.28 14:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay [2012.07.24 14:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.24 14:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012.07.24 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen [2012.07.24 13:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\SKIDROW [2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen2 [2012.07.19 01:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.19 00:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.07.19 00:44:20 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.19 00:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.07.12 02:16:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 02:16:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 02:16:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 02:16:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 02:16:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 02:16:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 02:16:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 02:16:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 02:16:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 02:16:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 02:16:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 02:16:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 02:16:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.12 01:20:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.12 01:16:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.12 01:16:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.08 15:29:05 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike [2012.07.08 15:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike [2012.07.08 15:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 07:04:05 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.02 07:04:05 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.02 07:04:05 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.02 07:04:05 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.02 07:04:05 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.02 07:02:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.02 07:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 07:01:05 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 06:59:08 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.02 06:58:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2012.08.02 06:56:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 02:50:29 | 000,001,877 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.02 00:38:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.01 20:39:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 20:39:09 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 02:56:52 | 000,001,354 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.07.28 15:04:35 | 050,846,578 | ---- | M] () -- C:\Users\Kev\Desktop\Raplays.rar [2012.07.28 14:19:51 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.07.28 14:19:51 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.07.27 16:50:43 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.19 00:45:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.07.19 00:44:20 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.12 23:50:20 | 000,000,080 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\mBot.ini [2012.07.12 12:57:48 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 07:02:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.02 02:50:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 02:50:29 | 000,001,877 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.01 02:56:52 | 000,001,354 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.07.28 15:04:22 | 050,846,578 | ---- | C] () -- C:\Users\Kev\Desktop\Raplays.rar [2012.07.28 14:18:56 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.07.28 14:18:56 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.07.19 00:45:28 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.03.29 17:37:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.29 17:37:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat [2012.03.29 17:37:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.01.27 17:01:49 | 000,186,197 | ---- | C] () -- C:\ProgramData\1327676404.bdinstall.bin [2012.01.27 16:52:38 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2012.01.27 16:52:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll [2012.01.12 01:39:09 | 000,358,414 | ---- | C] () -- C:\ProgramData\1326324280.bdinstall.bin [2012.01.04 04:42:06 | 000,000,080 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\mBot.ini [2011.10.30 19:08:09 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.01 01:30:54 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.09.01 01:30:54 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.09.01 01:30:54 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.08.31 22:04:46 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.08.15 15:28:47 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.07.02 20:37:53 | 000,000,031 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\esroLoader.ini [2011.06.23 02:03:19 | 000,000,105 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\private_server_loader.ini [2011.06.22 23:59:59 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2011.06.22 17:16:06 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2011.06.22 17:15:48 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011.05.14 09:33:49 | 001,598,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.19 15:17:23 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.19 15:17:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.18 22:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.06.22 23:59:59 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\BITS [2012.07.19 00:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\DAEMON Tools Lite [2011.05.29 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\edxLabs [2011.06.22 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGet [2011.06.22 17:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGetBHO [2012.05.17 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Leadertech [2011.04.18 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient [2012.05.24 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient2 [2011.11.18 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\OpenOffice.org [2011.10.26 23:19:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Origin [2011.04.21 22:21:26 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\PunkBuster [2012.01.12 01:25:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\QuickScan [2011.04.19 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\SFBot [2012.04.15 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TeamViewer [2012.07.16 22:40:40 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TS3Client [2012.06.26 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\wargaming.net [2011.08.29 18:05:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\www.rene-zeidler.de [2012.06.24 11:47:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras-Log (OTL): Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 07:05:10 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,59% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 18,45 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive D: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 120,11 Mb Total Space | 109,38 Mb Free Space | 91,07% Space Free | Partition Type: FAT
Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06899AAF-E55A-436C-957E-0F70AC5A5467}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{094F37A6-47F8-4268-9CF3-E0352333817C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{129658BE-1364-420C-A067-7907A997FA76}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{16BF999B-A54A-461C-A443-18866C19BDED}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{18DC69EC-F6B7-4A4E-A08B-BBBEC537C4EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C30B52F-3572-40FC-AC47-084DF5C92919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2290F550-86C1-4E48-91CA-4D64212456A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B0E1B0F-7422-49CD-9249-811E3A0D9E0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E5BA39B-B2DD-48F2-8DC5-8CA26F881191}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{2FD372C9-FC8A-4FFA-B9D1-68D0568ED7C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30DCC186-613B-4964-9791-83B522C78524}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{340DED20-CEEE-47B7-8C64-962666B96C2A}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{39E37FA2-2793-496F-97BC-687277B1858C}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B1F684E-F560-4DE8-BB97-F15FDAB2794A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D325BBC-75CB-45D9-AECD-70B158E3DFBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4317AC17-A4F7-4EBB-8E51-B846D960281B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4F8E3366-9105-4DF0-A276-28125FC63668}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{61845226-8B84-4927-A695-9579C011F5CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{697138E3-8B41-4543-9472-2EAC4DE4E300}" = lport=139 | protocol=6 | dir=in | app=system |
"{762A79D9-9B9E-48BC-B940-4A593766F867}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{80EC02E3-B068-49C8-927F-748D0A0C8A9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{811B8076-3994-4528-B422-4227FD2238CC}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface |
"{85E7C377-6ADB-4597-9043-65528C884E87}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87DE1166-DF1E-45D5-9340-BC1809C32D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9013E1D1-5CD7-4AE0-8A69-D5E17E5C281B}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface |
"{952E55AE-A6B0-4989-8FD9-25B6E56ECDAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{99240B89-1C8E-4971-BD0F-2934EA5251C7}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{9DACBF95-2D20-4243-B4D6-930DBCA956AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB6D2BBB-FC07-4513-909E-0510B7174D01}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC7CA488-04A0-4198-8DE5-50CD591D14B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B416EC4E-1964-4198-9BA9-101DD684D41E}" = lport=137 | protocol=17 | dir=in | app=system |
"{BACBB0B5-4D6C-4464-8891-81E9F69A088E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC880336-957F-4647-8CD0-6B8950596F42}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{BCC5ADA0-B77B-492F-A3BE-96758471721D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C0B1ECE5-6BC2-460A-B9F2-3CB8BC3AC5E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5520744-7AE6-48AB-AA52-03A7183F3AEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C93C3361-917F-453E-A996-43F9B68BFD37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC0653FB-F25D-41FA-BDB2-CCC3CDB966C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4D6F56D-CF4E-4D64-99D9-71444D2F484C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8301A37-4A62-4C01-A7EB-858F88FF9D14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF47ADF3-1B5E-4A27-A7B2-31D14BD4BC88}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface |
"{DF9C3A56-F22D-4020-9D9C-AF6ABAC5E721}" = rport=445 | protocol=6 | dir=out | app=system |
"{E93D3E22-2331-4995-965B-3F46B156DD0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9DAA044-4BDA-42CE-AE18-8E640A0BAD4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB421CB5-BEF9-4BD8-8B7B-F15DD2401567}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{EC1FF399-47D7-4AF3-B584-ED84A59FCF10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0CC8030-4D06-4CE2-B0C5-9C3397C9EB8D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F77DEC57-F1F5-474A-9CA4-3DAA9244D1E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D0026-E596-4656-93BF-FCA3CBAF63FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{00318544-6C30-4EA3-8A95-A0549A4DC7E4}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{04274D3E-F86B-4DDC-BD17-ABB6C01C89DB}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{11B87D12-9B27-433D-92D4-1171576B8D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{139B59F1-129C-4890-95B0-B355EEFFA77D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1845DD98-797A-40CB-A951-004356740405}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{18566774-4DDF-44EA-90ED-CEB18CC49811}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ABF53D5-859B-439C-BB79-C441AD1D6852}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{1EE39107-D716-41EB-8473-FF9FABC3AD3F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{21F8C564-0A6D-4D53-BF22-0BAF4F5E3173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{259E79AA-693E-4E63-AFEC-5CA61C514AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{302F7C49-4D00-4887-93EF-EF7A01711741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3148EC32-9B27-411B-A3CE-5BCCCFF34371}" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe |
"{32CB6DE0-9BC6-45BE-9210-CB67B671970F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3570F312-217C-4561-A601-1790D466F516}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{35CA1254-12DB-4ABF-8AAD-6236EE5DB1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3AB9962C-033D-41F7-ABFB-8AF42C1B2417}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B159C87-E076-4862-A06B-3B88B02A97BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3DDD1944-7DD4-4813-BF09-E76B8AC55276}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3FE909DF-E809-4D82-8A71-CEC29CAB24CE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{420A3B12-5963-4F36-AEB9-49273A6D23DF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52CF82A9-AD96-4229-AD2E-3186E4DDFD67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{54787DBD-A967-46FB-BED6-4F624E8601A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5773BE1D-C440-4D55-9121-5124E5EAA146}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{5A7C78D4-32DD-43EE-B76D-DCA0795333A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F8F13F6-32C9-4530-BF37-252A93E1E3F1}" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe |
"{61BEEDE4-1FF1-4D8F-A9A8-D8F6F610057A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{62D6F4B3-FCD2-46F0-98E1-6EFFE37243F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6396A34E-3A12-463C-A26C-C04030F21A69}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{680010D0-438D-40AB-9C31-FF1BA27DF3A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E17D508-0117-4246-9E8A-E0180B309BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6FF48710-D60E-4938-A4CF-5BF00EDC8A4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71BBB0C0-3E7C-45CD-8FED-B33CE730585D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{742E9162-0469-49B3-AF0D-AC4BC9C0DCDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78475BEB-1CDB-4CEE-A684-47191CD0E249}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{80C67BF7-1537-433C-89A8-A1AF815D0AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{859DA5B1-1686-470B-8C30-E3105DB42A5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8854119F-2C1C-4CAB-8133-C6151A312BBC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90809ED9-3475-4789-B41C-1D195BEE085D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9B8FAA93-C559-4B15-A58A-BF4F155B100C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A5ACDC48-D95C-46FC-8E7E-8BA48FF868E4}" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe |
"{AA8F5570-5931-488A-A676-1EBBA108BB76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{ABF751D2-2277-442E-A1E6-2617667C928D}" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\projectpowder\run.exe |
"{AC228EC3-1B8F-4E3E-AB09-888F57C768DC}" = protocol=6 | dir=out | app=system |
"{AC7D552B-2571-436A-AFC4-14621E35451D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4E2C6B3-2DD9-44D9-9053-D0D9A5D50A6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B68E13BC-DE84-43B9-813A-4755921859E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BE34357C-9AE7-4DDE-944D-28B8BCCF5A16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFA8871C-12DD-4A35-9685-C45896D9C2F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D05C3A84-2280-42B6-AE5F-56E542A4D516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D403CC78-D022-4BDE-84E1-4A694504B654}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D464B792-A60A-41CE-BBF9-2B81421E76E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D5C2AAB7-7C78-419F-9079-BFC56683176C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC6F38B7-B134-4661-9D02-B32780BA832B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC6FD7C5-5C23-4FB7-A666-F485D35B5322}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2554337-6958-4387-8C0E-FFF00512E75E}" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"{E484DB76-08F0-4EE6-87EC-BD3836BDB17B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4AB8A94-2375-4762-BBDF-8B6EE7AAE94D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E9E7C839-0593-4C15-AD0D-D14D5E4A6BF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB28E950-F62E-452A-A93C-4C1929061C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{ECE4B7B2-2B18-4230-B57C-C8E517888023}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EE98AE5F-F0DD-4F2A-B259-0CCA6E9DF2E9}" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"{F0145CE3-430C-402E-BC53-E9E9E857668E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F39386CC-DD50-474A-9971-A514C3DF796F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F6C01D38-B9DB-4D46-BAFB-80847EF7947B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F969D79D-0763-4D2E-A487-8663B764A41B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDBE4F2A-82D4-443A-8080-F0DBC19C3050}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{0800EBC8-4723-40F6-A09B-41EFC7F05FA9}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{0918F4C4-D0C1-43F6-AF6D-589A4A28E141}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{117D5FB5-B217-41E5-9804-2AC33D168E0A}C:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe |
"TCP Query User{2261F7D2-7EFF-4D04-B258-237EC4B4B239}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{239A2806-E01F-4EB7-A8C3-757D07D191F2}C:\program files (x86)\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"TCP Query User{2B71EBE9-7BC3-4B25-A3E1-DC32B696801E}C:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe" = protocol=6 | dir=in | app=c:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe |
"TCP Query User{31733883-3093-4C7D-8235-F742878B83FC}C:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe |
"TCP Query User{3373EA4A-1C51-466F-A815-DBF8AA28F1AE}C:\program files (x86)\tera\tera uncensor patcher v1.7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera uncensor patcher v1.7.exe |
"TCP Query User{3B36A67B-D56F-4F75-B24A-8D5BA97F934E}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{4412870E-8A02-4BDC-A12B-F34D1BE0806E}C:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe |
"TCP Query User{456A7327-1996-4118-B237-888B6BB40AF5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{4A13526F-5136-4858-BEA3-FB55E621CB93}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{4B347490-CCF9-403A-AA91-EA6EDAEF0078}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{4BE0B4F4-6A90-4E12-A0BE-F92C647F4727}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{4DAA6127-213A-4488-8A0F-E936D2449BC3}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{557F0DE6-E22A-4F38-867A-7AB422B75704}C:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe |
"TCP Query User{6322BEB4-95B6-4E47-959E-C75953AA4F9F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{69CB2E38-8105-44DA-895A-BFC44EBB938F}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{6A4F8923-931D-40D7-A61F-702D09A4BDF5}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe |
"TCP Query User{6A5A0029-FFEC-495A-94EB-68CB56F65A58}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe |
"TCP Query User{71981F82-075C-49F2-ADAB-01C8D160B181}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe |
"TCP Query User{7516672F-41BF-4D28-A633-D061120CB9AF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{810C9F88-E049-40FE-90A6-F8AAB8B30E45}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{8B048F6E-65EC-4344-933A-726146A27ADB}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe |
"TCP Query User{8B9E94F9-807B-4A43-B578-B2743E718EFD}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{9CF2CA1F-3743-4680-B52F-BAFF7A2E0DFB}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{9FDCFB5A-64FB-43EB-B508-7787BF1A1B97}C:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe |
"TCP Query User{A1820E9D-A4BA-4070-AAB5-EAF708049DD9}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{A37F11F0-F509-4B87-AE73-6C242F67D527}C:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe |
"TCP Query User{A6E6817F-B98D-4312-9997-F6F59336D437}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{AB0B8C69-1C41-4A13-B1D0-EDD0D03CF8DF}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe |
"TCP Query User{AB4B9808-B25E-4676-BDF5-61C5E6131275}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{B671C6D5-EBD6-4710-BD3C-4D2CF9AF78F3}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe |
"TCP Query User{B70A14C5-591A-4B07-823D-95ADBD26B16E}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{B97B8DB1-84A2-435E-A195-FD79C231222F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{BC1968F0-0363-4656-BA14-0DA17504B498}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{BE60BE30-BFF9-4B8A-BB90-D52AC9DDFDC6}C:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe |
"TCP Query User{C958B64F-E58C-4277-B1AF-8A6A34C17EDE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{CF924F34-9198-4932-A674-C1D22841BF85}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{D52CAB53-DE6E-456D-A679-DD2EA19644EE}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D9AC46FF-A296-4188-94CE-54B942DE4770}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DD695EE1-2F6D-44AB-83CC-283AB66E6F6A}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=6 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe |
"TCP Query User{E04444BD-ACA8-4691-AE57-FB5D7685AB3A}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{E23A0A0F-B602-45A5-BD9A-4E2D483EBB56}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E87BFAEA-C15A-4F1B-A597-81C678E0231C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EDD87E9F-3D0C-42CC-9396-1FF606345763}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{F01FAFB2-1776-40EA-8F49-686AF3A01665}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{FAE274DE-A988-4249-B042-D3B8C006D042}C:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe |
"UDP Query User{0244E1A6-4D16-459A-A459-47635936E1C5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{04509A9A-CE84-40C8-9BBC-C99857BC1A94}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{05D8E21E-BDDB-49D5-AB21-28EA3F9FB1CF}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe |
"UDP Query User{0EB835E5-FDE8-4879-B943-1A001ADB49F8}C:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe" = protocol=17 | dir=in | app=c:\users\kev\documents\silkroad bot\ibot\_ibot__public_released_v1.1.9\ibot.exe |
"UDP Query User{124A9D4B-F3E4-4151-B7EC-8805D17D0585}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{14E2A14D-B330-444D-8200-5A6DD99820AD}C:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_sror1.2\mbot_sror.exe |
"UDP Query User{17F5EE90-85D0-4068-BEF9-8A7BA7B5F5A7}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=17 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe |
"UDP Query User{25BCC645-3F91-4D8B-A0A6-795F4205B343}C:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_twink\mbot_vsro110.exe |
"UDP Query User{31267D8F-1B58-45BA-A102-08EA674187E6}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{3B1DA0C3-B8CF-4160-9435-4B8C0B021546}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{416C0085-EB9C-4E10-AC33-21051CBBA04F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{431AF372-1D71-4061-91B9-8189D984C05B}C:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\vsroautoalchemy\fuse-o-mat\fuse-o-mat - release\phconnector\phconnector.exe |
"UDP Query User{480DF683-7974-41FE-9306-2B323EB5E207}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{58C8E833-DFAC-4C56-872C-D56816B431B7}C:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\grindroad+online\grindroad online\mbot_vsro110_1.10b\mbot_vsro110.exe |
"UDP Query User{5DF45C4B-FDB1-4311-8C74-737FA94AD5D4}C:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\desirexsro\mbot_vsro110_1.12b\mbot_vsro110.exe |
"UDP Query User{6108F793-811A-446C-A349-2E626A0558AB}C:\program files (x86)\silkroadr\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\ibot.exe |
"UDP Query User{612723A5-1E02-44DE-A604-08368F88C700}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{6216C657-FED4-4852-A445-FCE2FB027C2E}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe |
"UDP Query User{67B3141A-CECE-4C3F-A04C-25981C59A900}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{6A6466B6-B875-4D51-BF74-9B687B719536}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{6B38E4FD-0947-4B7C-A02D-4F9A66B986F1}C:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\ibot\agbot\packag5.2.0b.nomap\agbot.package\hackshieldstuff\hsserver\projecthsbypass1.4.exe |
"UDP Query User{6FA3DCD6-ECD0-4189-8244-B8064DC6014F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{70B320A2-4A4E-44F3-8DCD-D9BA4CD08E58}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{713ECE48-FB29-4543-BF00-F0149BAF1876}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{89CF1275-2DEC-4E3B-81BB-BB5688DFAB5E}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{8B4477AB-AF9B-4A71-A5CD-627DAA0ECF45}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{986803BB-588D-4072-A79E-7B6553915AC5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{9C4EB171-C45E-4100-A6BB-636F5C3D4E0C}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9D1D5AEE-BFCA-4477-B8AD-18612C5C9479}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9E2AAE4A-05B1-408B-8E91-EB6CCCD2F91F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A623D524-2182-473B-8542-7708BA185B89}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{ACA43002-9DA1-40A9-9659-F992F56686FB}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{B42604A8-BD49-492F-B182-22C67B4F7D32}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe |
"UDP Query User{B567011D-7E5B-48D1-B2B8-84A8403893BC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{BC198B22-4958-48DD-94AC-F241FF8DF013}C:\users\kev\desktop\spiele\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\wc3\war3.exe |
"UDP Query User{C3514880-36C0-43A7-A414-6797514122C9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C519D022-7FB4-4E32-B139-FEC37A92CE41}C:\program files (x86)\tera\tera uncensor patcher v1.7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera uncensor patcher v1.7.exe |
"UDP Query User{D1250A55-3577-44BF-80DE-A267806453C0}C:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{D133D800-C847-47CB-817F-0F0FAD3B0536}C:\users\kev\desktop\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\empire earth\empire earth.exe |
"UDP Query User{D527B651-A1DD-4104-BDA6-E2C5697E16EB}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{D73411A3-C61E-4893-98CD-F7C186CF4E53}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{DB66DBDA-3991-4326-9D82-093883049F5D}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{F11EA530-C3D7-4CCA-A55C-BABBD1569B9E}C:\program files (x86)\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"UDP Query User{F43ABCBC-35ED-469E-A440-B2A1E8D71781}C:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_soxs\mbot_sror.exe |
"UDP Query User{F844C938-8162-429B-9048-48F3AF2405FE}C:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroadr\mbot_chill3r\mbot_sror.exe |
"UDP Query User{F9CDACFD-4129-49D8-8A27-C0EDEF2D5B38}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FC6B3F6C-913B-4DC0-B019-5D8B46B3F02F}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{FD480489-688A-463C-9CDA-6FF5427C5D0F}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.10.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4150D0B5-D203-419B-9C49-9B615AF11BAF}" = Overwolf
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E3D1AC1-D48B-45F4-BAE1-91BAE7D1FE7D}_is1" = Risen HD Collector's Edition
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Counter-Strike" = Counter-Strike 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Locks Pro" = Locks Pro
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"c23188044ae10ee6" = Lol Account maker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2012 15:33:27 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00480038 ID des fehlerhaften
Prozesses: 0x10c4 Startzeit der fehlerhaften Anwendung: 0x01cd6834bf8c9263 Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 1bd81d2b-d434-11e1-90ed-00ff01000001
Error - 23.07.2012 09:40:49 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 23.07.2012 09:42:16 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 23.07.2012 11:31:30 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00480038 ID des fehlerhaften
Prozesses: 0x10b8 Startzeit der fehlerhaften Anwendung: 0x01cd68dbb628c1c2 Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 78fa35c9-d4db-11e1-8c27-00ff01000001
Error - 24.07.2012 08:05:55 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 25.07.2012 12:42:36 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00480048 ID des fehlerhaften
Prozesses: 0x7f0 Startzeit der fehlerhaften Anwendung: 0x01cd6a64e5a555bd Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: bcebe0d1-d677-11e1-a07f-00ff01000001
Error - 25.07.2012 22:08:33 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 28.07.2012 09:30:07 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 30.07.2012 18:08:51 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a58 Startzeit: 01cd6e9fdae87f71 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
23746baf-da93-11e1-808a-00ff01000001
Error - 30.07.2012 18:09:15 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 13c Startzeit: 01cd6e9fe9059fe3 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
318d1f44-da93-11e1-808a-00ff01000001
Error - 30.07.2012 18:09:42 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: af4 Startzeit: 01cd6e9ff710bec3 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
3c1d17a1-da93-11e1-808a-00ff01000001
[ System Events ]
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:34 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:01:44 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = DCOM | ID = 10005
Description =
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = DCOM | ID = 10005
Description =
Error - 02.08.2012 01:02:06 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Kev :: KEV-PC [Administrator] 02.08.2012 07:03:40 mbam-log-2012-08-02 (07-03-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 358871 Laufzeit: 38 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Kevin Geändert von kev255 (02.08.2012 um 06:54 Uhr) |
|
02.08.2012, 11:31
| #2 |
| /// Malware-holic   | GVU 2.07 - nun bin ich auch dran.. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
__________________wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.08.02 02:50:29 | 000,001,877 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ |
|
02.08.2012, 14:51
| #3 | ||
| | GVU 2.07 - nun bin ich auch dran.. Bei der Durchführung des Fixes fur sich mein PC neu hoch - aber ohne, dass sich irgendetwas geöffnet hat.
__________________Nun ist zumindest mein normaler Modus nicht mehr gesperrt. Punkt2: Zitat:
Zitat:
kevin |
|
02.08.2012, 16:33
| #4 | |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. sehr gut Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 18:04
| #5 |
| | GVU 2.07 - nun bin ich auch dran.. Hier die Logdatei: Code:
ATTFilter ComboFix 12-07-31.03 - Kev 02.08.2012 18:48:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2837 [GMT 2:00]
ausgeführt von:: c:\users\Kev\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\1326324280.bdinstall.bin
c:\programdata\1327676404.bdinstall.bin
c:\users\Kev\AppData\Roaming\edxLabs
c:\users\Kev\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-02 bis 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-08-02 16:56 . 2012-08-02 16:56 -------- d-----w- C:\found.001
2012-08-02 16:53 . 2012-08-02 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 13:38 . 2012-08-02 13:50 -------- d-----w- C:\_OTL
2012-08-02 05:02 . 2012-08-02 05:02 -------- d-----w- c:\users\Kev\AppData\Roaming\Malwarebytes
2012-08-02 05:02 . 2012-08-02 05:02 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 05:02 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 05:02 . 2012-08-02 05:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 03:49 . 2012-08-02 06:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-31 13:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A76396F-996B-4900-8FB3-2476A69DE4AC}\mpengine.dll
2012-07-28 12:18 . 2012-07-28 12:19 -------- d-----w- c:\program files (x86)\LOLReplay
2012-07-24 12:05 . 2012-07-24 12:05 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-24 12:05 . 2012-07-24 12:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-24 11:56 . 2012-08-02 14:15 -------- d-----w- c:\users\Kev\AppData\Local\Risen
2012-07-24 11:52 . 2012-07-24 11:52 -------- d-----w- c:\program files (x86)\Deep Silver
2012-07-19 12:48 . 2012-07-19 12:48 -------- d-----w- c:\users\Kev\AppData\Local\SKIDROW
2012-07-18 23:04 . 2012-07-18 23:04 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-18 22:44 . 2012-07-18 22:44 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-18 22:44 . 2012-07-18 22:44 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-07-12 00:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 23:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 23:16 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 23:16 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 23:16 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 23:16 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 23:16 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 23:16 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 23:16 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 23:16 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 23:16 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 23:16 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 23:16 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 23:16 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 23:16 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-08 13:27 . 2012-07-08 13:29 -------- d-----w- c:\program files (x86)\Counter-Strike
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:39 . 2011-04-20 09:35 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-01 22:39 . 2011-04-19 13:17 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-01 22:38 . 2011-04-19 13:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-12 00:17 . 2011-04-18 20:10 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-30 21:26 . 2011-04-19 13:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-02 22:19 . 2012-06-19 14:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:51 . 2012-06-02 20:51 5632 ----a-w- c:\windows\SysWow64\merrsend.exe
2012-06-02 13:19 . 2012-06-19 14:04 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 14:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-04-18 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 17:09 . 2012-01-27 16:57 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:09 . 2012-01-27 16:57 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-03 08:58 . 2011-08-31 20:04 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-7-26 521216]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Elite Silkroad Online\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-06-21 18360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 X6va002;X6va002;c:\users\Kev\AppData\Local\Temp\002A98F.tmp [x]
R3 X6va003;X6va003;c:\users\Kev\AppData\Local\Temp\00369AC.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-18 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-08-03 161184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2011-08-03 25528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 216.155.139.115:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\ilo8sujg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.ftp - 64.120.226.94
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 64.120.226.94
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 64.120.226.94
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 64.120.226.94
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Kev\AppData\Local\Temp\002A98F.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Kev\AppData\Local\Temp\00369AC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-02 19:03:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-02 17:03
.
Vor Suchlauf: 20 Verzeichnis(se), 36.721.700.864 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 38.342.012.928 Bytes frei
.
- - End Of File - - 418575183E494AABD21DA73165DA9915
|
|
02.08.2012, 18:55
| #6 |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> GVU 2.07 - nun bin ich auch dran.. |
|
02.08.2012, 19:08
| #7 |
| | GVU 2.07 - nun bin ich auch dran.. Hier die lange & angeforderte Liste - manche Sachen kannte ich nicht, entschuldigen Sie dies bitte. Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 02.08.2012 6,00MB 10.3.183.5 (notwendig?) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 02.08.2012 6,00MB 11.0.1.152 (notwendig?) Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 25.01.2012 167MB 10.1.2 (unbekannt) Akamai NetSession Interface Akamai Technologies, Inc 22.06.2012 (unbekannt) Akamai NetSession Interface Service 02.08.2012 (unbekannt) AMD Catalyst Install Manager Advanced Micro Devices, Inc. 27.10.2011 22,7MB 3.0.842.0 (notwendig?) Apple Application Support Apple Inc. 05.12.2011 61,2MB 2.1.6 (notwendig?) Apple Mobile Device Support Apple Inc. 05.12.2011 24,4MB 4.0.0.97 (notwendig?) Apple Software Update Apple Inc. 04.11.2011 2,38MB 2.1.3.127 (notwendig?) Avira Free Antivirus Avira 02.08.2012 108MB 12.0.0.1125 (notwendig?) Battlefield 3™ Electronic Arts 02.08.2012 1.0.0.0 (notwendig?) Battlelog Web Plugins EA Digital Illusions CE AB 02.08.2012 1.122.0 (notwendig?) Bonjour Apple Inc. 04.11.2011 2,04MB 3.0.0.10 (unbekannt) CCleaner Piriform 24.07.2012 3.21 (notwendig?) Counter-Strike 1.0 02.08.2012 1.0 (unbekannt/unnötig) DAEMON Tools Lite DT Soft Ltd 02.08.2012 4.45.4.0315 (unnötig) DivX-Setup DivX, LLC 02.08.2012 2.6.1.8 (unnötig) ESL Wire 1.10.1 Turtle Entertainment GmbH 31.08.2011 59,0MB (unbekannt) ESN Sonar ESN Social Software AB 02.08.2012 0.70.4 (unbekannt) Fraps (remove only) 02.08.2012 (unnötig) iCloud Apple Inc. 05.12.2011 31,1MB 1.0.2.17 (notwendig) iPhoneBrowser Cranium Consulting and Custom Software 04.11.2011 424KB 1.9.3 (unbekannt/unnötig) iTunes Apple Inc. 05.12.2011 170MB 10.5.1.42 (notwendig) Java(TM) 6 Update 22 Oracle 18.11.2011 97,0MB 6.0.220 (unbekannt) Java(TM) 6 Update 25 (64-bit) Oracle 31.05.2011 91,4MB 6.0.250 (unbekannt) Java(TM) 6 Update 31 Oracle 11.04.2012 95,1MB 6.0.310 (unbekannt) Java(TM) SE Development Kit 6 Update 25 Oracle 09.05.2011 141MB 1.6.0.250 (unbekannt) JDownloader 0.9 AppWork GmbH 02.08.2012 0.9 (unnötig/unbekannt) League of Legends Riot Games 18.04.2011 1.02.0000 (notwendig) Locks Pro 02.08.2012 (notwendig) Logitech SetPoint 5.20 Logitech 17.05.2012 23,3MB 5.20 (notwendig) Lol Account maker Deathnetworks 16.09.2011 1.0.0.4 (unnötig) LOLReplay www.leaguereplays.com 02.08.2012 0.7.9.34 (notwendig) Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 02.08.2012 18,7MB 1.62.0.1300 (notwendig) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.04.2011 38,8MB 4.0.30319 (unbekannt) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.04.2011 2,93MB 4.0.30319 (unbekannt) Microsoft .NET Framework 4 Extended Microsoft Corporation 14.05.2011 51,9MB 4.0.30319 (unbekannt) Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.08.2011 31,3MB 3.5.88.0 (unbekannt) Microsoft Games for Windows Marketplace Microsoft Corporation 16.08.2011 6,03MB 3.5.50.0 (unbekannt) Microsoft Silverlight Microsoft Corporation 10.05.2012 100MB 4.1.10329.0 (unbekannt) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 24.01.2012 260KB 8.0.50727.4053 (unbekannt) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 (unbekannt) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.07.2011 300KB 8.0.59193 (unbekannt) Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 30.05.2011 840KB 8.0.61000 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.07.2011 788KB 9.0.30729 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.08.2011 240KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.07.2011 788KB 9.0.30729.6161 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 29.05.2011 1,42MB 9.0.21022 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 24.07.2012 222KB 9.0.30729 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.04.2011 240KB 9.0.30729 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.04.2011 596KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 05.07.2011 600KB 9.0.30729.6161 (unbekannt) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 27.10.2011 13,8MB 10.0.40219 (unbekannt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.11.2011 15,0MB 10.0.40219 (unbekannt) Mozilla Firefox 14.0.1 (x86 de) Mozilla 02.08.2012 36,8MB 14.0.1 (notwendig) Mozilla Maintenance Service Mozilla 02.08.2012 309KB 14.0.1 (unbekannt) NVIDIA PhysX NVIDIA Corporation 19.07.2012 90,5MB 9.12.0213 (notwendig) OpenOffice.org 3.3 OpenOffice.org 18.11.2011 414MB 3.3.9567 (notwendig) Origin Electronic Arts, Inc. 02.08.2012 8.5.0.4554 (notwendig) Overwolf Overwolf 22.06.2012 78,6MB 0.33.199 (unbekannt/unnötig?) Pando Media Booster Pando Networks Inc. 02.08.2012 5,46MB 2.6.0.1 (unbekannt/unnötig?) PunkBuster Services Even Balance, Inc. 02.08.2012 0.991 (notwendig) QuickTime Apple Inc. 04.11.2011 73,2MB 7.71.80.42 (unbekannt/unnötig?) Safari Apple Inc. 04.11.2011 43,2MB 5.34.51.22 (notwendig) Skype™ 5.8 Skype Technologies S.A. 27.03.2012 19,0MB 5.8.158 (notwendig) Star Wars: The Old Republic Electronic Arts, Inc. 02.08.2012 26,7MB 1.00 (unbekannt/unnötig?) System Requirements Lab CYRI Husdawg, LLC 14.04.2012 463KB 4.5.1.0 (unbekannt/unnötig?) TeamSpeak 3 Client TeamSpeak Systems GmbH 01.08.2012 3.0.8.1 (notwendig) TeamViewer 7 TeamViewer 02.08.2012 7.0.12541 (notwendig) User's Guides Logitech 17.05.2012 43,3MB 1.20.0000 (unbekannt/unnötig?) VLC media player 1.1.11 VideoLAN 02.08.2012 1.1.11 (unbekannt/unnötig?) WEBZEN Browser Extension WEBZEN 03.02.2012 1.01.020 (unbekannt/unnötig?) Windows Live Essentials Microsoft Corporation 20.05.2012 15.4.3555.0308 (notwendig) WinRAR 4.00 (64-Bit) win.rar GmbH 21.04.2011 4.00.0 (notwendig) World of Warcraft Blizzard Entertainment 02.08.2012 4.3.3.15354 (unbekannt/unnötig?) Xfire (remove only) 02.08.2012 (unbekannt/unnötig?) |
|
02.08.2012, 19:20
| #8 |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Battlefield : ist nen spiel, musst du wissen ob du es spielst. Battlelog das selbe Counter DAEMON DivX ESN Fraps iPhoneBrowser Java: alle Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: JDownloader Overwolf : game, musst du wissen Star Wars: : musst du wissen game. VLC : player, musst du wissen. WEBZEN World of Warcraft : das selbe, game. öffne ccleaner, analysieren, starten öffne otl, cleanup pc startet neu testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 21:45
| #9 |
| | GVU 2.07 - nun bin ich auch dran.. Alles befolgt. Hier der derzeitige OTL Log: Code:
ATTFilter OTL logfile created on: 02.08.2012 22:39:37 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,63% Memory free 8,00 Gb Paging File | 6,42 Gb Available in Paging File | 80,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 36,29 Gb Free Space | 24,35% Space Free | Partition Type: NTFS Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kev\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\LOLReplay\LOLUtils.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 D8 A6 55 75 23 CC 01 [binary data] IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.155.139.115:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "64.120.226.94" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "64.120.226.94" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.120.226.94" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "64.120.226.94" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:58:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.02 22:36:51 | 000,000,000 | ---D | M] [2011.04.18 21:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions [2012.05.20 11:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions [2012.05.20 11:31:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.19 14:45:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\battlefieldheroespatcher@ea.com [2011.07.08 17:34:40 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Kev\AppData\Roaming\mozilla\Firefox\Profiles\ilo8sujg.default\extensions\DefaultManager@Microsoft [2012.04.26 15:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.08 23:45:00 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI [2012.01.02 01:42:09 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.04.29 21:29:12 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ILO8SUJG.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI [2012.07.18 01:58:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.13 22:58:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 22:58:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 22:58:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.06.11 22:59:39 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.13 22:58:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 22:58:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 22:58:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.08.02 18:58:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2391798189-349868460-2108168911-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F556F-0087-4D8B-BDC0-4E06F860C0B7}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.08.02 22:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.02 22:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.02 22:32:58 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.02 22:32:58 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.02 22:32:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.02 22:32:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.02 22:29:40 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Macromedia [2012.08.02 22:22:22 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.02 22:22:22 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 22:20:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.02 19:03:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.02 18:58:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.08.02 18:56:46 | 000,000,000 | ---D | C] -- C:\found.001 [2012.08.02 18:47:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.08.02 18:47:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.08.02 18:47:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.08.02 18:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.02 18:46:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.08.02 15:38:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.02 15:38:00 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2012.08.02 07:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2012.08.02 07:02:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.02 07:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.02 07:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.02 07:02:25 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.02 05:49:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.28 14:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay [2012.07.24 14:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.24 14:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012.07.24 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen [2012.07.24 13:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\SKIDROW [2012.07.19 14:48:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Risen2 [2012.07.19 01:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.19 00:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.07.19 00:44:20 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.19 00:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.07.12 02:16:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 02:16:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 02:16:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 02:16:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 02:16:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 02:16:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 02:16:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 02:16:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 02:16:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 02:16:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 02:16:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 02:16:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 02:16:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 01:20:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.12 01:20:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.12 01:16:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.12 01:16:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.08 15:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 22:32:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.02 22:32:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.02 22:22:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.02 22:22:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 19:31:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.02 19:13:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 19:13:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 19:10:53 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.02 19:10:53 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.02 19:10:53 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.02 19:10:53 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.02 19:10:52 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.02 19:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 19:06:01 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 18:58:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.08.02 18:57:26 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat [2012.08.02 06:59:08 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kev\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.02 06:58:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2012.08.02 06:56:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.02 00:39:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.02 00:38:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.01 02:56:52 | 000,001,354 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.07.28 15:04:35 | 050,846,578 | ---- | M] () -- C:\Users\Kev\Desktop\Raplays.rar [2012.07.28 14:19:51 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.07.28 14:19:51 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.07.27 16:50:43 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.19 00:45:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.07.19 00:44:20 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.12 23:50:20 | 000,000,080 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\mBot.ini [2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 22:36:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.02 19:31:04 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.02 18:57:26 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat [2012.08.02 18:47:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.02 18:47:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.02 18:47:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.02 18:47:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.02 18:47:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.08.02 02:50:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.08.01 02:56:52 | 000,001,354 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.07.28 15:04:22 | 050,846,578 | ---- | C] () -- C:\Users\Kev\Desktop\Raplays.rar [2012.07.28 14:18:56 | 000,001,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.07.28 14:18:56 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.07.19 00:45:28 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.03.29 17:37:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.29 17:37:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat [2012.03.29 17:37:09 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.01.27 16:52:38 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2012.01.27 16:52:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll [2012.01.04 04:42:06 | 000,000,080 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\mBot.ini [2011.10.30 19:08:09 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.01 01:30:54 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.09.01 01:30:54 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.09.01 01:30:54 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.08.31 22:04:46 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.08.15 15:28:47 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.07.02 20:37:53 | 000,000,031 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\esroLoader.ini [2011.06.23 02:03:19 | 000,000,105 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\private_server_loader.ini [2011.06.22 23:59:59 | 000,000,292 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2011.06.22 17:16:06 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2011.06.22 17:15:48 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011.05.14 09:33:49 | 001,598,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.19 15:17:23 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.19 15:17:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.18 22:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.06.22 23:59:59 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\BITS [2012.08.02 19:31:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\DAEMON Tools Lite [2011.06.22 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGet [2011.06.22 17:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FlashGetBHO [2012.05.17 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Leadertech [2011.04.18 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient [2012.05.24 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\LolClient2 [2011.11.18 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\OpenOffice.org [2011.10.26 23:19:31 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Origin [2011.04.21 22:21:26 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\PunkBuster [2012.01.12 01:25:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\QuickScan [2011.04.19 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\SFBot [2012.04.15 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TeamViewer [2012.08.02 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TS3Client [2012.06.26 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\wargaming.net [2011.08.29 18:05:43 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\www.rene-zeidler.de [2012.06.24 11:47:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 22:39:37 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,63% Memory free
8,00 Gb Paging File | 6,42 Gb Available in Paging File | 80,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 36,29 Gb Free Space | 24,35% Space Free | Partition Type: NTFS
Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06899AAF-E55A-436C-957E-0F70AC5A5467}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{094F37A6-47F8-4268-9CF3-E0352333817C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{129658BE-1364-420C-A067-7907A997FA76}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{16BF999B-A54A-461C-A443-18866C19BDED}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{18DC69EC-F6B7-4A4E-A08B-BBBEC537C4EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C30B52F-3572-40FC-AC47-084DF5C92919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2290F550-86C1-4E48-91CA-4D64212456A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B0E1B0F-7422-49CD-9249-811E3A0D9E0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E5BA39B-B2DD-48F2-8DC5-8CA26F881191}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{2FD372C9-FC8A-4FFA-B9D1-68D0568ED7C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30DCC186-613B-4964-9791-83B522C78524}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{340DED20-CEEE-47B7-8C64-962666B96C2A}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{39E37FA2-2793-496F-97BC-687277B1858C}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B1F684E-F560-4DE8-BB97-F15FDAB2794A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D325BBC-75CB-45D9-AECD-70B158E3DFBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4317AC17-A4F7-4EBB-8E51-B846D960281B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4F8E3366-9105-4DF0-A276-28125FC63668}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{61845226-8B84-4927-A695-9579C011F5CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{697138E3-8B41-4543-9472-2EAC4DE4E300}" = lport=139 | protocol=6 | dir=in | app=system |
"{762A79D9-9B9E-48BC-B940-4A593766F867}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{80EC02E3-B068-49C8-927F-748D0A0C8A9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{811B8076-3994-4528-B422-4227FD2238CC}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface |
"{85E7C377-6ADB-4597-9043-65528C884E87}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87DE1166-DF1E-45D5-9340-BC1809C32D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9013E1D1-5CD7-4AE0-8A69-D5E17E5C281B}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface |
"{952E55AE-A6B0-4989-8FD9-25B6E56ECDAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{99240B89-1C8E-4971-BD0F-2934EA5251C7}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{9DACBF95-2D20-4243-B4D6-930DBCA956AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB6D2BBB-FC07-4513-909E-0510B7174D01}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC7CA488-04A0-4198-8DE5-50CD591D14B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B416EC4E-1964-4198-9BA9-101DD684D41E}" = lport=137 | protocol=17 | dir=in | app=system |
"{BACBB0B5-4D6C-4464-8891-81E9F69A088E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC880336-957F-4647-8CD0-6B8950596F42}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{BCC5ADA0-B77B-492F-A3BE-96758471721D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C0B1ECE5-6BC2-460A-B9F2-3CB8BC3AC5E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5520744-7AE6-48AB-AA52-03A7183F3AEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C93C3361-917F-453E-A996-43F9B68BFD37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC0653FB-F25D-41FA-BDB2-CCC3CDB966C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4D6F56D-CF4E-4D64-99D9-71444D2F484C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8301A37-4A62-4C01-A7EB-858F88FF9D14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF47ADF3-1B5E-4A27-A7B2-31D14BD4BC88}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface |
"{DF9C3A56-F22D-4020-9D9C-AF6ABAC5E721}" = rport=445 | protocol=6 | dir=out | app=system |
"{E93D3E22-2331-4995-965B-3F46B156DD0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9DAA044-4BDA-42CE-AE18-8E640A0BAD4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB421CB5-BEF9-4BD8-8B7B-F15DD2401567}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{EC1FF399-47D7-4AF3-B584-ED84A59FCF10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0CC8030-4D06-4CE2-B0C5-9C3397C9EB8D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F77DEC57-F1F5-474A-9CA4-3DAA9244D1E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D0026-E596-4656-93BF-FCA3CBAF63FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{139B59F1-129C-4890-95B0-B355EEFFA77D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1845DD98-797A-40CB-A951-004356740405}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{18566774-4DDF-44EA-90ED-CEB18CC49811}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21F8C564-0A6D-4D53-BF22-0BAF4F5E3173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{259E79AA-693E-4E63-AFEC-5CA61C514AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{302F7C49-4D00-4887-93EF-EF7A01711741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32CB6DE0-9BC6-45BE-9210-CB67B671970F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CA1254-12DB-4ABF-8AAD-6236EE5DB1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3AB9962C-033D-41F7-ABFB-8AF42C1B2417}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B159C87-E076-4862-A06B-3B88B02A97BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3DDD1944-7DD4-4813-BF09-E76B8AC55276}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{420A3B12-5963-4F36-AEB9-49273A6D23DF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52CF82A9-AD96-4229-AD2E-3186E4DDFD67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{54787DBD-A967-46FB-BED6-4F624E8601A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5A7C78D4-32DD-43EE-B76D-DCA0795333A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61BEEDE4-1FF1-4D8F-A9A8-D8F6F610057A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{62D6F4B3-FCD2-46F0-98E1-6EFFE37243F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{680010D0-438D-40AB-9C31-FF1BA27DF3A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E17D508-0117-4246-9E8A-E0180B309BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6FF48710-D60E-4938-A4CF-5BF00EDC8A4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71BBB0C0-3E7C-45CD-8FED-B33CE730585D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{742E9162-0469-49B3-AF0D-AC4BC9C0DCDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78475BEB-1CDB-4CEE-A684-47191CD0E249}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{80C67BF7-1537-433C-89A8-A1AF815D0AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{859DA5B1-1686-470B-8C30-E3105DB42A5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8854119F-2C1C-4CAB-8133-C6151A312BBC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9B8FAA93-C559-4B15-A58A-BF4F155B100C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{AA8F5570-5931-488A-A676-1EBBA108BB76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{AC228EC3-1B8F-4E3E-AB09-888F57C768DC}" = protocol=6 | dir=out | app=system |
"{AC7D552B-2571-436A-AFC4-14621E35451D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4E2C6B3-2DD9-44D9-9053-D0D9A5D50A6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B68E13BC-DE84-43B9-813A-4755921859E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BE34357C-9AE7-4DDE-944D-28B8BCCF5A16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFA8871C-12DD-4A35-9685-C45896D9C2F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D05C3A84-2280-42B6-AE5F-56E542A4D516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D403CC78-D022-4BDE-84E1-4A694504B654}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D464B792-A60A-41CE-BBF9-2B81421E76E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D5C2AAB7-7C78-419F-9079-BFC56683176C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC6F38B7-B134-4661-9D02-B32780BA832B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC6FD7C5-5C23-4FB7-A666-F485D35B5322}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2554337-6958-4387-8C0E-FFF00512E75E}" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"{E484DB76-08F0-4EE6-87EC-BD3836BDB17B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4AB8A94-2375-4762-BBDF-8B6EE7AAE94D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E9E7C839-0593-4C15-AD0D-D14D5E4A6BF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB28E950-F62E-452A-A93C-4C1929061C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{ECE4B7B2-2B18-4230-B57C-C8E517888023}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EE98AE5F-F0DD-4F2A-B259-0CCA6E9DF2E9}" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"{F0145CE3-430C-402E-BC53-E9E9E857668E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F39386CC-DD50-474A-9971-A514C3DF796F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F6C01D38-B9DB-4D46-BAFB-80847EF7947B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F969D79D-0763-4D2E-A487-8663B764A41B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDBE4F2A-82D4-443A-8080-F0DBC19C3050}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{0800EBC8-4723-40F6-A09B-41EFC7F05FA9}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{239A2806-E01F-4EB7-A8C3-757D07D191F2}C:\program files (x86)\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"TCP Query User{456A7327-1996-4118-B237-888B6BB40AF5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{4B347490-CCF9-403A-AA91-EA6EDAEF0078}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{4DAA6127-213A-4488-8A0F-E936D2449BC3}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{7516672F-41BF-4D28-A633-D061120CB9AF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{9CF2CA1F-3743-4680-B52F-BAFF7A2E0DFB}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{A1820E9D-A4BA-4070-AAB5-EAF708049DD9}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{B97B8DB1-84A2-435E-A195-FD79C231222F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{BC1968F0-0363-4656-BA14-0DA17504B498}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{C958B64F-E58C-4277-B1AF-8A6A34C17EDE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{D52CAB53-DE6E-456D-A679-DD2EA19644EE}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D9AC46FF-A296-4188-94CE-54B942DE4770}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DD695EE1-2F6D-44AB-83CC-283AB66E6F6A}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=6 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe |
"TCP Query User{E04444BD-ACA8-4691-AE57-FB5D7685AB3A}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{E23A0A0F-B602-45A5-BD9A-4E2D483EBB56}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E87BFAEA-C15A-4F1B-A597-81C678E0231C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EDD87E9F-3D0C-42CC-9396-1FF606345763}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{0244E1A6-4D16-459A-A459-47635936E1C5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{17F5EE90-85D0-4068-BEF9-8A7BA7B5F5A7}C:\program files\jowood\die gilde gold-edition\gildegold.exe" = protocol=17 | dir=in | app=c:\program files\jowood\die gilde gold-edition\gildegold.exe |
"UDP Query User{31267D8F-1B58-45BA-A102-08EA674187E6}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{416C0085-EB9C-4E10-AC33-21051CBBA04F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{480DF683-7974-41FE-9306-2B323EB5E207}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{612723A5-1E02-44DE-A604-08368F88C700}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{6A6466B6-B875-4D51-BF74-9B687B719536}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{70B320A2-4A4E-44F3-8DCD-D9BA4CD08E58}C:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{8B4477AB-AF9B-4A71-A5CD-627DAA0ECF45}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{986803BB-588D-4072-A79E-7B6553915AC5}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{9C4EB171-C45E-4100-A6BB-636F5C3D4E0C}C:\users\kev\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9D1D5AEE-BFCA-4477-B8AD-18612C5C9479}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D527B651-A1DD-4104-BDA6-E2C5697E16EB}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{D73411A3-C61E-4893-98CD-F7C186CF4E53}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{DB66DBDA-3991-4326-9D82-093883049F5D}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{F11EA530-C3D7-4CCA-A55C-BABBD1569B9E}C:\program files (x86)\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"UDP Query User{F9CDACFD-4129-49D8-8A27-C0EDEF2D5B38}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FD480489-688A-463C-9CDA-6FF5427C5D0F}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4150D0B5-D203-419B-9C49-9B615AF11BAF}" = Overwolf
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Locks Pro" = Locks Pro
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2391798189-349868460-2108168911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"c23188044ae10ee6" = Lol Account maker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 09:40:49 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 23.07.2012 09:42:16 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 23.07.2012 11:31:30 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00480038 ID des fehlerhaften
Prozesses: 0x10b8 Startzeit der fehlerhaften Anwendung: 0x01cd68dbb628c1c2 Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 78fa35c9-d4db-11e1-8c27-00ff01000001
Error - 24.07.2012 08:05:55 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 25.07.2012 12:42:36 | Computer Name = Kev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00480048 ID des fehlerhaften
Prozesses: 0x7f0 Startzeit der fehlerhaften Anwendung: 0x01cd6a64e5a555bd Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: bcebe0d1-d677-11e1-a07f-00ff01000001
Error - 25.07.2012 22:08:33 | Computer Name = Kev-PC | Source = BugSplat | ID = 1
Description =
Error - 28.07.2012 09:30:07 | Computer Name = Kev-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 30.07.2012 18:08:51 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a58 Startzeit: 01cd6e9fdae87f71 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
23746baf-da93-11e1-808a-00ff01000001
Error - 30.07.2012 18:09:15 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 13c Startzeit: 01cd6e9fe9059fe3 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
318d1f44-da93-11e1-808a-00ff01000001
Error - 30.07.2012 18:09:42 | Computer Name = Kev-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: af4 Startzeit: 01cd6e9ff710bec3 Endzeit: 1 Anwendungspfad: C:\Users\Kev\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID:
3c1d17a1-da93-11e1-808a-00ff01000001
Error - 02.08.2012 12:58:47 | Computer Name = Kev-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3fa
[ System Events ]
Error - 02.08.2012 12:51:53 | Computer Name = Kev-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 02.08.2012 12:52:04 | Computer Name = Kev-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 02.08.2012 12:52:05 | Computer Name = Kev-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 02.08.2012 12:52:59 | Computer Name = Kev-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 02.08.2012 12:53:31 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.08.2012 12:53:37 | Computer Name = Kev-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 02.08.2012 12:58:27 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 02.08.2012 12:59:48 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 02.08.2012 12:59:48 | Computer Name = Kev-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.08.2012 13:00:16 | Computer Name = Kev-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
08.08.2012, 18:29
| #10 |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. hi sorry für die wartezeit dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.08.02 06:56:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 02:50:29 | 000,001,877 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.08.2012, 22:46
| #11 | |
| | GVU 2.07 - nun bin ich auch dran.. Hier der Log: Zitat:
|
|
14.08.2012, 18:11
| #12 |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. hast du die deinstalationen wie auf seite 1 genannt durchgeführt? dann pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.08.2012, 16:36
| #14 |
| /// Malware-holic | GVU 2.07 - nun bin ich auch dran.. schon chrome angesehen? ist sicherer und sollte auch schneller sein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.08.2012, 20:19
| #15 |
| | GVU 2.07 - nun bin ich auch dran.. schon - schneller - kam mir nicht so vor und kam auch gar nicht damit klar. |
|
| Themen zu GVU 2.07 - nun bin ich auch dran.. |
| battle.net, code, editiert, gvu 2.07, helferlein, jdownloader, kis, langs, laufe, laufen, launch, league of legends, log, msiinstaller, nacht, plug-in, seite, spark, versuch, zufällig |
Linear-Darstellung
