|
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2012, 13:04 | #1 |
| Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? Guten Tag, Ich war am Surfen, dann kam auf einmal ein weiser bildschirm mit text, dass mein Computer gesperrt sei. Auf der rechten Seiten war ne Zahlung eingerichtet, bei der 100€ voreingestellt war. An mehr erinner ich mich leider nicht, da ich mir nicht mehr durchgelesen habe. Danach hab ich den Benutzer gewecheslt, und eine Systemherstellung vorgenommen. Jetzt komme ich auch wieder in meinen urspruenglichen Benutzer. Habe trotzdem ein wenig gegoogelt, bin auf dieses forum gestoßen. Mein Problem ist, dass ich das Problem anders angegangen bin (Systemwiederherstellung), wie hier empfohlen und ich mir nicht sicher bin auf welchen trojanerkern meiner zutrifft. So habe ich einen Malwaretest gemacht, via dem von ihnen empfohlenen malwarebytes Anti-Malware programm. Bei diesem Test kam heraus, dass infizierte Objekte vorhanden sind. report folgt: (habe jz auf auswahl loeschen geklickt, weil das in dem Guide so stand und ich nichts mit in Quarantäne verschieben fand) danke fuer jede muehe schon mal im vorraus wie gehe ich jz weiter vor? was sind das fuer viren/trojaner? -------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.07.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 sebastian :: SEBASTIAN-PC [Administrator] 07.08.2012 12:42:26 mbam-log-2012-08-07 (12-42-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449389 Laufzeit: 1 Stunde(n), 16 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\sebastian\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\sebastian\AppData\Local\Temp\is357113909\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Der defogger test ergab nichts OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2012 18:03:19 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,69% Memory free 7,71 Gb Paging File | 5,49 Gb Available in Paging File | 71,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 154,83 Gb Total Space | 51,10 Gb Free Space | 33,00% Space Free | Partition Type: NTFS Drive D: | 419,86 Gb Total Space | 393,47 Gb Free Space | 93,71% Space Free | Partition Type: NTFS Drive E: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASTIAN-PC | User Name: sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.07 17:53:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe PRC - [2012.05.08 17:01:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:01:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:01:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.03.08 13:46:50 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.03.08 13:46:41 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.10 15:56:43 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.10.14 14:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 22:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 22:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.06.09 09:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.05.04 00:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.05.04 00:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 08:59:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.15 08:59:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 08:59:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.15 08:59:24 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.12 12:28:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.11 23:09:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 23:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.11 23:08:21 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 23:08:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 23:08:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 23:08:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.15 11:10:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.07.01 21:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax MOD - [2010.02.23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.02.23 15:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007.06.15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007.06.02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.11 15:44:45 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.06.22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.05.08 17:01:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:01:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.03.08 13:46:50 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.03.08 13:46:41 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 17:01:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 17:01:30 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.08 22:00:18 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 15:56:33 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.13 12:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.11 16:15:49 | 007,765,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.11 15:11:07 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2010.07.15 02:47:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.14 08:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.26 10:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.02.24 21:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/10 05:23:16] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 23:54:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.26 21:27:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.06 20:39:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\sebastian\AppData\Roaming\5045 [2011.11.21 18:34:28 | 000,000,000 | ---D | M] [2011.02.04 20:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sebastian\AppData\Roaming\mozilla\Extensions [2011.08.13 23:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions [2011.08.13 23:57:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.03 23:11:19 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions\toolbar@ask.com [2011.02.15 21:43:36 | 000,001,583 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hmkf1ijz.default\searchplugins\web-search.xml [2012.01.26 21:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.10 13:48:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.21 18:34:28 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SEBASTIAN\APPDATA\ROAMING\5045 [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" File not found O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7133F58D-B9A1-4347-A355-C91D1D58257F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7707379C-C745-4175-B303-D5B6A86106D8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.03 13:20:21 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2008.01.25 22:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.03.06 08:38:56 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ CDFS ] O33 - MountPoints2\{47d97826-c3f6-11e0-b1f9-bcaec5a02019}\Shell - "" = AutoRun O33 - MountPoints2\{47d97826-c3f6-11e0-b1f9-bcaec5a02019}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{7c5fea1a-308f-11e0-a923-bcaec5a02019}\Shell - "" = AutoRun O33 - MountPoints2\{7c5fea1a-308f-11e0-a923-bcaec5a02019}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{f699e43c-c438-11e0-a7d1-bcaec5a02019}\Shell - "" = AutoRun O33 - MountPoints2\{f699e43c-c438-11e0-a7d1-bcaec5a02019}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 17:53:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe [2012.08.07 12:41:32 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Roaming\Malwarebytes [2012.08.07 12:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.07 12:41:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.07 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.07 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.07 11:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\rxkphuhcpnjfyub [2012.07.11 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDjView [2012.07.11 19:37:20 | 003,452,059 | ---- | C] (Andrew Zhezherun) -- C:\Users\sebastian\Desktop\WinDjView-1.0.3-Setup.exe [2012.07.11 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Plugins [1 C:\Users\sebastian\AppData\Roaming\*.tmp files -> C:\Users\sebastian\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.07 17:53:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe [2012.08.07 17:53:11 | 000,000,000 | ---- | M] () -- C:\Users\sebastian\defogger_reenable [2012.08.07 17:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 14:16:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 14:16:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 14:07:38 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.07 14:07:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 14:07:13 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 12:41:08 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 11:59:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\wxcwunfzpeasjft [2012.07.30 14:49:25 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 14:49:25 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.30 14:49:25 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 14:49:25 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.30 14:49:25 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.11 19:37:24 | 003,452,059 | ---- | M] (Andrew Zhezherun) -- C:\Users\sebastian\Desktop\WinDjView-1.0.3-Setup.exe [2012.07.11 16:38:23 | 000,314,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.10 18:20:32 | 629,981,737 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Users\sebastian\AppData\Roaming\*.tmp files -> C:\Users\sebastian\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.07 17:53:11 | 000,000,000 | ---- | C] () -- C:\Users\sebastian\defogger_reenable [2012.08.07 12:41:08 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 11:59:34 | 000,000,051 | ---- | C] () -- C:\ProgramData\wxcwunfzpeasjft [2012.05.28 23:48:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.03.08 13:46:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.08 13:46:41 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.03.08 13:46:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.29 19:19:29 | 000,000,032 | ---- | C] () -- C:\Users\sebastian\.simfy [2011.11.21 18:34:18 | 000,000,072 | ---- | C] () -- C:\Users\sebastian\AppData\Roaming\blckdom.res [2011.04.12 16:32:21 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.03 12:04:30 | 000,001,110 | ---- | C] () -- C:\Users\sebastian\Splendid Utility.Lnk [2011.04.03 12:04:02 | 000,001,150 | ---- | C] () -- C:\Users\sebastian\SmartLogon Manager.lnk [2011.04.03 12:03:08 | 000,001,094 | ---- | C] () -- C:\Users\sebastian\LifeFrame.lnk [2011.04.03 12:02:28 | 000,002,595 | ---- | C] () -- C:\Users\sebastian\ControlDeck.lnk [2011.03.28 18:28:06 | 000,001,400 | ---- | C] () -- C:\Users\sebastian\Free YouTube to MP3 Converter.lnk [2011.03.28 12:55:45 | 000,002,068 | ---- | C] () -- C:\Users\sebastian\KickoffPoker.lnk [2011.03.27 13:35:02 | 000,001,053 | ---- | C] () -- C:\Users\sebastian\Full Tilt Poker.lnk [2011.03.20 14:43:39 | 000,005,120 | ---- | C] () -- C:\Users\sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.06 15:46:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.02.05 20:29:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.02.04 20:52:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.10 15:58:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.10 15:56:36 | 000,001,236 | ---- | C] () -- C:\Users\sebastian\ASUS Data Security Manager.Lnk [2010.12.10 15:56:22 | 000,002,595 | ---- | C] () -- C:\Users\sebastian\AI Recovery Burner.lnk [2010.12.10 15:48:26 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.10 15:40:20 | 000,001,603 | ---- | C] () -- C:\Users\sebastian\e-Driver.lnk [2010.12.10 15:37:40 | 000,002,069 | ---- | C] () -- C:\Users\sebastian\syncables desktop SE.lnk [2010.12.10 15:37:07 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.11.21 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\5045 [2011.02.04 18:42:03 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Asus WebStorage [2011.07.01 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Canneverbe Limited [2011.08.19 13:58:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Command & Conquer 3 Kanes Rache [2011.08.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Command and Conquer 4 [2011.02.21 20:29:36 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DAEMON Tools Lite [2011.08.11 12:58:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DAEMON Tools Pro [2011.08.08 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DC++ [2011.08.13 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DVDVideoSoft [2011.03.28 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.22 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\HEM Data [2011.03.05 23:31:21 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\HoldemManager [2012.07.11 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Juniper Networks [2011.11.21 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\kock [2012.03.07 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\LolClient [2011.03.15 11:22:33 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\OpenOffice.org [2011.05.09 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Opera [2011.03.16 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Rainmeter [2011.10.10 10:15:00 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Roaming [2012.08.07 13:05:32 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Ruyb [2011.08.30 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Simfy [2012.07.09 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\SoftGrid Client [2011.08.27 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Sports Interactive [2011.02.06 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TeamViewer [2011.04.12 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TP [2011.02.04 21:04:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Trillian [2012.06.21 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TS3Client [2012.04.25 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\UAs [2012.07.11 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\UDC Profiles [2012.02.15 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Wefy [2012.04.25 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\xmldm [2011.09.15 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\sebastian2\AppData\Roaming\Rainmeter [2012.07.20 11:53:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC < End of report > --------------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.08.2012 18:03:19 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\sebastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,69% Memory free 7,71 Gb Paging File | 5,49 Gb Available in Paging File | 71,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 154,83 Gb Total Space | 51,10 Gb Free Space | 33,00% Space Free | Partition Type: NTFS Drive D: | 419,86 Gb Total Space | 393,47 Gb Free Space | 93,71% Space Free | Partition Type: NTFS Drive E: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASTIAN-PC | User Name: sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{092A9A3E-FAD0-45C7-A0CA-CE9D66ECA21D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0C4A5571-BE5D-49FE-8391-7B493F268B09}" = lport=445 | protocol=6 | dir=in | app=system | "{14BD83CF-A9FB-486F-9133-E81EC402000A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27043F4D-236D-41A1-A31E-AA93E5B7E3B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{28431200-6A0B-4D91-BF1C-2BB163890EC5}" = lport=2869 | protocol=6 | dir=in | app=system | "{38E22793-3B0D-47A4-A043-36AC27DA2C08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{404B7439-90E3-4DC4-BD25-7059D2762548}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4553D8B7-EE51-4C35-A008-B1C9B0EE4225}" = lport=137 | protocol=17 | dir=in | app=system | "{493EE5DA-F464-41A4-8C85-1FA1A7C8AF56}" = lport=10243 | protocol=6 | dir=in | app=system | "{566C4DF1-C187-460C-AE04-F9ABFC47A520}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{656045F3-31ED-460E-96D3-568989FF5930}" = lport=2869 | protocol=6 | dir=in | app=system | "{6D82D814-BCFF-40A6-9761-DBAEB78016BE}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{6E447A32-B420-4829-9B7B-4A00BEE691A3}" = rport=137 | protocol=17 | dir=out | app=system | "{7069532F-BA57-4062-92C7-5886D7BAD95B}" = rport=445 | protocol=6 | dir=out | app=system | "{727B3B1F-FAB6-4EBB-8D80-6467D0E55957}" = rport=138 | protocol=17 | dir=out | app=system | "{7E227423-A8E7-4254-854D-7F9FAC3584D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FB53812-B83C-48B9-AD7F-9359102BE11D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{97B595DF-8F0A-4D01-A1CD-1B0350E7DAEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9CEAAA31-EC6F-4710-B77E-155C987B9CBD}" = lport=5432 | protocol=6 | dir=in | name=postgres | "{A2A6758F-5380-4F1C-9C21-1F1C45BCAC14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2450BAD-A934-4929-B435-BFA20FC7F893}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C82A1763-E79D-4C2A-B1D2-EE7993B486B4}" = lport=138 | protocol=17 | dir=in | app=system | "{CBD351DF-A17A-4DA1-B0BD-0ED4A69C675C}" = rport=139 | protocol=6 | dir=out | app=system | "{D3E8EF23-4020-4C2F-A414-CFDF5938A3F2}" = lport=139 | protocol=6 | dir=in | app=system | "{D73D5157-FEE1-4319-A39F-FAEF3E5FAE74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4767F9A-2FC3-40E2-ABCD-3E545654F873}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F59BD7AB-66AF-4052-A675-76AAE9AA558F}" = rport=10243 | protocol=6 | dir=out | app=system | "{FCE30929-EBCD-4D7E-BC60-128E74D07EC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10CADB4F-4A50-484B-A9DD-38C2332660F7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{11E3E05F-4F82-4348-9F6A-2C175220BD33}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{15626388-78EA-4521-90F2-42660712D286}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{16373464-8A5E-4232-B085-A0142115F2F8}" = protocol=6 | dir=in | app=d:\gamez\footballmanager2011\fm.exe | "{175664DD-EC0E-40D7-93B7-A9169581966C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{191D53E0-AC84-4B6D-94C1-C7E254409C83}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1B2552B0-CA13-4D48-813F-6A930F3C3C83}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{1DFBAE8F-1E8E-41BC-99D1-7A75A8686BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{1E31DF31-CF13-4BF8-ACB2-27ED45AB4F21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{27E5E5AA-474D-4055-A2A7-B3877712B74C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2BE3922E-829B-4F44-87B7-CFE539A0481E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CA70173-C0C6-4F6A-BC3E-7D10F331F52B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3A36EA70-D24E-4269-9E52-C3B38E5727A7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{3AA863DC-2FC5-40CC-9A34-4DD3A41C5836}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3CA88A34-5E33-4036-BF8F-EFB14F31DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{3CB7B563-9351-48E2-B8B6-D014507A73D7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{4A047031-F494-4F46-85F7-CC155D9651EF}" = protocol=6 | dir=in | app=d:\far cry 2\bin\farcry2.exe | "{54AC1FB0-FDEB-4833-8184-2AB11142F8D3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5D0197DA-17DD-41FB-B511-70C712C40043}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5EBA0984-460C-442A-992F-4D13553F4532}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{690A2B78-0434-4324-833A-A9CFA8A200AA}" = protocol=17 | dir=in | app=d:\far cry 2\bin\fc2editor.exe | "{6D52A170-F472-4676-A640-BC3B75469424}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{703BF62B-BEDC-4DCE-8DA0-E7351FDAEEC7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{73EF4E89-AE52-4DD8-80DC-BF145FE75B91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{75F0C17D-A25D-44B5-B5E2-9A19100F9A90}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{7ACA3292-C132-484E-B7DA-D4187627ABEB}" = protocol=6 | dir=out | app=system | "{7B215B2A-ED44-4EE3-AC72-49CF0D4F5147}" = protocol=6 | dir=in | app=i:\rise of legends\legends.exe | "{7BA25DEB-DE05-46FF-A493-6A2AC574C57E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{7EFC331E-DE4A-46C1-816B-3705ED06C384}" = protocol=17 | dir=in | app=d:\far cry 2\bin\farcry2.exe | "{832AD99A-FAEE-4789-9276-ACC5850D4DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{88B3E604-B4E0-4B58-8CD8-355DB5B97F01}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8E3371E0-ABAE-4D9C-B741-71C1DE410071}" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | "{90544DAB-BBF8-44E1-B546-697239EB9CD5}" = protocol=6 | dir=in | app=d:\far cry 2\bin\fc2editor.exe | "{9073E1A6-98C9-4644-9D78-166A98639962}" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\sacred2.exe | "{91F9EF70-5B05-4464-9625-037595A2B6EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{98CF4F6D-F31F-4AD2-9D8E-283D510EE0C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C3525C8-F6E3-405A-9143-A9D6BC56DDC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{9E90772A-A8D3-46A0-842C-5457A7E4F02B}" = protocol=17 | dir=in | app=d:\far cry 2\bin\fc2launcher.exe | "{A15F39BF-B2F9-469F-81BC-28F11340DF47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A22FD5E1-22AF-4E11-8E2B-99CE7D3C20AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A751DE87-9B5D-4952-9BA0-75EB5D5CE169}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{AAB49F13-0C72-458F-8446-7698A1ADF6E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{B1CFE572-456D-4C5E-9FD5-BE29BCE206E4}" = protocol=17 | dir=in | app=i:\rise of legends\legends.exe | "{B53652BE-9199-436F-84B4-BB5D299FFC27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B621F2CD-13F0-4973-A4D9-25792953FD69}" = dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | "{B8DC2F54-1FF1-4813-9F97-62638F82D503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BF4A6A82-6871-4DB8-AB98-AF784A356E0D}" = protocol=17 | dir=in | app=d:\gamez\footballmanager2011\fm.exe | "{C10EF3D2-868E-4CE9-9CF4-C55436CB14F9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C5D56D49-72D2-4718-B32C-FD077BBBD5DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C5DEC575-1909-4BC2-BBEB-2517748AD520}" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | "{C78942E5-5425-40F0-A6DC-3E04A8E6B226}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB2AB5F6-C4C8-432F-B2F4-F1F34A579D85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CDA28068-1EB6-49E1-909C-7DBEABE2AB51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{CF486823-A38D-412A-A199-87857A5E3AB0}" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\sacred2.exe | "{D2433CC3-03E6-4541-952C-36CF01F9D7B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DC69BDAB-B2C7-4B45-96AD-7DE3C8B93363}" = protocol=6 | dir=in | app=d:\far cry 2\bin\fc2launcher.exe | "{E1B8564E-9157-4BCD-8724-F9E4A6148358}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E559C483-3BF9-441E-AD86-3DDD3DC817F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E670412B-F955-49D6-A6EB-C4194207C307}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E9F5C3BA-5D6E-4FCB-A556-80BC7818808B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{EE85C820-387F-4535-9EFE-9A400C4E255A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F410C6A5-7C5A-47C1-AA49-E516D6803A7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{0ED0B015-CA6D-42F1-B503-CD97D2EA225E}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "TCP Query User{342A2284-CD6E-4563-9666-29CCA8862DDC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{37D9626B-D897-43B1-8B8C-1E5DEA19B123}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | "TCP Query User{49A7B88D-5315-4E98-9C0C-CD2BFAFAFAC1}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | "TCP Query User{53CDC54D-FF8A-4D40-9D7E-AE71075185BD}F:\aoe\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=f:\aoe\age2_x1\age2_x1.icd | "TCP Query User{6274DC4C-722B-4AD4-B210-7E587C4733E8}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "TCP Query User{6ECC2E94-3CDE-4342-8185-16BDC33AE69E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{6EEEE802-19B7-46DA-9B66-4ED2823867D8}F:\rise of legends\legends.exe" = protocol=6 | dir=in | app=f:\rise of legends\legends.exe | "TCP Query User{7B2825E2-6654-41D5-B306-22C6CF81746E}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{806DD8CD-6DE2-4D75-8A09-1AB0F5EAF9C5}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | "TCP Query User{821D9DE3-F790-4070-B1A9-C38571D4DE8B}I:\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=i:\cnc4\data\cnc4.game | "TCP Query User{86CFBF6B-CF43-4AF4-B5B7-9801946D0A6C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{895C9D58-8FF3-4DC1-997D-56FA8B8D3D47}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "TCP Query User{BBC91AD9-DFA0-4AFF-8A07-AEC80832049F}C:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe | "TCP Query User{C24D9E50-7373-4B32-B31E-051918B9C789}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{C412018D-AB8D-47D7-B01E-687B52429765}D:\gamez\rise of legends\legends.exe" = protocol=6 | dir=in | app=d:\gamez\rise of legends\legends.exe | "TCP Query User{C41C626E-2063-43AE-949E-CF11A40607B0}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{DB1D918F-8DE9-450B-AD2B-3FE83EE5A65B}F:\company of heroes an charly4\reliccoh.exe" = protocol=6 | dir=in | app=f:\company of heroes an charly4\reliccoh.exe | "TCP Query User{DC1C0A9B-930F-4ED3-9E12-43C08D766577}D:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | "TCP Query User{E5A48377-6DCF-42CB-9AD0-F381FBDD9E3C}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | "TCP Query User{FAE72955-2060-468B-BCC0-AD5A76759043}C:\users\sebastian\appdata\roaming\ruyb\yzqa.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\ruyb\yzqa.exe | "UDP Query User{16D5ECD5-F267-42AB-A6DB-9DBE5BDDD35C}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{21C060CB-CDD7-4470-AA06-9622519C29E7}C:\users\sebastian\appdata\roaming\ruyb\yzqa.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\ruyb\yzqa.exe | "UDP Query User{271CCF65-4FCB-4A01-9F3C-7FFE28AF660D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{33CA5BA7-6A61-43B0-BF56-A71F51426FB9}F:\rise of legends\legends.exe" = protocol=17 | dir=in | app=f:\rise of legends\legends.exe | "UDP Query User{3FBD9BD1-1CD3-4877-A02C-C912EA587980}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{3FD18799-81E9-4ABB-869B-B8769A566B27}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | "UDP Query User{42E52042-0E97-40E7-8438-F6ADCE69B737}D:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | "UDP Query User{51F590FC-0C85-4AB9-A0A5-872EBA85CAB4}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{62E57CED-5524-439E-A6DC-5B90593D49A2}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | "UDP Query User{8956AE3B-6EEE-40DB-8F4C-E47A9CCF4C8A}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | "UDP Query User{899EC774-7DA5-4055-9884-A4A9E9099846}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "UDP Query User{8F0A4BC2-294C-4BB6-BEC3-A15F2937B2A3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{ABC7897F-BC13-447A-B427-8CDBD7C1F9A8}C:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe | "UDP Query User{B3238CDE-AD99-4319-9061-43091A103C65}F:\aoe\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=f:\aoe\age2_x1\age2_x1.icd | "UDP Query User{B3259157-B391-4F0E-9E25-DF7E7E54BE74}D:\gamez\rise of legends\legends.exe" = protocol=17 | dir=in | app=d:\gamez\rise of legends\legends.exe | "UDP Query User{B4FAF1FF-8E5D-43E7-9EC4-FE895752439B}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | "UDP Query User{C289FF7E-E3DF-478D-B161-A4D10E3E59C7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{D0ACE35B-98F4-4BFB-9F26-927D40E71BC7}I:\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=i:\cnc4\data\cnc4.game | "UDP Query User{E8028FF4-4B87-478D-BC67-DFA4E6489D4E}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "UDP Query User{F253A21E-9CBA-4FC5-8A57-F568C5610DA4}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{F2EE0A2C-20E2-4625-81AE-970E4468FE11}F:\company of heroes an charly4\reliccoh.exe" = protocol=17 | dir=in | app=f:\company of heroes an charly4\reliccoh.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL "HoldemManager" = Holdem Manager "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English "{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25 "{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish "{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7 "{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista "{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian "{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish "{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai "{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static "{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira Free Antivirus "Bookworm Deluxe" = Bookworm Deluxe "Cooking Dash" = Cooking Dash "DC++" = DC++ 0.781 "DivX Setup" = DivX-Setup "Football Manager 2011" = Football Manager 2011 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "Google Chrome" = Google Chrome "Governor of Poker" = Governor of Poker "HoldemManager" = Holdem Manager "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "Jewel Quest 3" = Jewel Quest 3 "Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Luxor 3" = Luxor 3 "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Opera 12.00.1467" = Opera 12.00 "Plants vs Zombies" = Plants vs Zombies "Poker Heaven" = Poker Heaven "PokerStars" = PokerStars "PostgreSQL 8.4" = PostgreSQL 8.4 "PunkBusterSvc" = PunkBuster Services "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "Trillian" = Trillian "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.9 "vShare" = vShare Plugin "Winamp" = Winamp "WinDjView" = WinDjView 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "wmlite2_is1" = Windows Media Lite 2.3.0 "World of Goo" = World of Goo ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks Setup Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.08.2012 06:03:59 | Computer Name = sebastian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542 Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 07.08.2012 06:04:08 | Computer Name = sebastian-PC | Source = ESENT | ID = 215 Description = WinMail (6496) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 07.08.2012 06:04:12 | Computer Name = sebastian-PC | Source = ESENT | ID = 215 Description = WinMail (4712) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 07.08.2012 06:09:32 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 07.08.2012 06:09:39 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0 Description = 2012-08-07 12:09:38 CESTFATAL: the database system is starting up Error - 07.08.2012 06:09:40 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0 Description = 2012-08-07 12:09:40 CESTFATAL: the database system is starting up Error - 07.08.2012 06:20:52 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 07.08.2012 06:20:53 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0 Description = 2012-08-07 12:20:53 CESTFATAL: the database system is starting up Error - 07.08.2012 06:39:23 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 07.08.2012 08:07:30 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0 Description = 2012-08-07 14:07:30 CESTFATAL: the database system is starting up [ System Events ] Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Peernetzwerkidentitäts-Manager erreicht. Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 03.08.2012 16:42:33 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 05.08.2012 05:01:39 | Computer Name = sebastian-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 07.08.2012 06:09:32 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 07.08.2012 06:20:52 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 07.08.2012 06:39:23 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. < End of report > |
13.08.2012, 18:04 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? |
administrator, anti-malware, appdata, autostart, bildschirm, bingbar, browser, computer, dateien, explorer, forum, gelöscht, gesperrt, helper, infizierte, install.exe, malware, malwarebytes, microsoft, microsoft office starter 2010, nicht sicher, plug-in, problem, seite, seiten, software, surfen, systemwiederherstellung, temp, trojan.agent, wrapper, zahlung |