| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8 Genuine License Malware (auf Windows Vista)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.08.2012, 14:55
| #1 |
| |  Windows 8 Genuine License Malware (auf Windows Vista) Hallo Trojaner-Board Ich habe so ein ähnliches Problem wie schon in den Threads http://www.trojaner-board.de/122277-...ten-modus.html und http://www.trojaner-board.de/122291-...are-ukash.html Mein PC infizierte sich durch einen Link im Internet Explorer. Infektionszeitpunkt war am 17.08.2012 um 11.30h. Allerdings unterscheidet sich das Problem bei mir in geringem Maße. Ich verwende das Betriebssystem Windows Vista, und kann so im Abgesicherten Modus auf meinen PC ohne einschränkung zugreifen. Eine Bereinigung durch Anti-Malware von Malwarebytes hat mir zwar 61 Probleme beseitigt, allerdings nicht dieses UKASH popup. Die Dateien, welche für diesen Pop Up verantworlich sind, konnte ich unter C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk und C:\Users\Mathias\AppData\Roaming1.exe lokalisieren, da sie genau zur Infektionszeit erstellt wurden. Windows Defender zeigt mir auch C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk als Datei an, welche zum Infektionszeitpunkt meinen PC angegriffen hat. Ein erster Scan mit der OTL-Boot Disk ist fehlgeschlagen, allerdings konnte ich im abgesicherten Modus mein System scannen. Anbei das Log: Code:
ATTFilter SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2009.07.17 17:50:30 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 71 8B 0E 15 07 CA 01 [binary data]
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Program Files (x86)\Logia\eSnipsDownloader\ext [2010.06.03 17:50:08 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [Steam] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [uTorrent] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Mathias\AppData\Roaming1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell\AutoRun\command - "" = K:\FalloutLauncher.exe
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.08.17 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.08.17 11:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012.08.17 10:48:55 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012.07.22 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:44:53 | 000,000,000 | ---D | C] -- C:\Bluenoise Plugins
[2012.07.22 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files - Modified Within 30 Days ==========
[2012.08.17 16:11:31 | 000,000,732 | ---- | M] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2012.08.17 16:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 13:54:03 | 000,000,626 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 13:52:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 11:55:54 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:55:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.17 11:30:39 | 000,390,931 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2012.08.17 11:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 19:45:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files Created - No Company Name ==========
[2012.08.17 11:55:54 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:30:45 | 000,000,626 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 11:30:40 | 000,390,931 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2011.11.08 00:32:02 | 000,004,096 | -H-- | C] () -- C:\Users\Mathias\AppData\Local\keyfile3.drm
[2011.05.29 14:45:04 | 000,000,612 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysWow64\ceme10.dll
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\ceme10.dat
[2011.04.23 12:49:14 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.13 17:25:00 | 000,000,085 | ---- | C] () -- C:\Windows\WIWDI.ini
[2010.07.30 11:18:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.07.30 11:17:07 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.07.30 11:17:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.06.12 15:58:27 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010.05.07 13:07:01 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn9642.exe
[2009.08.22 15:36:05 | 000,008,296 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat
[2009.08.13 23:03:24 | 000,000,136 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\default.pls
[2009.07.25 01:05:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.24 21:50:06 | 000,065,536 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.24 17:54:46 | 000,000,521 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.07.20 22:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.20 22:10:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.20 22:10:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.20 22:10:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.20 21:19:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.20 19:59:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.17 17:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.17 17:46:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.07.17 17:44:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.17 17:41:19 | 000,000,732 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ableton
[2010.05.09 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Antares
[2012.03.11 10:50:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Babylon
[2010.01.29 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canon
[2011.12.18 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ChessBase
[2010.08.28 13:56:24 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cycling '74
[2010.08.13 23:28:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.06.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoft
[2011.04.12 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.07 22:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\fltk.org
[2011.04.09 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ICQ
[2012.02.01 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Image-Line
[2010.06.03 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Logia
[2012.05.31 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\MusE
[2011.12.19 18:02:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PACE Anti-Piracy
[2010.08.11 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhotoScape
[2010.05.15 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Propellerhead Software
[2010.10.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise
[2010.10.02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise ReWire Engine
[2010.11.19 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ROUTE 66 Sync
[2011.06.30 13:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SIR
[2012.04.08 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Suig
[2010.01.09 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Teleca
[2011.12.25 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\uTorrent
[2010.07.30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Waldorf
[2012.05.11 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Wybez
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.08.18 15:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Audio Damage
[2009.07.25 12:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2012.03.10 23:40:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010.01.16 12:33:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010.02.20 21:01:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010.01.16 12:50:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011.12.18 22:58:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ChessBase
[2010.08.13 23:21:45 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.07.30 11:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2010.04.04 17:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.05.04 18:20:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi-Rez Studios
[2010.10.24 16:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\iZotope
[2009.08.16 16:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2009.08.16 15:53:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010.05.15 16:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2011.06.30 13:06:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SIR
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.30 11:18:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2010.01.09 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.08.17 13:50:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Test Drive Unlimited
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.05.04 23:35:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}
[2012.08.17 13:55:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Kufiya |
|
17.08.2012, 15:01
| #2 |
| /// Malware-holic   | Windows 8 Genuine License Malware (auf Windows Vista) hi das log ist nicht vollständig
__________________bitte erneut posten außerdem, hast du den link noch, dann hätte ich ihn gern als private nachicht
__________________ |
|
17.08.2012, 15:09
| #3 |
| | Windows 8 Genuine License Malware (auf Windows Vista) Hier der nächste Versuch mit dem Log:
__________________Code:
ATTFilter OTL logfile created on: 17.08.2012 17:03:43 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\PROGRAMS\OTLPE
64bit-Windows (TM) Vista Home Premium (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,61 Gb Free Space | 17,44% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 59,51 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AMD-PC | User Name: Mathias
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012.08.15 19:06:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2009.07.17 17:50:30 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 71 8B 0E 15 07 CA 01 [binary data]
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Program Files (x86)\Logia\eSnipsDownloader\ext [2010.06.03 17:50:08 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [Steam] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [uTorrent] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Mathias\AppData\Roaming1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell\AutoRun\command - "" = K:\FalloutLauncher.exe
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.08.17 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.08.17 11:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012.08.17 10:48:55 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012.07.22 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:44:53 | 000,000,000 | ---D | C] -- C:\Bluenoise Plugins
[2012.07.22 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files - Modified Within 30 Days ==========
[2012.08.17 16:11:31 | 000,000,732 | ---- | M] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2012.08.17 16:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 13:54:03 | 000,000,626 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 13:52:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 11:55:54 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:55:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.17 11:30:39 | 000,390,931 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2012.08.17 11:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 19:45:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files Created - No Company Name ==========
[2012.08.17 11:55:54 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:30:45 | 000,000,626 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 11:30:40 | 000,390,931 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2011.11.08 00:32:02 | 000,004,096 | -H-- | C] () -- C:\Users\Mathias\AppData\Local\keyfile3.drm
[2011.05.29 14:45:04 | 000,000,612 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysWow64\ceme10.dll
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\ceme10.dat
[2011.04.23 12:49:14 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.13 17:25:00 | 000,000,085 | ---- | C] () -- C:\Windows\WIWDI.ini
[2010.07.30 11:18:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.07.30 11:17:07 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.07.30 11:17:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.06.12 15:58:27 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010.05.07 13:07:01 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn9642.exe
[2009.08.22 15:36:05 | 000,008,296 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat
[2009.08.13 23:03:24 | 000,000,136 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\default.pls
[2009.07.25 01:05:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.24 21:50:06 | 000,065,536 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.24 17:54:46 | 000,000,521 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.07.20 22:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.20 22:10:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.20 22:10:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.20 22:10:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.20 21:19:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.20 19:59:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.17 17:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.17 17:46:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.07.17 17:44:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.17 17:41:19 | 000,000,732 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ableton
[2010.05.09 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Antares
[2012.03.11 10:50:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Babylon
[2010.01.29 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canon
[2011.12.18 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ChessBase
[2010.08.28 13:56:24 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cycling '74
[2010.08.13 23:28:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.06.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoft
[2011.04.12 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.07 22:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\fltk.org
[2011.04.09 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ICQ
[2012.02.01 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Image-Line
[2010.06.03 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Logia
[2012.05.31 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\MusE
[2011.12.19 18:02:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PACE Anti-Piracy
[2010.08.11 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhotoScape
[2010.05.15 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Propellerhead Software
[2010.10.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise
[2010.10.02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise ReWire Engine
[2010.11.19 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ROUTE 66 Sync
[2011.06.30 13:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SIR
[2012.04.08 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Suig
[2010.01.09 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Teleca
[2011.12.25 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\uTorrent
[2010.07.30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Waldorf
[2012.05.11 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Wybez
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.08.18 15:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Audio Damage
[2009.07.25 12:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2012.03.10 23:40:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010.01.16 12:33:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010.02.20 21:01:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010.01.16 12:50:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011.12.18 22:58:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ChessBase
[2010.08.13 23:21:45 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.07.30 11:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2010.04.04 17:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.05.04 18:20:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi-Rez Studios
[2010.10.24 16:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\iZotope
[2009.08.16 16:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2009.08.16 15:53:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010.05.15 16:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2011.06.30 13:06:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SIR
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.30 11:18:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2010.01.09 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.08.17 13:50:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Test Drive Unlimited
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.05.04 23:35:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}
[2012.08.17 13:55:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
EDIT: habe nun auch noch mal mit der "extra registry" gescannt: Code:
ATTFilter OTL logfile created on: 17.08.2012 17:11:24 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\PROGRAMS\OTLPE
64bit-Windows (TM) Vista Home Premium (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,61 Gb Free Space | 17,44% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 59,51 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AMD-PC | User Name: Mathias
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012.08.15 19:06:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2009.07.17 17:50:30 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 71 8B 0E 15 07 CA 01 [binary data]
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Program Files (x86)\Logia\eSnipsDownloader\ext [2010.06.03 17:50:08 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [Steam] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [uTorrent] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Mathias\AppData\Roaming1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell\AutoRun\command - "" = K:\FalloutLauncher.exe
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.08.17 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.08.17 11:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012.08.17 10:48:55 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012.07.22 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:44:53 | 000,000,000 | ---D | C] -- C:\Bluenoise Plugins
[2012.07.22 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files - Modified Within 30 Days ==========
[2012.08.17 16:11:31 | 000,000,732 | ---- | M] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2012.08.17 16:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 13:54:03 | 000,000,626 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 13:52:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 11:55:54 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:55:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.17 11:30:39 | 000,390,931 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2012.08.17 11:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 19:45:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files Created - No Company Name ==========
[2012.08.17 11:55:54 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:30:45 | 000,000,626 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.08.17 11:30:40 | 000,390,931 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming1.exe
[2011.11.08 00:32:02 | 000,004,096 | -H-- | C] () -- C:\Users\Mathias\AppData\Local\keyfile3.drm
[2011.05.29 14:45:04 | 000,000,612 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysWow64\ceme10.dll
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\ceme10.dat
[2011.04.23 12:49:14 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.13 17:25:00 | 000,000,085 | ---- | C] () -- C:\Windows\WIWDI.ini
[2010.07.30 11:18:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.07.30 11:17:07 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.07.30 11:17:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.06.12 15:58:27 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010.05.07 13:07:01 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn9642.exe
[2009.08.22 15:36:05 | 000,008,296 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat
[2009.08.13 23:03:24 | 000,000,136 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\default.pls
[2009.07.25 01:05:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.24 21:50:06 | 000,065,536 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.24 17:54:46 | 000,000,521 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.07.20 22:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.20 22:10:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.20 22:10:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.20 22:10:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.20 21:19:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.20 19:59:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.17 17:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.17 17:46:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.07.17 17:44:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.17 17:41:19 | 000,000,732 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ableton
[2010.05.09 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Antares
[2012.03.11 10:50:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Babylon
[2010.01.29 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canon
[2011.12.18 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ChessBase
[2010.08.28 13:56:24 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cycling '74
[2010.08.13 23:28:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.06.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoft
[2011.04.12 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.07 22:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\fltk.org
[2011.04.09 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ICQ
[2012.02.01 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Image-Line
[2010.06.03 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Logia
[2012.05.31 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\MusE
[2011.12.19 18:02:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PACE Anti-Piracy
[2010.08.11 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhotoScape
[2010.05.15 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Propellerhead Software
[2010.10.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise
[2010.10.02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise ReWire Engine
[2010.11.19 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ROUTE 66 Sync
[2011.06.30 13:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SIR
[2012.04.08 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Suig
[2010.01.09 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Teleca
[2011.12.25 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\uTorrent
[2010.07.30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Waldorf
[2012.05.11 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Wybez
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.08.18 15:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Audio Damage
[2009.07.25 12:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2012.03.10 23:40:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010.01.16 12:33:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010.02.20 21:01:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010.01.16 12:50:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011.12.18 22:58:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ChessBase
[2010.08.13 23:21:45 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.07.30 11:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2010.04.04 17:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.05.04 18:20:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi-Rez Studios
[2010.10.24 16:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\iZotope
[2009.08.16 16:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2009.08.16 15:53:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010.05.15 16:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2011.06.30 13:06:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SIR
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.30 11:18:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2010.01.09 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.08.17 13:50:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Test Drive Unlimited
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.05.04 23:35:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}
[2012.08.17 13:55:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 17.08.2012 17:11:24 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\PROGRAMS\OTLPE
64bit-Windows (TM) Vista Home Premium (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,61 Gb Free Space | 17,44% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 59,51 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AMD-PC | User Name: Mathias
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\System32\regedit.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 97 E6 9F 52 7C 09 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10CF9AA2-DFDB-4CD9-87D9-AD7F7DC1975D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C18DAF7-36B6-4001-A0B3-19511DD2D013}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C942780-2DC4-4CB4-A53E-91B4CF7172EB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40DCBB6E-E4A5-46BF-845F-F6E0F9FA5606}" = lport=138 | protocol=17 | dir=in | app=system |
"{41064DF4-4311-4FAF-86DC-E19E3EBEA83E}" = lport=445 | protocol=6 | dir=in | app=system |
"{59B6FD4A-BDAF-4A5D-9889-FFEA5CEDC0F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{66E18BD5-1B0F-4BA9-A346-85AABF9A9B19}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C7AF1DA-1E2B-4991-A447-AA65BF99016A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"{9DA9DF36-053F-4C88-82A6-3027C482632A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7E71896-359F-43B6-BF59-C396B9B4ECD8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B47E5EFA-F6C0-43DB-8332-CB90C126ADCE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9D0F46B-D697-4889-8E80-4A55FC255E57}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0B7B730-024E-4BCD-A0B4-C023F38E4607}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FEA646F1-3314-4C77-AA21-E2CD002BBB9F}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0227D6BC-FFCE-48F7-9DCC-BA98DA010758}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0304DFAB-4619-42D4-9234-19D0036597C9}" = protocol=6 | dir=in | app=c:\temp\sony ericsson\update service\update service.exe |
"{1E24CB6C-62E4-431B-80BE-5E3AF9BD7664}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1FE20D31-6760-4DAA-A1A9-DD97731A0D1C}" = protocol=17 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{299B6E1C-35DB-4356-97A4-66141BBFF295}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4178FDC2-3458-4C6A-B129-B568A5C55F6A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbacoms.exe |
"{448504F5-6B22-4ED6-9E76-C2A89BCF7647}" = protocol=17 | dir=in | app=d:\mw\iw3mp.exe |
"{5644660D-1D1F-4694-B3AC-950BD5E07EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5BAAD611-29F1-41E6-986E-9CB349BECB5E}" = protocol=6 | dir=in | app=d:\mw\iw3mp.exe |
"{5CEB5B43-1126-4A8B-B5AB-B649612367CC}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{6C2047E4-E5E0-42D2-A85E-CAC77CA56454}" = protocol=17 | dir=in | app=c:\windows\system32\lxbacoms.exe |
"{700300B2-7ADF-4A30-AD8D-4A1C2832E723}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{754004E2-56BD-4879-8B83-01E0048A747C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbapswx.exe |
"{9CE7D8B2-9205-4BB8-BCC1-7F10A5B23EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D451E3A-23A5-4230-BE31-39ADFCCE57A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD43A014-E138-4F7B-807E-5195D41D04A5}" = protocol=17 | dir=in | app=c:\temp\sony ericsson\update service\update service.exe |
"{B6418423-95B4-410C-9617-198CC49EC7B6}" = protocol=6 | dir=in | app=c:\windows\system32\lxbacoms.exe |
"{B89F44C7-F9A4-433D-9B5D-0CAA84BDA6D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C342D46A-9296-4F7B-A69A-EDD8DA2A351C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbapswx.exe |
"{CD468F47-2443-4C2C-B855-F0C51B5F4D21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE042AA5-F03E-4A35-AED0-20337F76BB69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D5B24F85-A286-497A-BBA0-FA1059921AA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0FB7F63-4F75-4D5D-829F-E68E9609906A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ECD5A518-0428-4C6A-814D-AF2988ADB419}" = protocol=6 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{F31225B0-47BD-4763-A547-C7D44EB5650A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F59BA8E8-560F-4254-98DA-E221F004E2BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbacoms.exe |
"{FB769059-614C-4757-9DCF-6A1034D85F17}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{FDB05A21-8B1B-428A-9F77-9A2225CE044B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{11B3D110-5C6E-4C8C-ADA3-802B3433DA65}C:\games\game alarm\gamealarm.exe" = protocol=6 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"TCP Query User{2CB20967-7280-4645-AB96-C63E89DA35D3}C:\program files (x86)\steam\steamapps\common\portal2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal2\portal2.exe |
"TCP Query User{3C38D422-47A8-436D-A0C0-0119CE0A0ABD}D:\mw\iw3mp.exe" = protocol=6 | dir=in | app=d:\mw\iw3mp.exe |
"TCP Query User{48DC23B1-7031-4E80-8AF4-E3BE0753E297}C:\program files (x86)\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qtracker\qtracker.exe |
"TCP Query User{494FFAF8-D847-4D42-8232-C9D99B02FF9E}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"TCP Query User{5A3548F5-9B9C-4FCE-9D27-0664881BDBAA}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"TCP Query User{684F61B9-1991-4E13-8E1C-2AC353997F6E}C:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe |
"TCP Query User{6D838B8A-2F91-4898-94F1-BF176D8D526A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{79EF9D23-684B-40D9-8180-5DA2C169F6E8}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{8859CC3F-CDF1-486B-968C-3AAF12C16D9E}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"TCP Query User{9DCD32C9-F441-4A9A-B361-BFED90B4BF13}D:\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{B15B367E-F57C-43B6-A970-B8C5D4392FE6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{BB62A56D-4C4B-4074-8DAE-666D91946BE8}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"TCP Query User{BB77415E-DD77-42B4-BFD3-8A2859BF2E4C}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{BBAE289D-F0A7-48C3-BAF2-0214DFFABFAA}D:\spiele\gp4.exe" = protocol=6 | dir=in | app=d:\spiele\gp4.exe |
"TCP Query User{C67D0C7F-3439-4ECD-A851-457521D28D24}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{CC98037F-A293-4673-BC3C-767354623011}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"TCP Query User{D0E3C8B3-C2E6-4814-8FD9-EB8B9DBF9E38}C:\games\gp4.exe" = protocol=6 | dir=in | app=c:\games\gp4.exe |
"TCP Query User{DC20CF20-ADAF-40D4-8286-12253FB3D9CB}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"TCP Query User{DE26859C-39C4-43FD-9AA4-87750DECE4F3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E3EAC250-F87E-4305-8161-80B2542377DA}C:\program files (x86)\portal2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portal2\portal2.exe |
"TCP Query User{E42C7818-E961-4E2D-A41C-F0D95AB3B8E8}D:\spiele\ut\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\ut\iourbanterror.exe |
"TCP Query User{FCF6FD81-81BA-4B64-B525-298846385477}D:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{FE71E749-9CC2-4588-9A7A-84D00FF7C124}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{03DD0C73-F346-45F2-AF74-B54B4DC875CF}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{05309CF4-20A3-4DAC-97A3-44D562C252FD}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"UDP Query User{08122AD4-44D9-48BF-B185-D19DF5897BC0}C:\program files (x86)\steam\steamapps\common\portal2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal2\portal2.exe |
"UDP Query User{1208467A-6552-4754-9A52-FE20B2423413}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"UDP Query User{131C33A8-8172-406B-92D8-3F678BC3A58D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{1A89A601-BAC1-4110-A43E-2EFF3BC24C1D}D:\spiele\ut\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\ut\iourbanterror.exe |
"UDP Query User{25B77638-6D61-4036-B82A-24B9FE3F0EAA}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"UDP Query User{2EE9D2B0-2947-432D-8CD7-6A5F5A0179E5}C:\program files (x86)\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qtracker\qtracker.exe |
"UDP Query User{4B89860A-F1BC-49C0-AC0D-D050E3B1A5C3}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{6CCB5215-E5DB-4A3D-A98E-2C8BCAF6BE41}C:\games\gp4.exe" = protocol=17 | dir=in | app=c:\games\gp4.exe |
"UDP Query User{72A24CD4-D0FF-417A-8059-D98CDC78C2B8}D:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{78E3C501-1995-402A-8702-95A091F22873}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{7D23ED28-6C40-4308-AFE7-2DBB434A5842}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8ED53741-E502-4296-B07C-4D88D77A9DB5}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{9665E57E-92AF-4EDB-953B-C2B3880977EA}D:\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{9A99E5B3-B1B4-4ECF-B811-52F348B3FDCC}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{A9C458FC-279A-44DF-9465-CAEB2FC1EE7B}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"UDP Query User{BEF4FEE7-AE1F-4989-9C75-A5817407A560}C:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe |
"UDP Query User{C11EE43E-B067-48F7-B013-0C83ED91367E}C:\games\game alarm\gamealarm.exe" = protocol=17 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"UDP Query User{C88F9052-A90F-40C8-970C-1C38A0A93788}D:\spiele\gp4.exe" = protocol=17 | dir=in | app=d:\spiele\gp4.exe |
"UDP Query User{CD8CE67D-FDBD-4F82-B535-79299FE0538C}D:\mw\iw3mp.exe" = protocol=17 | dir=in | app=d:\mw\iw3mp.exe |
"UDP Query User{D671392A-F322-4F60-8A69-08AFC467E8D4}C:\program files (x86)\portal2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portal2\portal2.exe |
"UDP Query User{E14DD1D5-B2BA-4D1B-8642-91755F864903}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E810587B-890A-46D5-8C33-5F84612C4B26}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{356F16E7-79B0-42EF-8660-BCC039541B53}" = PC Suite for Sony Ericsson x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B092A14A-5E1D-4D4B-9177-EED2FA7D3AB7}" = Max 5.1.5
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BDDEDDFC-5DB7-B4BF-514F-8C356E272A04}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0474F84B-5794-7F0C-BF42-6339DF15BB61}" = Catalyst Control Center Localization Italian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{122BD8FF-8860-600E-8FFE-67D7E69D2B65}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197D8FB0-C545-0D39-7295-10754028E78F}" = Catalyst Control Center Localization Greek
"{19C8E536-ED12-D157-953E-63AAB2AF1615}" = CCC Help English
"{1B43FF53-4077-56FE-D8A1-D219EFD815DB}" = Catalyst Control Center Localization Czech
"{1C768768-EE6F-FCD1-4515-C9FE1C793C42}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FBA3A-724B-89DA-66F6-A219DDFF234E}" = CCC Help Greek
"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"{2123E0DD-40DB-C79A-ABB7-8C0988E98127}" = Catalyst Control Center Localization Hungarian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405E2F7-3067-CE21-F483-E68C93D7E83F}" = Catalyst Control Center Localization Dutch
"{243383F6-9BA8-F2A4-EAB2-42E8BFBB1D0F}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{326EAFBB-DA2E-878D-9BC3-80D1A5F593A4}" = CCC Help Finnish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3959EC88-08D9-ACC9-AD5D-505AEFBEB58A}" = CCC Help Japanese
"{3BEADB01-41A1-E37C-518A-A1BD67A295BB}" = Catalyst Control Center Localization Russian
"{3CABAFD3-C938-B936-7DE7-A3EE724B7A83}" = Catalyst Control Center Localization Danish
"{3D4B6E71-61CA-60CD-0550-C3D39B578EAD}" = CCC Help Turkish
"{3F80F4D5-B763-0108-C405-955B724F53BF}" = CCC Help Polish
"{411CC2A1-D590-0837-7C48-699417AEC3F5}" = Catalyst Control Center Localization Thai
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4709D797-0FDF-5E24-20FB-5EFBA9458499}" = Catalyst Control Center Localization Norwegian
"{47793F43-C76B-41F8-BF0B-6D75F281C322}" = MelodyneUno 1.0
"{480DC5DA-7A2B-041A-E401-8934FC72FA6D}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1" = Call of Duty Modern Warfare 3 version 1.0
"{50BFBB79-B3B9-A44D-FD9A-3D7E38715360}" = CCC Help French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DCEDE0-E40C-A66D-725B-4B9A59BCF869}" = Catalyst Control Center Graphics Full Existing
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F9C8E9-A9B8-4E19-9AC2-F21EC5094B84}" = Thrustmaster FFB Wheel driver
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{6555955E-F68D-843E-529C-3043EFD4BD23}" = Catalyst Control Center Localization Portuguese
"{66FE0B51-C206-F54F-9BDE-8E9AA0AC5BE4}" = ccc-core-static
"{6A5B3801-F1BE-55A5-EAAF-36B02FA2549D}" = CCC Help Chinese Standard
"{70C04776-40D7-DA6B-2BDF-AFCCD9FFCAD2}" = Catalyst Control Center Localization Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7564F729-12A0-CB02-EC8B-24638877CCF9}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D7BC8F-D624-E0FD-F440-3A5145A6869F}" = Catalyst Control Center Localization Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B44891F-C070-03FD-CD9A-FD08373AA9C2}" = Skins
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8F077748-4D3F-460C-46C2-644A0D20F7A8}" = CCC Help German
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93D78B68-E7EA-E8BE-5CD3-A53FA22B5B26}" = Catalyst Control Center Localization Turkish
"{93E91A8B-8F9C-1641-8262-3D3DEF955658}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B86F698-DDC7-D592-F40C-0790AA3D6EBF}" = CCC Help Thai
"{9BB5B624-8471-256B-55FC-FA126B2A1720}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06FBE3B-89C5-72EF-E383-FFCCF9CBEAC5}" = CCC Help Italian
"{A1CBE78F-8847-00F0-455F-46A53C733031}" = CCC Help Hungarian
"{A2C72B48-CE93-1BD1-CF8E-671C5428607C}" = Catalyst Control Center Localization Chinese Standard
"{A55B4477-BCEF-7CCD-49E8-8898631EC05A}" = Catalyst Control Center Graphics Light
"{A82CCE0D-3448-44F4-7633-0576DFEA8C4B}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE9A9F43-194E-41A7-B687-358CEF39E9C7}" = Ludwig 3.0
"{AE9D525E-4F57-00FF-A390-689DBD08282A}" = CCC Help Portuguese
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B26146E9-2EA9-C63B-7DA9-691037D1A8AA}" = Catalyst Control Center Localization Finnish
"{BA753022-C2A5-A476-FE1B-F533D897ECA0}" = CCC Help Norwegian
"{BB071E36-0596-4919-A5B5-608BFFE8673A}_is1" = ZaZ GP4 Tools 1.0
"{BCCC5BC1-B134-211B-A823-F87547430E72}" = CCC Help Spanish
"{BD491438-7CC9-8D7A-92A8-11D9D611A47D}" = Catalyst Control Center Core Implementation
"{C37DAD3C-5357-42E2-B22C-08A6E9259438}" = JuicyJoint Toolbar
"{C67F36D2-DE45-40B4-8D87-DF4A66A59532}" = PC Suite for Sony Ericsson
"{C712C894-460E-4F41-722F-CF9A015960AD}" = CCC Help Russian
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D8BA52A0-C9E2-0A83-A07E-DAC457B7DD92}" = Catalyst Control Center Graphics Previews Vista
"{DBD51378-999E-F640-F36D-BC191892ADBB}" = Catalyst Control Center Localization Spanish
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E17A5B4E-0E75-3D7F-C2C5-C26B87DC1330}" = Catalyst Control Center Localization Chinese Traditional
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5B356F4-12F2-DDAE-9B1D-76FE58D6DF81}" = CCC Help Swedish
"{E669487E-8583-5E57-8B82-B04EB7472521}" = Catalyst Control Center Localization Korean
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F276B439-5C14-3487-EF6C-5B3888D2B995}" = Catalyst Control Center Localization Polish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"4Front Piano Module VSTi_is1" = 4Front Piano Module 1.0 VSTi
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Babylon" = Babylon
"BB_is1" = RealTracks Set 7
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CoD4 - Version Changer v1.7.1.0" = CoD4 - Version Changer v1.7.1.0
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Drummix - Beta Edition" = Drummix - Beta Edition
"Drummix - Beta Edition Content" = Drummix - Beta Edition Content
"dslmon" = devolo Informer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eLicenser Control" = eLicenser Control
"ElsterFormular 11.2.0.4074" = ElsterFormular
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Frohmage VST2" = OhmForce Frohmage VST2
"GPxPatch" = GPxPatch (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life 2 Episode One_is1" = Half-Life 2 Episode One, âåðñèÿ 1.0
"Half-Life 2 Episode Two_is1" = Half-Life 2 Episode Two, âåðñèÿ 1.0
"Half-Life 2_is1" = Half-Life 2, âåðñèÿ 1.0
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"iZotope Trash_is1" = iZotope Trash
"iZotope Vinyl_is1" = iZotope Vinyl
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Live 8.1.4" = Live 8.1.4
"MadTracker 2" = MadTracker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MJGSolo_1-4_is1" = Master Jazz Guitar Solos SuperPAK
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PhotoScape" = PhotoScape
"Qtracker" = Qtracker
"Reason4_is1" = Reason 4.0
"Renoise 2.5.1_is1" = Renoise 2.5.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.11
"VST Bridge_is1" = VST Bridge 1.1
"Waldorf Largo" = Waldorf Largo
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2370540421-2908708576-3787158840-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
< End of report >
Geändert von kufiya (17.08.2012 um 15:15 Uhr) |
|
17.08.2012, 15:19
| #4 |
| /// Malware-holic | Windows 8 Genuine License Malware (auf Windows Vista) auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Mathias\AppData\Roaming1.exe ()
:Files
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
C:\Users\Mathias\AppData\Roaming1.exe
:Commands
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.08.2012, 16:01
| #5 |
| | Windows 8 Genuine License Malware (auf Windows Vista) Also das mit dem Neustart hat nicht geklappt, da mir der PC während dem Herunterfahren eingefroren ist. Trotzdem scheint das Problem nach dem Neustart beseitigt zu sein! das Log wurde zwar weder erstellt noch geöffnet, doch ich habe nach dem Neustart erneut gescannt; anbei das neue Log: Code:
ATTFilter OTL logfile created on: 17.08.2012 18:55:11 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\PROGRAMS\OTLPE
64bit-Windows (TM) Vista Home Premium (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,56 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 59,51 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AMD-PC | User Name: Mathias
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012.08.15 19:06:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2009.07.17 17:50:30 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2005.01.01 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 71 8B 0E 15 07 CA 01 [binary data]
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Program Files (x86)\Logia\eSnipsDownloader\ext [2010.06.03 17:50:08 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [Steam] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [uTorrent] File not found
O4 - HKU\S-1-5-21-2370540421-2908708576-3787158840-1000..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mathias\Pictures\jazzguitar.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{2de3d0ba-a721-11df-ba51-001fd056cd1b}\Shell\AutoRun\command - "" = K:\FalloutLauncher.exe
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{379eb9fa-ed9d-11e0-b0b1-001fd056cd1b}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{52912a42-ca46-11de-b392-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{52912a42-ca46-11de-b392-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.08.18 00:39:28 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.08.18 00:39:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.17 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.08.17 11:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.17 11:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.17 10:55:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 10:55:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 10:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.17 10:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.17 10:55:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012.08.17 10:55:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 10:55:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012.08.17 10:48:59 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012.08.17 10:48:55 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012.07.22 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:44:53 | 000,000,000 | ---D | C] -- C:\Bluenoise Plugins
[2012.07.22 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files - Modified Within 30 Days ==========
[2012.08.17 18:50:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 18:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 16:11:31 | 000,000,732 | ---- | M] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2012.08.17 11:55:54 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 11:55:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 11:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.17 11:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 19:06:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 19:45:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Beta
[2012.07.22 19:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drummix - Metal1
========== Files Created - No Company Name ==========
[2012.08.17 11:55:54 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.11.08 00:32:02 | 000,004,096 | -H-- | C] () -- C:\Users\Mathias\AppData\Local\keyfile3.drm
[2011.05.29 14:45:04 | 000,000,612 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysWow64\ceme10.dll
[2011.05.21 17:16:21 | 000,000,003 | ---- | C] () -- C:\Windows\ceme10.dat
[2011.04.23 12:49:14 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.13 17:25:00 | 000,000,085 | ---- | C] () -- C:\Windows\WIWDI.ini
[2010.07.30 11:18:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.07.30 11:17:07 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.07.30 11:17:06 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.06.12 15:58:27 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010.05.07 13:07:01 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn9642.exe
[2009.08.22 15:36:05 | 000,008,296 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat
[2009.08.13 23:03:24 | 000,000,136 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\default.pls
[2009.07.25 01:05:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.24 21:50:06 | 000,065,536 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.24 17:54:46 | 000,000,521 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.07.20 22:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.20 22:10:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.20 22:10:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.20 22:10:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.20 21:19:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.20 19:59:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.17 17:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.17 17:46:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.07.17 17:44:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.17 17:41:19 | 000,000,732 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps64.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Ableton
[2010.05.09 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Antares
[2012.03.11 10:50:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Babylon
[2010.01.29 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canon
[2011.12.18 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ChessBase
[2010.08.28 13:56:24 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Cycling '74
[2010.08.13 23:28:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.06.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoft
[2011.04.12 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.07 22:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\fltk.org
[2011.04.09 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ICQ
[2012.02.01 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Image-Line
[2010.06.03 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Logia
[2012.05.31 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\MusE
[2011.12.19 18:02:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PACE Anti-Piracy
[2010.08.11 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhotoScape
[2010.05.15 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Propellerhead Software
[2010.10.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise
[2010.10.02 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Renoise ReWire Engine
[2010.11.19 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ROUTE 66 Sync
[2011.06.30 13:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SIR
[2012.04.08 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Suig
[2010.01.09 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Teleca
[2011.12.25 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\uTorrent
[2010.07.30 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Waldorf
[2012.05.11 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Wybez
[2010.08.28 12:34:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.08.18 15:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Audio Damage
[2009.07.25 12:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2012.03.10 23:40:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010.01.16 12:33:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010.02.20 21:01:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010.01.16 12:50:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011.12.18 22:58:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ChessBase
[2010.08.13 23:21:45 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.07.30 11:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\eLicenser
[2010.04.04 17:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.05.04 18:20:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi-Rez Studios
[2010.10.24 16:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\iZotope
[2009.08.16 16:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010.08.28 13:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2009.08.16 15:53:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010.05.15 16:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2011.06.30 13:06:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SIR
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.30 11:18:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2010.01.09 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.08.17 13:50:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Test Drive Unlimited
[2009.07.17 17:39:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.05.04 23:35:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}
[2012.08.17 13:55:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 17.08.2012 18:55:11 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = E:\PROGRAMS\OTLPE
64bit-Windows (TM) Vista Home Premium (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,56 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 59,51 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AMD-PC | User Name: Mathias
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\System32\regedit.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 97 E6 9F 52 7C 09 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10CF9AA2-DFDB-4CD9-87D9-AD7F7DC1975D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C18DAF7-36B6-4001-A0B3-19511DD2D013}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C942780-2DC4-4CB4-A53E-91B4CF7172EB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40DCBB6E-E4A5-46BF-845F-F6E0F9FA5606}" = lport=138 | protocol=17 | dir=in | app=system |
"{41064DF4-4311-4FAF-86DC-E19E3EBEA83E}" = lport=445 | protocol=6 | dir=in | app=system |
"{59B6FD4A-BDAF-4A5D-9889-FFEA5CEDC0F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{66E18BD5-1B0F-4BA9-A346-85AABF9A9B19}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C7AF1DA-1E2B-4991-A447-AA65BF99016A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"{9DA9DF36-053F-4C88-82A6-3027C482632A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7E71896-359F-43B6-BF59-C396B9B4ECD8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B47E5EFA-F6C0-43DB-8332-CB90C126ADCE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9D0F46B-D697-4889-8E80-4A55FC255E57}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0B7B730-024E-4BCD-A0B4-C023F38E4607}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FEA646F1-3314-4C77-AA21-E2CD002BBB9F}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0227D6BC-FFCE-48F7-9DCC-BA98DA010758}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0304DFAB-4619-42D4-9234-19D0036597C9}" = protocol=6 | dir=in | app=c:\temp\sony ericsson\update service\update service.exe |
"{1E24CB6C-62E4-431B-80BE-5E3AF9BD7664}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1FE20D31-6760-4DAA-A1A9-DD97731A0D1C}" = protocol=17 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{299B6E1C-35DB-4356-97A4-66141BBFF295}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4178FDC2-3458-4C6A-B129-B568A5C55F6A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbacoms.exe |
"{448504F5-6B22-4ED6-9E76-C2A89BCF7647}" = protocol=17 | dir=in | app=d:\mw\iw3mp.exe |
"{5644660D-1D1F-4694-B3AC-950BD5E07EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5BAAD611-29F1-41E6-986E-9CB349BECB5E}" = protocol=6 | dir=in | app=d:\mw\iw3mp.exe |
"{5CEB5B43-1126-4A8B-B5AB-B649612367CC}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{6C2047E4-E5E0-42D2-A85E-CAC77CA56454}" = protocol=17 | dir=in | app=c:\windows\system32\lxbacoms.exe |
"{700300B2-7ADF-4A30-AD8D-4A1C2832E723}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{754004E2-56BD-4879-8B83-01E0048A747C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbapswx.exe |
"{9CE7D8B2-9205-4BB8-BCC1-7F10A5B23EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D451E3A-23A5-4230-BE31-39ADFCCE57A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD43A014-E138-4F7B-807E-5195D41D04A5}" = protocol=17 | dir=in | app=c:\temp\sony ericsson\update service\update service.exe |
"{B6418423-95B4-410C-9617-198CC49EC7B6}" = protocol=6 | dir=in | app=c:\windows\system32\lxbacoms.exe |
"{B89F44C7-F9A4-433D-9B5D-0CAA84BDA6D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C342D46A-9296-4F7B-A69A-EDD8DA2A351C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbapswx.exe |
"{CD468F47-2443-4C2C-B855-F0C51B5F4D21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE042AA5-F03E-4A35-AED0-20337F76BB69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D5B24F85-A286-497A-BBA0-FA1059921AA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0FB7F63-4F75-4D5D-829F-E68E9609906A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ECD5A518-0428-4C6A-814D-AF2988ADB419}" = protocol=6 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{F31225B0-47BD-4763-A547-C7D44EB5650A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F59BA8E8-560F-4254-98DA-E221F004E2BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbacoms.exe |
"{FB769059-614C-4757-9DCF-6A1034D85F17}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{FDB05A21-8B1B-428A-9F77-9A2225CE044B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{11B3D110-5C6E-4C8C-ADA3-802B3433DA65}C:\games\game alarm\gamealarm.exe" = protocol=6 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"TCP Query User{2CB20967-7280-4645-AB96-C63E89DA35D3}C:\program files (x86)\steam\steamapps\common\portal2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal2\portal2.exe |
"TCP Query User{3C38D422-47A8-436D-A0C0-0119CE0A0ABD}D:\mw\iw3mp.exe" = protocol=6 | dir=in | app=d:\mw\iw3mp.exe |
"TCP Query User{48DC23B1-7031-4E80-8AF4-E3BE0753E297}C:\program files (x86)\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qtracker\qtracker.exe |
"TCP Query User{494FFAF8-D847-4D42-8232-C9D99B02FF9E}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"TCP Query User{5A3548F5-9B9C-4FCE-9D27-0664881BDBAA}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"TCP Query User{684F61B9-1991-4E13-8E1C-2AC353997F6E}C:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe |
"TCP Query User{6D838B8A-2F91-4898-94F1-BF176D8D526A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{79EF9D23-684B-40D9-8180-5DA2C169F6E8}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{8859CC3F-CDF1-486B-968C-3AAF12C16D9E}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"TCP Query User{9DCD32C9-F441-4A9A-B361-BFED90B4BF13}D:\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{B15B367E-F57C-43B6-A970-B8C5D4392FE6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{BB62A56D-4C4B-4074-8DAE-666D91946BE8}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"TCP Query User{BB77415E-DD77-42B4-BFD3-8A2859BF2E4C}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{BBAE289D-F0A7-48C3-BAF2-0214DFFABFAA}D:\spiele\gp4.exe" = protocol=6 | dir=in | app=d:\spiele\gp4.exe |
"TCP Query User{C67D0C7F-3439-4ECD-A851-457521D28D24}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{CC98037F-A293-4673-BC3C-767354623011}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"TCP Query User{D0E3C8B3-C2E6-4814-8FD9-EB8B9DBF9E38}C:\games\gp4.exe" = protocol=6 | dir=in | app=c:\games\gp4.exe |
"TCP Query User{DC20CF20-ADAF-40D4-8286-12253FB3D9CB}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"TCP Query User{DE26859C-39C4-43FD-9AA4-87750DECE4F3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{E3EAC250-F87E-4305-8161-80B2542377DA}C:\program files (x86)\portal2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portal2\portal2.exe |
"TCP Query User{E42C7818-E961-4E2D-A41C-F0D95AB3B8E8}D:\spiele\ut\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\ut\iourbanterror.exe |
"TCP Query User{FCF6FD81-81BA-4B64-B525-298846385477}D:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{FE71E749-9CC2-4588-9A7A-84D00FF7C124}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{03DD0C73-F346-45F2-AF74-B54B4DC875CF}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{05309CF4-20A3-4DAC-97A3-44D562C252FD}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe |
"UDP Query User{08122AD4-44D9-48BF-B185-D19DF5897BC0}C:\program files (x86)\steam\steamapps\common\portal2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal2\portal2.exe |
"UDP Query User{1208467A-6552-4754-9A52-FE20B2423413}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"UDP Query User{131C33A8-8172-406B-92D8-3F678BC3A58D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{1A89A601-BAC1-4110-A43E-2EFF3BC24C1D}D:\spiele\ut\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\ut\iourbanterror.exe |
"UDP Query User{25B77638-6D61-4036-B82A-24B9FE3F0EAA}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"UDP Query User{2EE9D2B0-2947-432D-8CD7-6A5F5A0179E5}C:\program files (x86)\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qtracker\qtracker.exe |
"UDP Query User{4B89860A-F1BC-49C0-AC0D-D050E3B1A5C3}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{6CCB5215-E5DB-4A3D-A98E-2C8BCAF6BE41}C:\games\gp4.exe" = protocol=17 | dir=in | app=c:\games\gp4.exe |
"UDP Query User{72A24CD4-D0FF-417A-8059-D98CDC78C2B8}D:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\ta\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{78E3C501-1995-402A-8702-95A091F22873}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{7D23ED28-6C40-4308-AFE7-2DBB434A5842}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8ED53741-E502-4296-B07C-4D88D77A9DB5}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{9665E57E-92AF-4EDB-953B-C2B3880977EA}D:\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{9A99E5B3-B1B4-4ECF-B811-52F348B3FDCC}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{A9C458FC-279A-44DF-9465-CAEB2FC1EE7B}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"UDP Query User{BEF4FEE7-AE1F-4989-9C75-A5817407A560}C:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\test drive unlimited.gold\testdriveunlimited.exe |
"UDP Query User{C11EE43E-B067-48F7-B013-0C83ED91367E}C:\games\game alarm\gamealarm.exe" = protocol=17 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"UDP Query User{C88F9052-A90F-40C8-970C-1C38A0A93788}D:\spiele\gp4.exe" = protocol=17 | dir=in | app=d:\spiele\gp4.exe |
"UDP Query User{CD8CE67D-FDBD-4F82-B535-79299FE0538C}D:\mw\iw3mp.exe" = protocol=17 | dir=in | app=d:\mw\iw3mp.exe |
"UDP Query User{D671392A-F322-4F60-8A69-08AFC467E8D4}C:\program files (x86)\portal2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portal2\portal2.exe |
"UDP Query User{E14DD1D5-B2BA-4D1B-8642-91755F864903}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E810587B-890A-46D5-8C33-5F84612C4B26}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{356F16E7-79B0-42EF-8660-BCC039541B53}" = PC Suite for Sony Ericsson x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B092A14A-5E1D-4D4B-9177-EED2FA7D3AB7}" = Max 5.1.5
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BDDEDDFC-5DB7-B4BF-514F-8C356E272A04}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0474F84B-5794-7F0C-BF42-6339DF15BB61}" = Catalyst Control Center Localization Italian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{122BD8FF-8860-600E-8FFE-67D7E69D2B65}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197D8FB0-C545-0D39-7295-10754028E78F}" = Catalyst Control Center Localization Greek
"{19C8E536-ED12-D157-953E-63AAB2AF1615}" = CCC Help English
"{1B43FF53-4077-56FE-D8A1-D219EFD815DB}" = Catalyst Control Center Localization Czech
"{1C768768-EE6F-FCD1-4515-C9FE1C793C42}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FBA3A-724B-89DA-66F6-A219DDFF234E}" = CCC Help Greek
"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"{2123E0DD-40DB-C79A-ABB7-8C0988E98127}" = Catalyst Control Center Localization Hungarian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405E2F7-3067-CE21-F483-E68C93D7E83F}" = Catalyst Control Center Localization Dutch
"{243383F6-9BA8-F2A4-EAB2-42E8BFBB1D0F}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{326EAFBB-DA2E-878D-9BC3-80D1A5F593A4}" = CCC Help Finnish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3959EC88-08D9-ACC9-AD5D-505AEFBEB58A}" = CCC Help Japanese
"{3BEADB01-41A1-E37C-518A-A1BD67A295BB}" = Catalyst Control Center Localization Russian
"{3CABAFD3-C938-B936-7DE7-A3EE724B7A83}" = Catalyst Control Center Localization Danish
"{3D4B6E71-61CA-60CD-0550-C3D39B578EAD}" = CCC Help Turkish
"{3F80F4D5-B763-0108-C405-955B724F53BF}" = CCC Help Polish
"{411CC2A1-D590-0837-7C48-699417AEC3F5}" = Catalyst Control Center Localization Thai
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4709D797-0FDF-5E24-20FB-5EFBA9458499}" = Catalyst Control Center Localization Norwegian
"{47793F43-C76B-41F8-BF0B-6D75F281C322}" = MelodyneUno 1.0
"{480DC5DA-7A2B-041A-E401-8934FC72FA6D}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1" = Call of Duty Modern Warfare 3 version 1.0
"{50BFBB79-B3B9-A44D-FD9A-3D7E38715360}" = CCC Help French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DCEDE0-E40C-A66D-725B-4B9A59BCF869}" = Catalyst Control Center Graphics Full Existing
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F9C8E9-A9B8-4E19-9AC2-F21EC5094B84}" = Thrustmaster FFB Wheel driver
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{6555955E-F68D-843E-529C-3043EFD4BD23}" = Catalyst Control Center Localization Portuguese
"{66FE0B51-C206-F54F-9BDE-8E9AA0AC5BE4}" = ccc-core-static
"{6A5B3801-F1BE-55A5-EAAF-36B02FA2549D}" = CCC Help Chinese Standard
"{70C04776-40D7-DA6B-2BDF-AFCCD9FFCAD2}" = Catalyst Control Center Localization Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7564F729-12A0-CB02-EC8B-24638877CCF9}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D7BC8F-D624-E0FD-F440-3A5145A6869F}" = Catalyst Control Center Localization Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B44891F-C070-03FD-CD9A-FD08373AA9C2}" = Skins
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8F077748-4D3F-460C-46C2-644A0D20F7A8}" = CCC Help German
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93D78B68-E7EA-E8BE-5CD3-A53FA22B5B26}" = Catalyst Control Center Localization Turkish
"{93E91A8B-8F9C-1641-8262-3D3DEF955658}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B86F698-DDC7-D592-F40C-0790AA3D6EBF}" = CCC Help Thai
"{9BB5B624-8471-256B-55FC-FA126B2A1720}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06FBE3B-89C5-72EF-E383-FFCCF9CBEAC5}" = CCC Help Italian
"{A1CBE78F-8847-00F0-455F-46A53C733031}" = CCC Help Hungarian
"{A2C72B48-CE93-1BD1-CF8E-671C5428607C}" = Catalyst Control Center Localization Chinese Standard
"{A55B4477-BCEF-7CCD-49E8-8898631EC05A}" = Catalyst Control Center Graphics Light
"{A82CCE0D-3448-44F4-7633-0576DFEA8C4B}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE9A9F43-194E-41A7-B687-358CEF39E9C7}" = Ludwig 3.0
"{AE9D525E-4F57-00FF-A390-689DBD08282A}" = CCC Help Portuguese
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B26146E9-2EA9-C63B-7DA9-691037D1A8AA}" = Catalyst Control Center Localization Finnish
"{BA753022-C2A5-A476-FE1B-F533D897ECA0}" = CCC Help Norwegian
"{BB071E36-0596-4919-A5B5-608BFFE8673A}_is1" = ZaZ GP4 Tools 1.0
"{BCCC5BC1-B134-211B-A823-F87547430E72}" = CCC Help Spanish
"{BD491438-7CC9-8D7A-92A8-11D9D611A47D}" = Catalyst Control Center Core Implementation
"{C37DAD3C-5357-42E2-B22C-08A6E9259438}" = JuicyJoint Toolbar
"{C67F36D2-DE45-40B4-8D87-DF4A66A59532}" = PC Suite for Sony Ericsson
"{C712C894-460E-4F41-722F-CF9A015960AD}" = CCC Help Russian
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D8BA52A0-C9E2-0A83-A07E-DAC457B7DD92}" = Catalyst Control Center Graphics Previews Vista
"{DBD51378-999E-F640-F36D-BC191892ADBB}" = Catalyst Control Center Localization Spanish
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E17A5B4E-0E75-3D7F-C2C5-C26B87DC1330}" = Catalyst Control Center Localization Chinese Traditional
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5B356F4-12F2-DDAE-9B1D-76FE58D6DF81}" = CCC Help Swedish
"{E669487E-8583-5E57-8B82-B04EB7472521}" = Catalyst Control Center Localization Korean
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F276B439-5C14-3487-EF6C-5B3888D2B995}" = Catalyst Control Center Localization Polish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"4Front Piano Module VSTi_is1" = 4Front Piano Module 1.0 VSTi
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Babylon" = Babylon
"BB_is1" = RealTracks Set 7
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CoD4 - Version Changer v1.7.1.0" = CoD4 - Version Changer v1.7.1.0
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Drummix - Beta Edition" = Drummix - Beta Edition
"Drummix - Beta Edition Content" = Drummix - Beta Edition Content
"dslmon" = devolo Informer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eLicenser Control" = eLicenser Control
"ElsterFormular 11.2.0.4074" = ElsterFormular
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Frohmage VST2" = OhmForce Frohmage VST2
"GPxPatch" = GPxPatch (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life 2 Episode One_is1" = Half-Life 2 Episode One, âåðñèÿ 1.0
"Half-Life 2 Episode Two_is1" = Half-Life 2 Episode Two, âåðñèÿ 1.0
"Half-Life 2_is1" = Half-Life 2, âåðñèÿ 1.0
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"iZotope Trash_is1" = iZotope Trash
"iZotope Vinyl_is1" = iZotope Vinyl
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Live 8.1.4" = Live 8.1.4
"MadTracker 2" = MadTracker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MJGSolo_1-4_is1" = Master Jazz Guitar Solos SuperPAK
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PhotoScape" = PhotoScape
"Qtracker" = Qtracker
"Reason4_is1" = Reason 4.0
"Renoise 2.5.1_is1" = Renoise 2.5.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.11
"VST Bridge_is1" = VST Bridge 1.1
"Waldorf Largo" = Waldorf Largo
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2370540421-2908708576-3787158840-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
< End of report >
EDIT: gerade den gepackten cache-ordner hochgeladen! |
|
17.08.2012, 16:56
| #6 |
| /// Malware-holic | Windows 8 Genuine License Malware (auf Windows Vista) hi danke Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ --> Windows 8 Genuine License Malware (auf Windows Vista) |
|
17.08.2012, 17:02
| #7 |
| | Windows 8 Genuine License Malware (auf Windows Vista) Upload problemlos geklappt! Vielen Dank nocheinmal! |
|
17.08.2012, 17:05
| #8 | |
| /// Malware-holic | Windows 8 Genuine License Malware (auf Windows Vista) danke! Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.08.2012, 17:41
| #9 |
| | Windows 8 Genuine License Malware (auf Windows Vista) alles so ausgeführt wie beschrieben, hier das log: Code:
ATTFilter ComboFix 12-08-17.02 - Mathias 17.08.2012 20:14:45.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2486 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Ernst\PC Suite for SmartPhones 1_5_8.exe
c:\users\Ernst\PC Suite for Sony Ericsson 1.5.26.exe
c:\users\Ernst\Sony Ericsson PC Suite 2.10.46 D750.exe
c:\users\Ines\Documents\~WRL0004.tmp
c:\users\Ines\Documents\~WRL2001.tmp
c:\users\Ines\Documents\~WRL2513.tmp
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\MTUn9642.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-17 bis 2012-08-17 ))))))))))))))))))))))))))))))
.
.
2012-08-17 22:39 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-08-17 22:39 . 2012-08-17 18:00 -------- d-----w- C:\_OTL
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ines\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ernst\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:31 -------- d-----w- c:\users\Mathias\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ernesto\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA692722-9C4C-46F3-9A83-610C50B0323B}\mpengine.dll
2012-08-17 09:56 . 2012-08-17 09:56 -------- d-----w- c:\users\Mathias\AppData\Roaming\Malwarebytes
2012-08-17 09:55 . 2012-08-17 09:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-17 09:55 . 2012-08-17 09:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 09:55 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 08:48 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-17 08:48 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-17 08:48 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-07-22 17:44 . 2012-07-22 17:44 -------- d-----w- C:\Bluenoise Plugins
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 08:50 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-15 17:06 . 2012-04-01 10:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 17:06 . 2011-06-07 20:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 17:59 . 2012-07-12 04:55 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-12 04:56 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-12 04:56 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-12 04:56 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-12 04:56 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-12 04:56 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 20:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 20:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:28 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 20:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:28 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 20:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 20:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 20:28 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:42 . 2012-06-02 19:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-02 19:42 . 2012-06-02 19:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-02 19:42 . 2012-06-02 19:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-02 19:42 . 2012-06-02 19:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-02 19:42 . 2012-06-02 19:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-02 19:42 . 2012-06-02 19:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-02 19:42 . 2012-06-02 19:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-02 19:42 . 2012-06-02 19:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-02 19:42 . 2012-06-02 19:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-02 19:42 . 2012-06-02 19:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-02 19:42 . 2012-06-02 19:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-02 19:42 . 2012-06-02 19:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-02 19:42 . 2012-06-02 19:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-02 19:42 . 2012-06-02 19:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-02 19:42 . 2012-06-02 19:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-02 19:42 . 2012-06-02 19:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-02 19:42 . 2012-06-02 19:42 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-02 19:42 . 2012-06-02 19:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-02 19:42 . 2012-06-02 19:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-02 19:42 . 2012-06-02 19:42 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-02 19:42 . 2012-06-02 19:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-02 19:42 . 2012-06-02 19:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-02 19:42 . 2012-06-02 19:42 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-02 19:42 . 2012-06-02 19:42 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-02 19:42 . 2012-06-02 19:42 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-02 19:42 . 2012-06-02 19:42 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-02 19:42 . 2012-06-02 19:42 136192 ----a-w- c:\windows\system32\advpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-02 19:42 . 2012-06-02 19:42 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-02 19:42 . 2012-06-02 19:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-02 19:42 . 2012-06-02 19:42 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-02 19:42 . 2012-06-02 19:42 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-02 19:42 . 2012-06-02 19:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-02 19:42 . 2012-06-02 19:42 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-02 19:42 . 2012-06-02 19:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-02 19:42 . 2012-06-02 19:42 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-02 19:42 . 2012-06-02 19:42 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-02 19:42 . 2012-06-02 19:42 448512 ----a-w- c:\windows\system32\html.iec
2012-06-02 19:42 . 2012-06-02 19:42 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-02 19:42 . 2012-06-02 19:42 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-02 19:42 . 2012-06-02 19:42 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-02 19:42 . 2012-06-02 19:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-02 19:42 . 2012-06-02 19:42 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-02 19:42 . 2012-06-02 19:42 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-02 19:42 . 2012-06-02 19:42 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 19:42 . 2012-06-02 19:42 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-02 19:42 . 2012-06-02 19:42 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-02 19:42 . 2012-06-02 19:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-02 19:42 . 2012-06-02 19:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-02 19:42 . 2012-06-02 19:42 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-02 19:42 . 2012-06-02 19:42 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-02 13:19 . 2012-06-21 20:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-21 20:27 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 20:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-21 20:27 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-12 04:56 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-12 04:56 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-12 04:56 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-12 04:56 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-12 04:56 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 10:25 . 2010-07-31 12:00 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"PC Suite for Smartphones"="c:\program files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:06]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 10:14]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - d:\utorrent\uTorrent.exe
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-Babylon Client - f:\babylon\Babylon.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Babylon - f:\babylon\Utils\uninstbb.exe
AddRemove-MadTracker 2 - c:\windows\MTUn9642.exe
AddRemove-{C37DAD3C-5357-42E2-B22C-08A6E9259438} - c:\programdata\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\SecuROM\License information*]
"datasecu"=hex:fc,12,bf,c3,0a,3b,88,a6,9d,19,9b,71,2f,77,a2,79,cc,0f,0d,4a,1a,
f8,77,b4,b1,61,d1,6c,84,04,db,53,0e,e7,c1,ba,37,b8,27,b4,cb,17,bf,9c,48,74,\
"rkeysecu"=hex:d2,8d,06,0a,63,1b,d9,62,2b,96,2e,4d,ec,07,00,aa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\wermgr.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\progra~2\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\progra~2\Symbian\Shared\SYMBIA~1\SCBAL.exe
c:\progra~2\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-17 20:38:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-17 18:38
.
Vor Suchlauf: 19 Verzeichnis(se), 43.585.032.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 56.338.546.688 Bytes frei
.
- - End Of File - - 10D74B4CC551E9153A7A4AD32E213DFC
Code:
ATTFilter ComboFix 12-08-17.02 - Mathias 17.08.2012 20:14:45.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2486 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Ernst\PC Suite for SmartPhones 1_5_8.exe
c:\users\Ernst\PC Suite for Sony Ericsson 1.5.26.exe
c:\users\Ernst\Sony Ericsson PC Suite 2.10.46 D750.exe
c:\users\Ines\Documents\~WRL0004.tmp
c:\users\Ines\Documents\~WRL2001.tmp
c:\users\Ines\Documents\~WRL2513.tmp
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\MTUn9642.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-17 bis 2012-08-17 ))))))))))))))))))))))))))))))
.
.
2012-08-17 22:39 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-08-17 22:39 . 2012-08-17 18:00 -------- d-----w- C:\_OTL
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ines\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ernst\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:31 -------- d-----w- c:\users\Mathias\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Ernesto\AppData\Local\temp
2012-08-17 18:25 . 2012-08-17 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA692722-9C4C-46F3-9A83-610C50B0323B}\mpengine.dll
2012-08-17 09:56 . 2012-08-17 09:56 -------- d-----w- c:\users\Mathias\AppData\Roaming\Malwarebytes
2012-08-17 09:55 . 2012-08-17 09:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-17 09:55 . 2012-08-17 09:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 09:55 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 08:48 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-17 08:48 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-17 08:48 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-07-22 17:44 . 2012-07-22 17:44 -------- d-----w- C:\Bluenoise Plugins
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 08:50 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-15 17:06 . 2012-04-01 10:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 17:06 . 2011-06-07 20:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 17:59 . 2012-07-12 04:55 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-12 04:56 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-12 04:56 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-12 04:56 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-12 04:56 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-12 04:56 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 20:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 20:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:28 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 20:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:28 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 20:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 20:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 20:28 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:42 . 2012-06-02 19:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-02 19:42 . 2012-06-02 19:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-02 19:42 . 2012-06-02 19:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-02 19:42 . 2012-06-02 19:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-02 19:42 . 2012-06-02 19:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-02 19:42 . 2012-06-02 19:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-02 19:42 . 2012-06-02 19:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-02 19:42 . 2012-06-02 19:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-02 19:42 . 2012-06-02 19:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-02 19:42 . 2012-06-02 19:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-02 19:42 . 2012-06-02 19:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-02 19:42 . 2012-06-02 19:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-02 19:42 . 2012-06-02 19:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-02 19:42 . 2012-06-02 19:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-02 19:42 . 2012-06-02 19:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-02 19:42 . 2012-06-02 19:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-02 19:42 . 2012-06-02 19:42 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-02 19:42 . 2012-06-02 19:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-02 19:42 . 2012-06-02 19:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-02 19:42 . 2012-06-02 19:42 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-02 19:42 . 2012-06-02 19:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-02 19:42 . 2012-06-02 19:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-02 19:42 . 2012-06-02 19:42 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-02 19:42 . 2012-06-02 19:42 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-02 19:42 . 2012-06-02 19:42 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-02 19:42 . 2012-06-02 19:42 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-02 19:42 . 2012-06-02 19:42 136192 ----a-w- c:\windows\system32\advpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-02 19:42 . 2012-06-02 19:42 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-02 19:42 . 2012-06-02 19:42 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-02 19:42 . 2012-06-02 19:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-02 19:42 . 2012-06-02 19:42 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-02 19:42 . 2012-06-02 19:42 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-02 19:42 . 2012-06-02 19:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-02 19:42 . 2012-06-02 19:42 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-02 19:42 . 2012-06-02 19:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-02 19:42 . 2012-06-02 19:42 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-02 19:42 . 2012-06-02 19:42 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-02 19:42 . 2012-06-02 19:42 448512 ----a-w- c:\windows\system32\html.iec
2012-06-02 19:42 . 2012-06-02 19:42 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-02 19:42 . 2012-06-02 19:42 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-02 19:42 . 2012-06-02 19:42 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-02 19:42 . 2012-06-02 19:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-02 19:42 . 2012-06-02 19:42 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-02 19:42 . 2012-06-02 19:42 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-02 19:42 . 2012-06-02 19:42 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 19:42 . 2012-06-02 19:42 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-02 19:42 . 2012-06-02 19:42 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-02 19:42 . 2012-06-02 19:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-02 19:42 . 2012-06-02 19:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-02 19:42 . 2012-06-02 19:42 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-02 19:42 . 2012-06-02 19:42 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-02 13:19 . 2012-06-21 20:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-21 20:27 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 20:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-21 20:27 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-12 04:56 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-12 04:56 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-12 04:56 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-12 04:56 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-12 04:56 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 10:25 . 2010-07-31 12:00 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"PC Suite for Smartphones"="c:\program files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:06]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 10:14]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - d:\utorrent\uTorrent.exe
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-Babylon Client - f:\babylon\Babylon.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Babylon - f:\babylon\Utils\uninstbb.exe
AddRemove-MadTracker 2 - c:\windows\MTUn9642.exe
AddRemove-{C37DAD3C-5357-42E2-B22C-08A6E9259438} - c:\programdata\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2370540421-2908708576-3787158840-1000\Software\SecuROM\License information*]
"datasecu"=hex:fc,12,bf,c3,0a,3b,88,a6,9d,19,9b,71,2f,77,a2,79,cc,0f,0d,4a,1a,
f8,77,b4,b1,61,d1,6c,84,04,db,53,0e,e7,c1,ba,37,b8,27,b4,cb,17,bf,9c,48,74,\
"rkeysecu"=hex:d2,8d,06,0a,63,1b,d9,62,2b,96,2e,4d,ec,07,00,aa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\wermgr.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\progra~2\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\progra~2\Symbian\Shared\SYMBIA~1\SCBAL.exe
c:\progra~2\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-17 20:38:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-17 18:38
.
Vor Suchlauf: 19 Verzeichnis(se), 43.585.032.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 56.338.546.688 Bytes frei
.
- - End Of File - - 10D74B4CC551E9153A7A4AD32E213DFC
|
|
17.08.2012, 17:54
| #10 |
| /// Malware-holic | Windows 8 Genuine License Malware (auf Windows Vista) öffne bitte malwarebytes, berichte, poste alle logs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.08.2012, 17:56
| #11 |
| | Windows 8 Genuine License Malware (auf Windows Vista) Hier die 2 Logs von Malwarebytes! Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.17.04 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Mathias :: AMD-PC [Administrator] 17.08.2012 16:37:37 mbam-log-2012-08-17 (16-37-37).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk|) Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.17.04 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Mathias :: AMD-PC [Administrator] 17.08.2012 11:57:06 mbam-log-2012-08-17 (11-57-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 943946 Laufzeit: 1 Stunde(n), 41 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 50 HKCR\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{565DD573-549E-4da9-8CD7-6AE3DF25339A} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.FunExplorer.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.FunExplorer (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3DE88BEB-F271-484A-BA71-01D30F439F0C} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{AC5AB953-ED25-4f9c-87F0-B086B0178FFA} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{50AD41D2-B1F0-47CC-9EA7-395355EAEEBD} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{8CEB185E-81A5-46D3-BC20-C555D605AFBD} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A72522BA-9FF3-4C83-ABC6-9B476728A396} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{F5B8C69C-9B45-4a6a-9380-DF225C546AE7} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.CWM.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.CWM (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{C5762628-AE15-4ca6-96C4-B00DD17F3419} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{2A743834-05F4-4ed4-8A1C-41332B10AC0C} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.ICA.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.ICA (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.FunRedirector.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ExplorerBar.FunRedirector (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Advanced Access Controller (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\JuicyJoint Toolbar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\AppDataLow\Software\Internet Connection Wizard (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 11 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|VB_juicyjoint (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|{AA1ACB70-B5F1-4037-909E-1F725B04D2A8} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|{5909FC3D-7F8B-415d-A5D1-7C7E941E536E} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 38 C:\Program Files (x86)\Common Files\Count Access Advancer\5.6.0.7190 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\Count Access Advancer\5.6.0.7190\Data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\Data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome\content (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\components (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\Data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome\content (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\components (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\Chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\Data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome\content (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\components (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\chrome\content (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\components (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome\content (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\components (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Cache (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Skins (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 128 C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\AACCommon.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\AROCommon.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\cwmsh.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Half-Life 2\hl2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Half-Life 2 Episode One\episodic\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Half-Life 2 Episode Two\ep2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}\OFFLINE\mFileBagIDE.dll\bag\aacsetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\{5294DA15-4E4A-43F8-948D-66D04EC57FB6}\OFFLINE\mFileBagIDE.dll\bag\arosetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ernst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Backup\2009.07.24\C\Program Files\Image-Line\Shared\DSP_IPP\Uninstall.exe (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Backup\2009.07.24\C\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\BackupMW2\CoD4 1.7 AIMBOT PC\CoD4 1.7 AIMBOT\CoD4 1.7 AIMBOT\COD4.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ernst\Favorites\MyAnswerSearch.url (Favorites.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\Count Access Advancer\5.6.0.7190\Data\config.md (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\unins000.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\unins000.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\Data\config.md (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\install.rdf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome\AACAddOn.jar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome\content\AACAddOn.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\chrome\content\AACAddOn.xul (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\components\AACFFAddOn.xpt (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Advanced Access Controller\4.6.0.2670\FF\components\AACFFHelperComponent.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\unins000.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\unins000.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\Data\config.md (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\install.rdf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome\AROAddOn.jar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome\content\AROAddOn.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\chrome\content\AROAddOn.xul (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\components\AROFFAddOn.xpt (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Automated Result Operator\4.6.0.2810\FF\components\AROFFHelperComponent.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\unins000.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\unins000.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\Chrome\background.html (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\Chrome\manifest.json (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\Data\config.md (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\install.rdf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome\CAAAddOn.jar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome\content\CAAAddOn.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\chrome\content\CAAAddOn.xul (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\components\CAAFFAddOn.xpt (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Count Access Advancer\5.6.0.7190\FF\components\CAAFFHelperComponent.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\config.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\data.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\exclude.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\MatchingData.zd5 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\pxtmpdata.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\running.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\unins000.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\unins000.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\chrome.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\install.rdf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\chrome\content\AddOn.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\chrome\content\AddOn.xul (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Customized Web Management\1.6.0.3840\FF\components\CWMFFAddOn.xpt (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\unins000.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\unins000.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\pxtmpdata.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_Config.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_Data.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_DomainInterval.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_KeywordInterval.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\data\TP_Rstatus.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\install.rdf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.js.bak (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.xul (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.xul.bak (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\components\FFHelperComponent.js (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Internet Content Assistant\1.6.0.3960\FF\components\IICAFFComponent.xpt (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\gdiplus.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\mfc80.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Microsoft.VC80.MFC.manifest (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\SkinCrafterDll.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Cache\default1.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Cache\loading.dat (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Cache\loading.gif (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_Logo.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_Option.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_RSS.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_Search.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\pixel.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\ProductInfo.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\profile.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\SearchEngineList.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\tbcore.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\ToolbarLayout.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\UpdateCentre.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\About.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_Logo.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_Option.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_Option_Menu.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_RSS.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_RSS.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_RSS_Menu.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_RSS_Menu.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_Search.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Skins\myskin1.skf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Skins\myskin2.skf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Skins\myskin3.skf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\JuicyJoint Toolbar\2.6.1.11950\Skins\myskin4.skf (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von kufiya (17.08.2012 um 18:29 Uhr) |
|
17.08.2012, 18:39
| #12 |
| /// Malware-holic | Windows 8 Genuine License Malware (auf Windows Vista) hi lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows 8 Genuine License Malware (auf Windows Vista) |
| antivir, autorun, avg, avira, bho, conduit, converter, defender, desktop, error, firefox, flash player, google earth, helper, internet, ja.lnk, langs, malware, mp3, object, plug-in, problem, realtek, registry, scan, security, server, software, vista, windows |
Linear-Darstellung
