| |
| |||||||
Log-Analyse und Auswertung: OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.08.2012, 13:35
| #1 |
 |  OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe also: ich habe mir vor einer Woche den GVU trojaner geholt, jetzt habe ich mit verschiedenen tools (Kaspersky Internet security 2012 gekauft ; Malwarebytes Anti malware ; CCleaner) mein system bereinigt. Diese Tools haben auch Viren Gefunden. Da in den Anderen Posts Auch immer OTL Log Files Verlangt Werden, Poste ich hier mal meine OTL Logs OTL LOG: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2012 13:47:30 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Dimikopf\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,24% Memory free 15,96 Gb Paging File | 12,79 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1347,34 Gb Total Space | 799,52 Gb Free Space | 59,34% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 879,49 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 29,58 Gb Free Space | 60,59% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 81,56 Gb Free Space | 17,51% Space Free | Partition Type: NTFS Computer Name: DIMIS-PC | User Name: Dimikopf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dimikopf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) PRC - C:\Program Files (x86)\Connectify\ConnectifyD.exe (Connectify) PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\GameTracker\GSInGameService.exe (ClanServers Hosting LLC) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - D:\Programme\RocketDock\RocketDock.exe () PRC - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.) PRC - C:\Windows\vsnpstd3.exe () PRC - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Connectify\Vendors.dll () MOD - C:\Program Files (x86)\Connectify\Scannify.dll () MOD - C:\Program Files (x86)\Connectify\NativeLibrary.dll () MOD - C:\Program Files (x86)\Connectify\DriverLib.dll () MOD - C:\Program Files (x86)\Connectify\BuildProps.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b19bb58f\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_296e284a\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2f16f992\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_16dc5fbb\system.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3f0bd222\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.design\1.0.5000.0__b03f5f7f11d50a3a_c6d34809\system.design.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll () MOD - c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll () MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - D:\Programme\RocketDock\RocketDock.exe () MOD - D:\Programme\RocketDock\RocketDock.dll () MOD - c:\program files (x86)\gamespy\comrade\156\gpnet.dll () MOD - c:\program files (x86)\gamespy\comrade\156\netdetect.dll () MOD - c:\program files (x86)\gamespy\comrade\156\gamespy.vengine.dll () MOD - C:\Users\Dimikopf\AppData\Local\Temp\detectlib6100.dll () MOD - c:\program files (x86)\gamespy\comrade\156\DetectLib.dll () MOD - D:\Programme\RocketDock\Docklets\RocketClock\RocketClock.dll () MOD - C:\Windows\vsnpstd3.exe () MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll () MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll () MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\SSLEAY32.dll () MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\LIBEAY32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GS In-Game Service) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe (ClanServers Hosting LLC) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare) DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsLwWfF) -- C:\Windows\SysNative\drivers\TsLwWfF.sys (TamoSoft) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (AF9035HB) -- C:\Windows\SysNative\drivers\AF9035HB.sys (ITE Technologies ) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (FGUARD64) -- C:\Program Files (x86)\Neuer Ordner\Folder Guard\FGUARD64.SYS (WinAbility® Software Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {2D2EDEC8-D9EB-439D-9A3C-92A5724B71B6} IE - HKCU\..\SearchScopes\{2D2EDEC8-D9EB-439D-9A3C-92A5724B71B6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 31.7.56.72:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@SAP.com/VEViewer,version=: c:\program files (x86)\sap\sap visual enterprise viewer 7.0\npDeepView.dll (SAP AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dimikopf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.14 06:47:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.14 06:47:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.06.14 06:47:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.09 23:12:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.22 01:01:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.02 15:07:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.22 01:01:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.02 15:07:15 | 000,000,000 | ---D | M] [2011.11.12 18:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dimikopf\AppData\Roaming\mozilla\Extensions [2012.08.04 18:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dimikopf\AppData\Roaming\mozilla\Firefox\Profiles\uc8m5atr.default\extensions [2012.08.02 15:18:36 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Dimikopf\AppData\Roaming\mozilla\Firefox\Profiles\uc8m5atr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.06.03 16:00:12 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dimikopf\AppData\Roaming\mozilla\Firefox\Profiles\uc8m5atr.default\extensions\foxyproxy@eric.h.jung [2011.11.15 23:08:43 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Dimikopf\AppData\Roaming\mozilla\Firefox\Profiles\uc8m5atr.default\extensions\toolbar@ask.com [2012.04.21 20:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.22 01:01:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.22 01:01:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.22 01:01:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.22 01:01:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.22 01:01:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.22 01:01:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.22 01:01:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Dimikopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011.12.15 21:33:34 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [FG_Monitor] C:\PROGRA~2\NEUERO~1\FOLDER~1\FGKey64.exe /Start File not found O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.) O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Users\Dimikopf\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm () O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{074DC444-CF82-4A88-AF58-E3F8FE7043D4}: NameServer = 192.168.93.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50870A-9972-43FF-AD84-138395024614}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C948507-5E50-470D-A19A-3C9B38D7D304}: NameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7acfa7f6-12e7-11e1-b010-8c89a568a9a3}\Shell - "" = AutoRun O33 - MountPoints2\{7acfa7f6-12e7-11e1-b010-8c89a568a9a3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{81cc8cdb-59a4-11e1-9db0-8c89a568a9a3}\Shell - "" = AutoRun O33 - MountPoints2\{81cc8cdb-59a4-11e1-9db0-8c89a568a9a3}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.05 13:46:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dimikopf\Desktop\OTL.exe [2012.08.05 01:41:53 | 006,723,616 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Dimikopf\Desktop\Shockwave_Installer_Slim.exe [2012.08.05 01:35:45 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\Malwarebytes [2012.08.05 01:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.05 01:35:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.05 01:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.05 01:34:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dimikopf\Desktop\mbam-setup.exe [2012.08.05 01:23:44 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Dimikopf\Desktop\ccsetup321.exe [2012.08.03 23:13:22 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\vlc [2012.08.03 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.08.03 22:09:43 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\MW3MU [2012.08.03 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\MW3-MP-FoV-Changer-v1.4.368.6 [2012.08.02 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\QuickScan [2012.08.02 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.02 15:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.02 15:07:15 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.02 15:07:15 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.02 11:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.08.02 01:14:52 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Avira-DE-Cleaner [2012.08.01 22:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.01 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.31 13:47:40 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\LMFAOTheme2.ttrTheme [2012.07.31 13:47:40 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\33FDFECA-A45B-4E69-91CB-0D238323DBC4.track [2012.07.31 13:47:40 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\139F51C3-D068-4AE4-878E-9DB94F719A75.track [2012.07.22 21:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Faelscherwerkstatt [2012.07.21 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\School of Rock [2012.07.21 11:46:49 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Ritter aus Leidenschaft [2012.07.21 11:45:53 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Ocean's 12+13 [2012.07.21 11:45:34 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Oben (NG) [2012.07.21 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\James Bond - Casino Royale (sQ) [2012.07.21 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Forrest Gump [2012.07.21 11:44:36 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Casanova (NG) [2012.07.21 11:44:05 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\MW3 FoV Changer [2012.07.21 11:43:44 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Butterfly Effect [2012.07.21 11:43:20 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Blow [2012.07.21 11:43:00 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Taking Lives [2012.07.19 16:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\225932FDD046EC3B16007146F875F002 [2012.07.19 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\Yrafit [2012.07.19 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\Eqakw [2012.07.12 03:02:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 03:02:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 03:02:32 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 03:02:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 03:02:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 03:02:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 03:02:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 03:02:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 03:02:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 03:02:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 03:02:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 13:05:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 13:05:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 13:05:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 13:05:33 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 13:05:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 03:00:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.08 15:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.07.08 15:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2012.07.08 15:31:01 | 003,093,848 | ---- | C] (Martin Prikryl ) -- C:\Users\Dimikopf\Desktop\winscp438setup.exe [2012.07.08 15:11:08 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\aircrack-ng-1.1-win [2012.07.07 14:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\TrueCrypt [2012.07.07 14:53:21 | 003,466,248 | ---- | C] (TrueCrypt Foundation) -- C:\Users\Dimikopf\Desktop\TrueCrypt_Setup_7.1a.exe [2012.07.07 14:52:54 | 003,466,248 | ---- | C] (TrueCrypt Foundation) -- C:\Users\Dimikopf\Desktop\TrueCrypt_Setup_7.1a.exe.part [2012.07.07 00:03:47 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\ME3ECSoundtrack [2012.07.06 15:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.07.06 15:50:14 | 000,739,832 | ---- | C] (Google Inc.) -- C:\Users\Dimikopf\Desktop\GoogleEarthPluginSetup.exe [2012.07.06 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\Desktop\Rapid Getter v1.0 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 13:46:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dimikopf\Desktop\OTL.exe [2012.08.05 13:42:13 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 13:42:13 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 13:37:23 | 004,242,352 | ---- | M] () -- C:\Users\Dimikopf\Desktop\ConnectifyInstaller.exe [2012.08.05 13:34:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.05 13:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.05 13:34:16 | 2133,032,959 | -HS- | M] () -- C:\hiberfil.sys [2012.08.05 13:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 13:00:01 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1901890234-1663409302-2317966541-1001UA.job [2012.08.05 12:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 07:00:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1901890234-1663409302-2317966541-1001Core.job [2012.08.05 01:42:17 | 006,723,616 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Dimikopf\Desktop\Shockwave_Installer_Slim.exe [2012.08.05 01:36:50 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.05 01:35:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dimikopf\Desktop\mbam-setup.exe [2012.08.05 01:23:58 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Dimikopf\Desktop\ccsetup321.exe [2012.08.05 01:11:51 | 000,146,926 | ---- | M] () -- C:\Users\Dimikopf\Documents\kaspersky.cfg [2012.08.04 21:35:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.04 21:35:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.04 21:35:14 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.04 20:57:19 | 003,068,270 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Fort Minor - Red to Black (feat. Kenna, Jonah Matranga and Styles of Beyond).mp3 [2012.08.03 23:13:19 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.03 23:10:43 | 022,657,136 | ---- | M] () -- C:\Users\Dimikopf\Desktop\vlc-2.0.2-win32.exe [2012.08.03 22:27:59 | 001,645,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.03 22:27:59 | 000,708,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.03 22:27:59 | 000,661,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.03 22:27:59 | 000,153,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.03 22:27:59 | 000,125,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.03 22:09:37 | 002,385,382 | ---- | M] () -- C:\Users\Dimikopf\Desktop\MW3MU.rar [2012.08.03 13:11:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 13:11:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 15:06:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.02 15:06:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.02 14:56:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 12:35:04 | 003,271,816 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Tom Hangs feat. Shermanology - Blessed (Avicii Radio Edit).mp3 [2012.08.02 12:27:21 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.08.02 12:27:21 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.08.02 12:27:01 | 004,651,499 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Tom Hangs - Blessed (Avicii Edit).mp3 [2012.08.02 11:16:22 | 000,002,100 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2012.07.31 13:03:28 | 000,269,998 | ---- | M] () -- C:\Users\Dimikopf\Desktop\IMG_31072012_130243.png [2012.07.29 00:29:46 | 000,337,595 | ---- | M] () -- C:\Users\Dimikopf\Desktop\photo.php [2012.07.26 21:18:50 | 000,074,775 | ---- | M] () -- C:\Users\Dimikopf\Desktop\389721_328393433902194_413365959_n.jpg [2012.07.26 20:51:21 | 000,036,430 | ---- | M] () -- C:\Users\Dimikopf\Desktop\539027_363909213679804_12972771_n.jpg [2012.07.26 07:03:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012.07.25 16:40:38 | 000,039,144 | ---- | M] () -- C:\Users\Dimikopf\Desktop\2157029_q2149o1085i2233b3339x3619e4116r2877.JPG [2012.07.22 22:59:05 | 000,261,042 | ---- | M] () -- C:\Users\Dimikopf\Documents\auszug.xps [2012.07.22 22:58:54 | 000,260,319 | ---- | M] () -- C:\Users\Dimikopf\Documents\fick.xps [2012.07.22 22:55:09 | 000,035,037 | ---- | M] () -- C:\Users\Dimikopf\Desktop\profil.jpg [2012.07.22 22:54:18 | 000,895,534 | ---- | M] () -- C:\Users\Dimikopf\Desktop\IMG_1242.PNG [2012.07.22 22:54:18 | 000,089,311 | ---- | M] () -- C:\Users\Dimikopf\Desktop\390465_196582523752326_1800745901_n.jpg [2012.07.22 21:19:49 | 045,643,607 | R--- | M] () -- C:\Users\Dimikopf\Desktop\Faelscherwerkstatt.rar [2012.07.21 20:45:26 | 000,124,555 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Mousometer.Gadget [2012.07.19 17:31:01 | 099,308,192 | ---- | M] () -- C:\Users\Dimikopf\Desktop\avira_free_antivirus_de.exe [2012.07.19 16:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad [2012.07.12 03:20:42 | 000,313,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.08 22:59:52 | 732,213,248 | ---- | M] () -- C:\Users\Dimikopf\Desktop\ubuntu-12.04-desktop-amd64.iso [2012.07.08 21:49:23 | 002,504,112 | ---- | M] () -- C:\Users\Dimikopf\Desktop\wubi.exe [2012.07.08 20:15:22 | 735,358,976 | ---- | M] () -- C:\Users\Dimikopf\Desktop\ubuntu-12.04-desktop-i386.iso [2012.07.08 15:39:20 | 000,000,600 | ---- | M] () -- C:\Users\Dimikopf\AppData\Roaming\winscp.rnd [2012.07.08 15:31:33 | 000,001,857 | ---- | M] () -- C:\Users\Dimikopf\Desktop\WinSCP.lnk [2012.07.08 15:31:05 | 003,093,848 | ---- | M] (Martin Prikryl ) -- C:\Users\Dimikopf\Desktop\winscp438setup.exe [2012.07.07 15:43:19 | 000,015,443 | ---- | M] () -- C:\Users\Dimikopf\Desktop\Stein Papier....odt [2012.07.07 14:53:29 | 003,466,248 | ---- | M] (TrueCrypt Foundation) -- C:\Users\Dimikopf\Desktop\TrueCrypt_Setup_7.1a.exe [2012.07.07 14:53:00 | 003,466,248 | ---- | M] (TrueCrypt Foundation) -- C:\Users\Dimikopf\Desktop\TrueCrypt_Setup_7.1a.exe.part [2012.07.06 23:50:20 | 001,403,695 | ---- | M] () -- C:\Users\Dimikopf\Desktop\concept-016-reaper_attack-o.jpg [2012.07.06 23:48:44 | 177,164,651 | ---- | M] () -- C:\Users\Dimikopf\Desktop\ME3ECSoundtrack.zip [2012.07.06 15:50:23 | 000,739,832 | ---- | M] (Google Inc.) -- C:\Users\Dimikopf\Desktop\GoogleEarthPluginSetup.exe [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 01:35:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.05 01:11:51 | 000,146,926 | ---- | C] () -- C:\Users\Dimikopf\Documents\kaspersky.cfg [2012.08.04 20:57:18 | 003,068,270 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Fort Minor - Red to Black (feat. Kenna, Jonah Matranga and Styles of Beyond).mp3 [2012.08.03 23:13:19 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.03 23:10:01 | 022,657,136 | ---- | C] () -- C:\Users\Dimikopf\Desktop\vlc-2.0.2-win32.exe [2012.08.03 22:08:11 | 002,385,382 | ---- | C] () -- C:\Users\Dimikopf\Desktop\MW3MU.rar [2012.08.03 18:21:43 | 004,242,352 | ---- | C] () -- C:\Users\Dimikopf\Desktop\ConnectifyInstaller.exe [2012.08.02 12:35:03 | 003,271,816 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Tom Hangs feat. Shermanology - Blessed (Avicii Radio Edit).mp3 [2012.08.02 12:26:59 | 004,651,499 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Tom Hangs - Blessed (Avicii Edit).mp3 [2012.08.02 11:16:22 | 000,002,100 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2012.08.01 19:21:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 13:03:22 | 000,269,998 | ---- | C] () -- C:\Users\Dimikopf\Desktop\IMG_31072012_130243.png [2012.07.29 00:29:45 | 000,337,595 | ---- | C] () -- C:\Users\Dimikopf\Desktop\photo.php [2012.07.26 21:18:50 | 000,074,775 | ---- | C] () -- C:\Users\Dimikopf\Desktop\389721_328393433902194_413365959_n.jpg [2012.07.26 20:51:20 | 000,036,430 | ---- | C] () -- C:\Users\Dimikopf\Desktop\539027_363909213679804_12972771_n.jpg [2012.07.26 07:03:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.07.25 16:40:37 | 000,039,144 | ---- | C] () -- C:\Users\Dimikopf\Desktop\2157029_q2149o1085i2233b3339x3619e4116r2877.JPG [2012.07.22 22:57:50 | 000,260,319 | ---- | C] () -- C:\Users\Dimikopf\Documents\fick.xps [2012.07.22 22:57:42 | 000,261,042 | ---- | C] () -- C:\Users\Dimikopf\Documents\auszug.xps [2012.07.22 22:55:06 | 000,035,037 | ---- | C] () -- C:\Users\Dimikopf\Desktop\profil.jpg [2012.07.22 22:54:17 | 000,089,311 | ---- | C] () -- C:\Users\Dimikopf\Desktop\390465_196582523752326_1800745901_n.jpg [2012.07.22 22:52:47 | 000,895,534 | ---- | C] () -- C:\Users\Dimikopf\Desktop\IMG_1242.PNG [2012.07.22 20:54:21 | 045,643,607 | R--- | C] () -- C:\Users\Dimikopf\Desktop\Faelscherwerkstatt.rar [2012.07.21 20:45:05 | 000,124,555 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Mousometer.Gadget [2012.07.21 11:42:16 | 738,560,000 | ---- | C] () -- C:\Users\Dimikopf\Desktop\American Pie - 1.avi [2012.07.19 17:28:37 | 099,308,192 | ---- | C] () -- C:\Users\Dimikopf\Desktop\avira_free_antivirus_de.exe [2012.07.19 16:47:49 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012.07.08 21:49:20 | 002,504,112 | ---- | C] () -- C:\Users\Dimikopf\Desktop\wubi.exe [2012.07.08 21:48:38 | 732,213,248 | ---- | C] () -- C:\Users\Dimikopf\Desktop\ubuntu-12.04-desktop-amd64.iso [2012.07.08 19:55:44 | 735,358,976 | ---- | C] () -- C:\Users\Dimikopf\Desktop\ubuntu-12.04-desktop-i386.iso [2012.07.08 15:31:34 | 000,000,600 | ---- | C] () -- C:\Users\Dimikopf\AppData\Roaming\winscp.rnd [2012.07.08 15:31:33 | 000,001,857 | ---- | C] () -- C:\Users\Dimikopf\Desktop\WinSCP.lnk [2012.07.07 15:43:19 | 000,015,443 | ---- | C] () -- C:\Users\Dimikopf\Desktop\Stein Papier....odt [2012.07.06 23:50:17 | 001,403,695 | ---- | C] () -- C:\Users\Dimikopf\Desktop\concept-016-reaper_attack-o.jpg [2012.07.06 23:42:52 | 177,164,651 | ---- | C] () -- C:\Users\Dimikopf\Desktop\ME3ECSoundtrack.zip [2012.03.04 20:00:14 | 000,017,408 | ---- | C] () -- C:\Users\Dimikopf\AppData\Local\WebpageIcons.db [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.11 18:42:14 | 000,002,048 | -HS- | C] () -- C:\Users\Dimikopf\AppData\Local\{997b5ae7-b4a3-3a8b-cb2a-9ffb7bbcbd4b}\@ [2012.01.08 12:10:10 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2012.01.06 22:26:13 | 000,000,239 | ---- | C] () -- C:\Users\Dimikopf\.swfinfo [2012.01.06 22:26:00 | 000,001,848 | ---- | C] () -- C:\Users\Dimikopf\AppData\Roaming\.southparkloader.xml [2011.12.31 21:13:42 | 000,007,630 | ---- | C] () -- C:\Users\Dimikopf\AppData\Local\Resmon.ResmonCfg [2011.12.20 22:41:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.12.15 20:58:18 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.15 20:58:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.02 23:08:31 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2011.12.02 23:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2011.12.02 23:08:30 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2011.11.30 19:27:23 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.11.16 16:21:59 | 000,000,096 | ---- | C] () -- C:\Users\Dimikopf\AppData\Local\fusioncache.dat [2011.11.16 16:10:12 | 001,621,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.12 21:14:20 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.12 19:22:01 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.12 19:21:57 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe < End of report > Extra Log OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2012 13:47:30 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Dimikopf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 66,24% Memory free
15,96 Gb Paging File | 12,79 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1347,34 Gb Total Space | 799,52 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 879,49 Gb Free Space | 94,42% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 29,58 Gb Free Space | 60,59% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 81,56 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Computer Name: DIMIS-PC | User Name: Dimikopf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B92E2E7-8DFB-441C-9EDC-EE9A9AD2F5FB}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{0E556440-7B56-4AB7-BAB4-923189A77468}" = rport=138 | protocol=17 | dir=out | app=system |
"{1305D932-37FC-4386-B54D-D57AF7802D06}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{1385B4A3-1C51-4E93-9324-483CFF658B31}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{16BB0FB3-9BB9-4A61-BB50-D4AA45F31B17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A5735C1-F099-4DD4-A4E2-7DAA8E027B21}" = lport=3658 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{27BE6F65-89A5-4439-9EAF-899AFA868297}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2876E5C2-0004-43A4-B4CB-9572EBDC35FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA637A4-DC05-48BB-95A4-26C22D863295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30FFCB15-FAF8-4EC9-A6FF-A9238395EE93}" = lport=5223 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{328C1C38-F89F-43AF-BD61-8FD5B3D4784C}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{35BC0321-D1FE-4B69-9EB8-B64B254BF47D}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{37A01782-B66E-4DE6-A4B8-8D483E488E3D}" = lport=88 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{45F419B6-8919-4D73-BFD5-60B4B3048676}" = lport=59278 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{4A938597-532D-4707-AEA6-45F0E53E153C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F123B51-69A0-426A-96FB-6FE07E2B52EC}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{4F814235-3A63-4929-8EED-EA36520FAB17}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5372F5EF-8F7A-43EA-91FB-AD2ABF062F37}" = lport=3478 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{5E297929-62CD-4E83-9181-00515252B958}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{6198EBDF-64DF-47AA-8744-DACBD998A6EA}" = lport=5000 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{6419F5FC-D2EE-4FFC-B6D2-7B7DE8CB2156}" = lport=139 | protocol=6 | dir=in | app=system |
"{68AA8E18-247D-4FBB-9C17-BF28C80FE185}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{6DA0B892-6C5E-4B08-A0D2-DAE98DD398C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{7050B775-8FE3-45AA-8878-5F66F8BF6362}" = lport=3479 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{735B617A-DB39-477A-87B9-A38AB9CF9A37}" = lport=88 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{86723399-DE21-467B-A32D-AD91319F434B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{888513DF-8F5D-4F11-B507-B399D2B5583C}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EF0149B-8DED-4DBE-BE10-9FA024DDD0EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BB4D1FB-4B88-4439-AEEC-85B842D27259}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F5C2687-944C-4391-959F-A7E438D3FD8B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A122379F-905E-4777-BCE9-8FF9BCE51C08}" = lport=3074 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{A2566A4A-DF2C-4A06-B001-F32918A3DC1D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3533208-DA7E-4362-AAB2-BD564240532D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A571BA21-312D-40EC-9871-8F44ABB47113}" = lport=3074 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{AB0B0BE6-6E2B-4E1A-92F5-EE469D6D9B99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AE781F28-0D98-4349-A9C6-A705638C1141}" = lport=3074 | protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{B69B55C8-50C3-4F38-87CD-B1DC45A1924C}" = lport=59278 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{BB9C7906-045E-4C53-91BC-93F4C35D5301}" = lport=3478 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{BD836105-226B-4BE7-A3E8-49612BDB2954}" = lport=5000 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{C05E078C-84A4-4E3F-BB7C-8F87A5035073}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C319D5B6-1185-45A4-BA08-DB11615DAA96}" = lport=3074 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{C478B8F3-A92A-486B-91FC-BF8238C28C36}" = lport=3658 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{C5AF3707-8D98-48E5-AA01-4A56B8065D4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CAC8C934-2E8D-4E31-8B5C-16C87BA01E65}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CFBEA993-3357-4C4A-B7C0-65D3FAD44205}" = lport=3074 | protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{D01C01C1-2704-435D-ADA2-7C043018A4D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4599027-322C-4047-8F88-5896DAE323D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{DED3BFED-A95F-4B6C-9251-F4EA0E935C86}" = lport=3479 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{DFF81F49-3ECF-47A6-A27B-8ECFF1A2CD97}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0CF8B72-8ACE-4753-948A-D46C79D098A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5AC349C-F35E-4124-81FD-2E939C2BEBF8}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{E8D25F0F-80E0-49BB-853D-99538AE774C5}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E9DE02B2-4E16-49F5-B1A2-6086504F4BF8}" = lport=5223 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{EAC0C54F-8B4C-4372-89B6-0764763AE706}" = lport=138 | protocol=17 | dir=in | app=system |
"{FF51D0D4-90DB-41CF-BA0B-A1372DB9A6CA}" = lport=3074 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00931618-564D-4EBE-ADB7-9E3B2C005C05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{060910F7-9CCB-4E4C-8E67-A50E0F53737B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0A16E143-8AAA-4D44-8477-DA8E8BE4D81A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0BA8382D-E029-4E36-995A-7BF08EB9DF24}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{0C8A5511-2311-4622-AE33-9902FFD6DB97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10B944F6-7542-49A2-804F-70281FCADD04}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{11E4AA74-62EC-42CA-9ADA-9B72B37F2730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{130C0F15-03D3-482F-A94A-52D1814F2900}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{138395F2-2370-411A-BF18-2948513C89C0}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1492F67F-18AC-4F7F-B7A6-FCB0C5E205B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1859E24B-366A-4922-B763-C84B37082508}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AB30D51-6B73-454D-B6CD-1D79A8B807F6}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{1B8B3503-0183-4C9B-A7AF-12B6BA694AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{1D09D9B9-60D4-47E4-9C30-995A656056D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{1F190A7D-8FAD-43FD-B862-FB3BA0F6FF48}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1F37CA42-8C14-4411-B1C8-562481A59BD4}" = protocol=6 | dir=in | app=c:3\cod mw\iw3mp.exe |
"{20005BA5-029E-4F09-83D9-95BEAA92B779}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{204A2787-DF29-477C-AC3C-CF0A7807642F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2126E680-7C0E-4DC8-B310-9536922CD4ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{2128D8FF-A51F-4CA9-83EF-6D184764ED81}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{272E57F5-2566-4EDF-8851-F68D149B0B14}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{273B362C-AEDA-4A6F-8EAC-DCBE44C2600D}" = dir=out | app=c:\windows\system32\svchost.exe |
"{273C9146-98CE-4C64-9CDE-E6C9A5E4ED7D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{291E79DA-917E-4863-A31B-3FB066560A6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2BA8524C-41A3-450A-A220-16B902897859}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{303010BB-6A91-4100-B6D7-B8C2C1D3A4E9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{34217816-9599-4C31-A5F7-CC760D05A774}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{34631756-9CFA-4249-87FC-3BDDEC93A65B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{34C85ECF-8F8C-4AD4-83F5-A0CC713544BD}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{353D11BC-30EE-42E1-BE67-8B547CD04660}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{3F333F86-9A33-4193-90AD-94672C97AED1}" = protocol=17 | dir=in | app=j:\cod mw\iw3mp.exe |
"{3FC3C460-35A0-44D4-B676-C83E8547BB37}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{41D93544-1505-4DF6-98B1-6A8F9953F46B}" = protocol=17 | dir=in | app=c:3\cod mw\iw3mp.exe |
"{42ED2D84-CA5D-4DE2-8309-980CCDAE97B8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{46D196D7-A5CD-49BB-85DB-146428DC8763}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{4ACB3314-3620-447E-9724-35A9C9016DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5519879C-CE89-4744-B36A-13DC0B230709}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{55A9B670-B42A-4EAB-92FC-08451FFB91B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56E8F97F-1A76-42A4-94CD-18C039762FE5}" = protocol=6 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{57B6A410-23EC-4036-B621-71FE1EFB6624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{57D66334-13AD-4AAC-AEFE-924B9B974845}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5943F698-7EE7-496D-9DEB-9BF334EC01D2}" = protocol=58 | dir=in | app=system |
"{605E0BCB-BB2F-4166-8B24-8DD781544AC2}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{6526F4F1-99C3-4DF3-88FB-8FA20399A140}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{69857CA9-DE08-4725-90DF-0FF2A11DBB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz beta\bin32\nexuiz.exe |
"{6B571162-7662-4092-826C-748E0F036C21}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{72ADB578-6CD4-4CC7-A57D-ACB168FCF38E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{775675ED-BB54-4071-A659-63FBEA7A6845}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7777044F-81FD-4905-B90A-1616826DB2FD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{78A88377-08D4-4716-ABEF-F9722A95482D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79E84E93-1327-4EA1-8F20-F5F9C9E8DFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{7A950C55-808B-4FC0-B7A7-3B5278229DE2}" = protocol=17 | dir=in | app=c:1\cod mw\iw3mp.exe |
"{81BA39E4-15B7-43D9-92F2-7E86AAC178A5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{833F594D-D7C4-448F-B0B9-345E2FFEB322}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83FC82FA-6D4C-4B50-9EC0-CFD134E95B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{847932E2-7BB5-4E82-8CC4-FBFA76DF773A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{874C024D-A6B6-4CBB-A417-4BC57A088F33}" = protocol=1 | dir=in | name=icmp - in |
"{8AB50ED9-7218-4D82-9D6E-D6470BBD7EB2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{8AE05DC7-7037-400B-BF40-E2F6368C873C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{8D2B21AF-E4ED-4666-B49B-16A1F2346202}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{8DE6EEF5-A666-4F82-AAFC-1AC7BEAF27FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8E679A9D-1275-4AF3-8A3A-CCA8142C3CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F16C9C9-D7D4-44BD-8E80-501A38E9EDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{91285370-1785-4EFE-9122-7B3B6AAD4A78}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{960B0FC1-4F2A-4881-AB31-080EFD937974}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{966A58B6-6CBB-4041-A1CD-4686495F0F18}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{97353F4D-5588-4104-8E83-64F5125C8C09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{97741E8F-2E18-47D8-A219-829C9EA42870}" = protocol=17 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{98D6B5E0-2359-4E29-BB49-03B042390D3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAA9A96-6343-45F6-BB12-59C8964AB85B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A1E2CC82-FBB0-4159-B358-1B6C01031776}" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{A34658C5-1EBE-49E7-B720-42F3D242EA0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A64B27D2-4AC6-49BE-9F47-E11B8967E9CC}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{A94552C0-67D4-4B11-9E04-1729BFD6755C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{AB56A29E-61D9-4570-8D83-ECB1A63C30F4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AC15DDDE-D3FA-43E3-A093-B3289FA81128}" = protocol=6 | dir=in | app=c:1\cod mw\iw3mp.exe |
"{AC5DD39E-92C8-4E7A-95D8-02698E6C16EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{AF065C01-B762-4393-9B91-9509B81C51A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{AF5C2033-1C17-473C-9C5F-C3C05DBEF839}" = protocol=6 | dir=in | app=j:\cod mw\iw3mp.exe |
"{AFE75890-0458-4A28-BD63-0AFBB357135D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{B2EFFC5F-EE1D-4E7F-89F5-31D1277C466D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{B58041C9-58F3-4056-B598-05FF07DE30C6}" = protocol=17 | dir=in | app=d:\spiele\mass effect 3\binaries\win32\masseffect3.exe |
"{C03635F5-110A-49E0-8A41-9D9721F1E8F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{C10C7A6B-2BD7-483D-9DBA-D2288D4C67E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C20AA2E7-BE63-4646-81D7-DBC63A524BCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C43A6391-28BA-4C90-A0A4-AEE9788AC7E9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C68095AD-947D-490D-A0F0-70EBB32605F2}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{C6A651F8-B767-4DBF-B445-21206A9F5665}" = dir=in | app=c:\users\dimikopf\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C7BCB6AE-ABCD-4FF9-A75E-33AC4363A346}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C98C8EC4-1B9E-41A0-BB63-4A150048ACE5}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{CF28AFFA-21A8-4299-8E91-50EF3293664B}" = protocol=6 | dir=in | app=d:\spiele\mass effect 3\binaries\win32\masseffect3.exe |
"{D3FFA8CF-0B41-4668-B5F3-FED584C13402}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexuiz beta\bin32\nexuiz.exe |
"{D48928EA-1321-4AD2-BC06-735BE12464F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7749124-7567-46F9-BAE8-6E374FDE9EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{D7F3BE2E-A8CC-45D4-BB71-95EA498F5483}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D9746473-42D3-4A50-BB97-CF363CDA93CA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA2CEF2C-A690-4403-A7F0-A8EBA6850862}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{DB07DB04-0616-488C-B6DA-80B8823D4AFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE18AA91-99C5-4EFE-87E4-516CA4AFE27E}" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{DF16CC2B-7A1A-4812-AC51-F9131C93DD40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E0BE1F42-AC40-4FC0-96D1-7E7631E6421B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E1464F67-809C-4B80-9BC7-DDE579C561B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E16F29C7-A9C8-4138-9DCB-AF4A74A67010}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{E31202FF-DBBC-4595-9521-2D4236BBC02D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E37D0CE3-FC80-4F64-8256-89EAA947E8B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{E7814E96-72D1-4298-9037-3312CBF17462}" = protocol=6 | dir=out | app=system |
"{EB10352F-E254-40C5-BD5D-75434B1540E9}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{EB424DEA-5E4B-494F-8E3A-7F7A5787569F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{EED8405A-4E2B-4066-AA84-C5B506A4A163}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2F0FB24-1839-4CA3-9286-9C7C42895891}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F366F42A-1EA5-4CBE-B0EE-877BAF501D9D}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{F3DDD4AE-29C8-414F-B9ED-9FD183332E26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F79CCB9F-C0B0-46BB-A4B1-97D94E6577CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{F7C4FA83-9F7F-474E-B7E7-F3B5869B450C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{FC77CCEE-EA1C-48F7-B159-2B59B8719B9F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD967A45-2B99-498F-9DBC-320C8F4ADBDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{05161FD5-5219-4035-95A5-72734BD66058}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{0FE8277A-8BCF-48E6-BBA8-12699A723781}C:1\cod mw\iw3mp.exe" = protocol=6 | dir=in | app=c:1\cod mw\iw3mp.exe |
"TCP Query User{14F412F1-4C42-4CD4-B10C-EDF33112E70E}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{26A49214-A331-411F-A8F1-7E594204E1AF}J:\cod mw\iw3mp.exe" = protocol=6 | dir=in | app=j:\cod mw\iw3mp.exe |
"TCP Query User{32B81CDF-F406-4122-841D-DBD5F1ECBB84}C:1\alter pc\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:1\alter pc\dead space 2\deadspace2.exe |
"TCP Query User{3B0D82D6-5856-48CD-AA89-15B639184376}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{508D8F5F-448B-47FC-A525-5CAF5B82B927}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{542109CF-6EA4-42FB-AAF3-3A4A1A020C6F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{57C62768-3270-4EC2-A8B5-5D17C9D2CB78}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{59231A3F-6D71-4745-85B9-68D5C615EA85}I:\games pc\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=i:\games pc\borderlands\binaries\borderlands.exe |
"TCP Query User{6ED38EA6-DD16-4C5E-8CFA-45DC0837474A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{75E0A4C0-2705-4B43-956A-B87626BFC5F1}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{7829FE03-6E16-4795-9843-7CAAEE548E42}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{A3497817-D3B2-4DA9-8616-CE7A7748EF5A}C:3\cod mw\iw3mp.exe" = protocol=6 | dir=in | app=c:3\cod mw\iw3mp.exe |
"TCP Query User{BAA6216A-BC9D-4EB1-B257-FABB761F01CB}J:\gregor zeugsl\users\lfazel_fakie\desktop\neuer ordner\alex.k geproggtes game\clientbuild53.exe" = protocol=6 | dir=in | app=j:\gregor zeugsl\users\lfazel_fakie\desktop\neuer ordner\alex.k geproggtes game\clientbuild53.exe |
"UDP Query User{147C1FC1-183F-46E7-BB7F-29AABD3C1326}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1F8BB2C6-5B0B-460D-93DB-6CE648189B55}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{21F4D741-BA70-4CFC-A187-630380912747}C:1\cod mw\iw3mp.exe" = protocol=17 | dir=in | app=c:1\cod mw\iw3mp.exe |
"UDP Query User{28200267-CEF9-4D09-A88D-D6BDCC4C6F74}J:\cod mw\iw3mp.exe" = protocol=17 | dir=in | app=j:\cod mw\iw3mp.exe |
"UDP Query User{3ED73DDF-57C7-4328-A431-84CD2CE89E27}I:\games pc\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=i:\games pc\borderlands\binaries\borderlands.exe |
"UDP Query User{497778E2-8CE0-4C85-98A5-E571523009AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{503F48F6-5F38-4514-AEFC-33AD18EE0C38}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{586742F2-5CE8-49FB-BBA7-71D70BD7CE45}C:1\alter pc\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:1\alter pc\dead space 2\deadspace2.exe |
"UDP Query User{5B06569A-5370-4B17-BF17-1E4238BD1485}C:3\cod mw\iw3mp.exe" = protocol=17 | dir=in | app=c:3\cod mw\iw3mp.exe |
"UDP Query User{687CBFA1-BFDF-4EB2-8D06-CB7F05C304C4}J:\gregor zeugsl\users\lfazel_fakie\desktop\neuer ordner\alex.k geproggtes game\clientbuild53.exe" = protocol=17 | dir=in | app=j:\gregor zeugsl\users\lfazel_fakie\desktop\neuer ordner\alex.k geproggtes game\clientbuild53.exe |
"UDP Query User{7E77085B-6C2A-4074-9310-6C123BE8D022}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{862DDD88-FC8D-4F36-8F19-CB04A72A9C9A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{EAB44E67-FCD4-4D5D-B586-180FB197B496}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F50696DF-9FF7-420A-A04A-DA05F6D95A61}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{FFCB5326-587B-4D2F-AEE6-460A7ACED42A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"Connectify" = Connectify
"Folder Guard" = Folder Guard
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C3253A-E984-4769-BC33-CBC8F059C408}" = Video Grabber
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB0181AD-5974-4036-A3A1-A738AAFC2D35}_is1" = Age of Empires - The Rise of Rome
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED3ED369-0D20-4F6E-9CBA-22EDDC171199}" = Microsoft redistributable runtime DLLs VS2010 (x86)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"Battlelog Web Plugins" = Battlelog Web Plugins
"ControlMK" = ControlMK 0.232
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"ESN Sonar-0.70.4" = ESN Sonar
"ExpressBurn" = Express Burn Disc Burning Software
"FileZilla Client" = FileZilla Client 3.5.2
"FXAA Post Process Injector" = FXAA Post Process Injector
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"GTA IV Vehicle Mod Installer v1.2_is1" = GTA IV Vehicle Mod Installer v1.2
"HandBrake" = HandBrake 0.9.5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SAP Visual Enterprise Viewer 70" = SAP Visual Enterprise Viewer 7.0 Complete
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 204410" = The Darkness II Demo
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 96800" = Nexuiz
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.8
"Wireshark" = Wireshark 1.6.4
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 06:44:29 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3759
Error - 04.08.2012 06:44:30 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.08.2012 06:44:30 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992
Error - 04.08.2012 06:44:30 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992
Error - 04.08.2012 06:44:32 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.08.2012 06:44:32 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6255
Error - 04.08.2012 06:44:32 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6255
Error - 04.08.2012 06:44:33 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.08.2012 06:44:33 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7503
Error - 04.08.2012 06:44:33 | Computer Name = Dimis-Pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7503
Error - 05.08.2012 07:36:10 | Computer Name = Dimis-Pc | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.08.2012 06:37:40 | Computer Name = Dimis-Pc | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?08.?2012 um 12:35:26 unerwartet heruntergefahren.
Error - 02.08.2012 06:37:49 | Computer Name = Dimis-Pc | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 02.08.2012 09:02:27 | Computer Name = Dimis-Pc | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?08.?2012 um 15:01:18 unerwartet heruntergefahren.
Error - 02.08.2012 09:02:32 | Computer Name = Dimis-Pc | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 02.08.2012 09:28:26 | Computer Name = Dimis-Pc | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 02.08.2012 09:28:26 | Computer Name = Dimis-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.08.2012 06:45:28 | Computer Name = Dimis-Pc | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?08.?2012 um 12:43:13 unerwartet heruntergefahren.
Error - 03.08.2012 06:45:36 | Computer Name = Dimis-Pc | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 03.08.2012 08:33:27 | Computer Name = Dimis-Pc | Source = ipnathlp | ID = 30013
Description =
Error - 05.08.2012 07:33:15 | Computer Name = Dimis-Pc | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Y:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
< End of report >
Hoffentlich könnt ihr mir helfen! Lg Ironie  PS Nachdem ich in OTL auf Bereinigung geklickt habe, ist mein PC neugestartet, dann waren die Logs von oben und die OTL.exe gelöscht, daraufhin habe ich OTL noch einmal gedownloaded und nochmal scannen lassen. Im Anhang sind die Aktualisierten Logs. Geändert von Ironie (05.08.2012 um 14:32 Uhr) Grund: anhänge hinzugefügt |
|
06.08.2012, 03:27
| #2 |
| /// Helfer-Team  |  OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\Dimikopf\AppData\Local\Temp\detectlib6100.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {2D2EDEC8-D9EB-439D-9A3C-92A5724B71B6}
IE - HKCU\..\SearchScopes\{2D2EDEC8-D9EB-439D-9A3C-92A5724B71B6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 31.7.56.72:8080
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [FG_Monitor] C:\PROGRA~2\NEUERO~1\FOLDER~1\FGKey64.exe /Start File not found
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7acfa7f6-12e7-11e1-b010-8c89a568a9a3}\Shell - "" = AutoRun
O33 - MountPoints2\{7acfa7f6-12e7-11e1-b010-8c89a568a9a3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{81cc8cdb-59a4-11e1-9db0-8c89a568a9a3}\Shell - "" = AutoRun
O33 - MountPoints2\{81cc8cdb-59a4-11e1-9db0-8c89a568a9a3}\Shell\AutoRun\command - "" = H:\setup.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.08.02 14:56:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.26 07:03:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.19 16:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.08.05 13:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 13:00:01 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1901890234-1663409302-2317966541-1001UA.job
[2012.08.05 12:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 07:00:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1901890234-1663409302-2317966541-1001Core.job
[2012.07.19 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\Yrafit
[2012.07.19 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Dimikopf\AppData\Roaming\Eqakw
[2012.01.11 18:42:14 | 000,002,048 | -HS- | C] () -- C:\Users\Dimikopf\AppData\Local\{997b5ae7-b4a3-3a8b-cb2a-9ffb7bbcbd4b}\@
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
06.08.2012, 11:55
| #3 | |
| |  OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe hier das Logfile:
__________________Zitat:
und schonmal für die hilfe: Lg Ironie |
|
06.08.2012, 14:16
| #4 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Sehr gut!  Wir sind noch nicht fertig. Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
06.08.2012, 18:28
| #5 | ||
| |  OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe pc läuft ganz gut den malwarescan lass ich heute übernacht laufen und dann start ich morgen früh noch schnell den adware cleaner. morgen kommen dann die logs. lg Ironie also hier die logs: Malwarebytes: Zitat:
Zitat:
Lg Ironie  |
|
07.08.2012, 14:24
| #6 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe |
|
09.08.2012, 15:17
| #7 | |
| | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe also: hier gleich mal der adware log: Zitat:
kann es sein dass das mit Kaspersky zusammenhängt? lg Ironie |
|
09.08.2012, 17:43
| #8 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Mach Kasper mal aus fuer den Scan! |
|
09.08.2012, 22:28
| #9 | |
| | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe hier der Emisoft Log es gab Funde: Zitat:
|
|
10.08.2012, 12:25
| #10 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
10.08.2012, 16:04
| #11 | |
| | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe hier eset logfile: Zitat:
Geändert von Ironie (10.08.2012 um 16:33 Uhr) Grund: double Post |
|
10.08.2012, 18:43
| #12 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
10.08.2012, 21:19
| #13 | |
| | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Hier der Erste Combofix Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-09.01 - Dimikopf 10.08.2012 22:09:37.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5342 [GMT 2:00]
ausgeführt von:: c:\users\Dimikopf\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Dimikopf\AppData\Local\Temp\{D40E1EBB-FD48-4209-B7D9-415D430B5630}\fpb.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-10 bis 2012-08-10 ))))))))))))))))))))))))))))))
.
.
2012-08-10 15:09 . 2012-08-10 15:09 -------- d-----w- c:\windows\Sun
2012-08-10 09:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0739C675-13B8-44F7-88FB-96353E9CB21F}\mpengine.dll
2012-08-08 09:50 . 2012-08-10 11:59 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-08 02:07 . 2012-08-10 20:06 -------- d-----w- c:\users\Dimikopf\AppData\Roaming\vlc
2012-08-08 02:06 . 2012-08-08 02:06 -------- d-----w- c:\program files\VideoLAN
2012-08-06 10:45 . 2012-08-06 10:45 -------- d-----w- C:\_OTL
2012-08-04 23:35 . 2012-08-04 23:35 -------- d-----w- c:\users\Dimikopf\AppData\Roaming\Malwarebytes
2012-08-04 23:35 . 2012-08-04 23:35 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:35 . 2012-08-04 23:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 23:35 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 13:18 . 2012-08-04 23:24 -------- d-----w- c:\users\Dimikopf\AppData\Roaming\QuickScan
2012-08-02 13:08 . 2012-08-02 13:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-02 13:07 . 2012-08-02 13:07 -------- d-----w- c:\program files (x86)\Oracle
2012-08-02 13:07 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-01 20:45 . 2012-08-07 00:32 -------- d-----w- c:\program files\CCleaner
2012-07-21 09:44 . 2012-07-21 09:44 -------- d-----w- c:\users\Dimikopf\AppData\Roaming\MW3 FoV Changer
2012-07-19 14:48 . 2012-07-19 15:18 -------- d-----w- c:\programdata\225932FDD046EC3B16007146F875F002
2012-07-12 01:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 08:12 . 2012-06-18 12:06 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-08 08:12 . 2011-11-12 17:22 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-08 08:12 . 2011-11-12 17:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-03 11:11 . 2012-04-06 10:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:11 . 2011-08-31 22:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2011-11-12 16:59 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-18 12:11 . 2011-11-12 17:21 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-09 05:43 . 2012-07-11 11:05 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:05 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:05 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:05 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:52 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:52 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:52 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:52 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 12:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 12:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
"RocketDock"="d:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Facebook Update"="c:\users\Dimikopf\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-05-02 4116296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-11-12 300416]
ZDWLan Utility.lnk - c:\program files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2011-12-2 475136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-05-15 907904]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-19 29288]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-01 27240]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2011-12-02 31344]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2011-05-12 26728]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-05-02 65536]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FGUARD64;FGUARD64;c:\program files (x86)\Neuer Ordner\Folder Guard\FGUARD64.SYS [2008-01-04 69752]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-11-09 1677072]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-06-02 401896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 279616]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-03-11 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 16:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
TCP: Interfaces\{074DC444-CF82-4A88-AF58-E3F8FE7043D4}: NameServer = 192.168.93.1
TCP: Interfaces\{5C948507-5E50-470D-A19A-3C9B38D7D304}: NameServer = 192.168.11.1
FF - ProfilePath - c:\users\Dimikopf\AppData\Roaming\Mozilla\Firefox\Profiles\uc8m5atr.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1901890234-1663409302-2317966541-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*þpym`8*€S*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1901890234-1663409302-2317966541-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*þpym`8*€S*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1901890234-1663409302-2317966541-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,0b,d2,d1,1a,c2,92,2b,6c,27,c8,19,74,85,50,1b,3d,cf,2c,14,a0,6b,9e,
e6,6a,b6,e4,6a,53,b2,46,bf,02,dc,e4,5d,3f,35,c0,fc,7d,6c,7f,ed,4d,c6,83,a7,\
"??"=hex:37,4b,a5,c5,0e,a3,42,3d,f5,46,94,da,a7,d2,4e,d0
.
[HKEY_USERS\S-1-5-21-1901890234-1663409302-2317966541-1001\Software\SecuROM\License information*]
"datasecu"=hex:fa,2a,66,52,19,a2,4a,d6,41,0a,34,ac,26,28,74,cb,62,5d,41,e8,87,
09,7a,17,bb,e9,01,c7,49,f7,0a,92,b1,25,6d,3b,01,c4,ca,22,44,1e,bd,ea,c8,ed,\
"rkeysecu"=hex:7a,0d,70,26,d4,06,ac,3b,7d,9a,89,19,c0,71,5d,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-10 22:16:01
ComboFix-quarantined-files.txt 2012-08-10 20:16
.
Vor Suchlauf: 11 Verzeichnis(se), 856.863.657.984 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 856.690.253.824 Bytes frei
.
- - End Of File - - B41B00177F03CC2276C6571A06E399F8
und hier der zweite Log mit den Programmen: Zitat:
|
|
11.08.2012, 01:43
| #14 |
| /// Helfer-Team | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
11.08.2012, 09:57
| #15 |
| | OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe ok hab ich gemacht. wie gehts weiter? |
|
| Themen zu OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe |
| antivirus, avp.exe, black, bonjour, ccsetup, downloader, error, fehler, firefox, flash player, google earth, grand theft auto, gvu trojaner, helper, home, iexplore.exe, infiziert, install.exe, jdownloader, kaspersky, launch, limited.com/facebook, logfile, malware, microsoft office starter 2010, mozilla, nvidia update, nvpciflt.sys, otl oldtimer, plug-in, realtek, registry, scan, security, software, svchost.exe, system, tastatur, teamspeak, trojaner, usb 3.0, viren, windows |
Linear-Darstellung
